Latest News from Office365Pros
A news aggregator from various RSS feeds, like technology, gaming, development and general news sites.
Interpreting Audit Sign-In Records for Service Principals
Entra ID retains audit log records for service principal signins for 30 days. The audit data can reveal some interesting insights such as the presence of unexpected service principals or an access to an application from an external source, or even the use of an app secret by an application instead of a more secure method. It’s time to write some PowerShell to interpret the data.
Entra ID Introduces New Graph Permissions for User Accounts
A set of new granular Graph permissions for User account management is now available to handle common operations like changing account passwords or updating phone numbers. There's no need to update existing code unless you want to use the principle of lease privilege, in which case you’ll replace the current permissions with the new permissions. My feeling is that relatively few will go update code, but I could be surprised.
Monthly Update #116 for Office 365 for IT Pros
Monthly update #116 (February 2025) is available for the Office 365 for IT Pros eBook. The refresh includes update #8 new files for the Automating Microsoft 365 with PowerShell eBook. We’ve also updated the print (paperback) version that’s sold on an on-demand basis through Amazon.com. Things keep on changing inside Microsoft 365 with agent management a new challenge that’s coming into view.
Microsoft Reannounces Teams Policy to Suppress In-Product Messages
Microsoft reannounced the Teams policy to suppress certain categories of in-product advertising messages but has done nothing to control Teams pop-up messages that irritate users. The volume of pop-up messages appears to have increased, or maybe it’s my frustration level that’s rising. A simple setting to turn informational pop-up messages would be appreciated.
Microsoft Cloud Revenues Keep on Heaping Up
Microsoft’s FY25 Q2 results featured bumper Microsoft Cloud revenues, which broke the $40 billion mark for the first time. Although they wanted to talk a lot about Copilot and AI in general, Microsoft didn’t give any new user numbers for Microsoft 365 or Teams.
Primer: Using Exchange High Volume Email with Azure Automation
This article covers how to use HVE with Azure Automation to send email. HVE is Exchange Online's High Volume Email solution for internal communications. In the discussion, we cover how to retrieve credentials from Azure Key Vault, how to retrieve data from a web page, and how to bring everything together in a message submitted to HVE.
Primer: Running Audit Searches and Sending Email from Azure Automation
This article describes how to use Azure Automation for audit searches. The runbook runs an audit search to find events for specific operations, refines the set of events found by the search, and sends the information by email. Hopefully, someone will respond to the message and do the right thing to check the insight derived from the events.
Update #8 Available for Automating Microsoft 365 with PowerShell
Monthly update #8 is now available for the Automating Microsoft 365 with PowerShell ebook. Subscribers can download the updated files from Gumroad.com. The Office 365 for IT Pros eBook includes Automating Microsoft 365 with PowerShell. Both books are updated monthly. Mastering the Microsoft Graph is a major focus of the PowerShell book, which should be helpful to anyone trying to upgrade scripts from the old AzureAD and MSOL modules.
Entra ID Allows People to Update their User Principal Names
Entra ID allows unprivileged users to update the user principal name for their accounts via the admin center or PowerShell. It seems silly because no justification for allowing people to update such a fundamental property is evident. Perhaps Microsoft has some excellent logic for allowing such updates to occur, but blocking access seems like the right thing to do.
Primer: How to Schedule Azure Automation Runbooks to Process Microsoft 365 Data
After creating some Azure automation runbooks to process Microsoft 365 data, a schedule means that the runbook will execute. This article discusses how to publish and register a runbook so that an automation schedule takes over the burden of running the job. In addition to describing the necessary steps in the Azure portal, we also give you the PowerShell commands.
Primer: Output Data Generated with an Azure Automation Runbook to a SharePoint List
The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint Online list. Once in the lists, items can be processed using Power Automate, Power Apps, or Power BI or exported to Excel. It’s a great way of capturing information generated by background jobs.
Primer: How to Use Azure Automation to Run Microsoft Graph PowerShell SDK Scripts
A reader asked why it seems so difficult to use Azure Automation runbooks to process Microsoft 365 data. In fact, it's not so hard, and here's a primer to help you understand how to create the necessary Azure Automation environment to develop and execute runbooks. Once modules and permissions are in place, everything falls into place.
How to Replace Group Owners When They Leave the Organization
Deleting an Entra ID user account can result in ownerless groups if the account being removed is the only group owner. Before deleting accounts, it's a good idea to proactively replace group owners. This article explains how to replace group owners in the fastest and most scalable manner using the Microsoft Graph PowerShell SDK.
Microsoft 365 User Profile Card Gets Name Pronunciation
The Microsoft 365 user profile card offers users the chance to record and playback name pronunciations, if tenant settings allow. The new setting is controlled by a Graph API and turns name pronunciation recording and playback on or off for the entire tenant. Microsoft says that helping people pronounce other peoples’ names properly is a good thing. It will be interesting to see how many use this feature.
Microsoft Launches Copilot for All Initiative
The Microsoft 365 Copilot Chat app is the free to use chat app available to commercial Microsoft 365 customers. The free chat app now supports Copilot agents, including agents that are grounded against Graph data (on a pay-as-you-go metered basis). The free chat app is highly functional and Microsoft hopes that it will convince customers to buy the full-fledged Copilot.
Final Days for the MSOnline and AzureAD PowerShell Modules
After many twists and turns since August 2021, the MSOnline module retirement will happen in April 2025. The AzureAD module will then retire in the 3rd quarter. It's way past time to upgrade PowerShell scripts. The question is whether to use the Entra module or the Microsoft Graph PowerShell SDK. I know which option is best and say why in this article.
Using the SharePoint Pages Graph API
Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Microsoft Graph PowerShell SDK based on the API. The net result is that the API appears to work well but some problems are evident in the cmdlets. Or maybe it's just my lack of knowledge!
How to Post Video Clips in Teams Channel Posts and Replies
In January 2025, Teams will support the ability to post video clips to channel conversations in posts and replies. The feature is similar to that released for Teams chat in September 2022. It's also similar to the ability to include a vidoe clip in Outlook messages. Given the popularity of video clips in other apps, it's likely that this feature will be popular with users.
All About the Office 365 for IT Pros GitHub Repository
The Office365ITPros GitHub repository holds over 300 PowerShell scripts showing how to interact with Microsoft 365 and Entra ID. Anyone can contribute to Office365ITPros by forking the code to a copy of the repository and making changes to scripts there. If you want, you can push the changes back to us so that we can consider their inclusion in Office365ITPros. It's a great example of community in action.
OTP Verification Option for Teams Meetings
Microsoft is deploying the option for meeting organizers with Teams Premium licenses to use OTP verification to allow anonymous users verify their identity. The new option fills in a gap where external people who don’t have an Entra ID or MSA account are unable to verify their identity to join a Teams meeting. It’s a good feature, but should it be available in the basic Teams license?
Teams Splits Recording and Transcription Settings for Meetings and Events
Microsoft plans some big changes for Teams recording and transcription policies in February 2025. Events like webinars and town halls get separate controls for recording and transcription through the Teams event policy. By default, meeting transcription is enabled to generate transcripts for more meetings (and make transcripts available to Copilot). In addition, face and voice profile enrollment is enabled by default (important if you have Teams Rooms devices).
Microsoft Describes Top Five SharePoint Features Shipped in 2024
An interesting article by Microsoft’s Mark Kashman lists his top five SharePoint features shipped in 2024. Four of the five features involve extra cost. Is the trend of Microsoft charging extra for most new features likely to continue in 2025? The need to generate additional revenues from the Microsoft 365 installed base probably means that this is the new normal.
SharePoint Online Intelligent Versioning and the 500 Version Limit
SharePoint Online intelligent versioning uses algorithms to decide what file versions must be kept for file recoverability. Unwanted versions are discarded (trimmed). A notional 500 version limit applies when intelligent versioning is in force but if data lifecycle management (retention) is used, SharePoint cannot trim versions to keep within the 500 version threshold. Some change is needed to resolve the conflict.
How to Create a Teams Avatar from a Photo
I've used Teams avatars for a couple of years but never liked them all that much. The chance to create a Teams avatar from a photo seemed liked a great idea. Alas, the results obtained from uploading a professional headshot photo or from an image captured by the PC’s camera didn’t live up to expectations. The avatar is closer to my reality, but not by much.
Viva Engage Items Show Up in Search Results
News that Viva Engage search results are included in the results generated by Office.com and SharePoint.com is not unexpected. Only certain Viva Engage items appear in search results such as storyline items and question and answers from public communities. In other news, ten years after Microsoft’s Acompli acquisition, there’s no doubt that Outlook Mobile is a huge success.
Office 365 for IT Pros January 2025 Update
Monthly update #115 is now available for download by subscribers to the Office 365 for IT Pros (2025 edition) eBook. The files available to subscribers also include an update for the Automating Microsoft 365 with PowerShell eBook. Those who bought the PowerShell book without buying the Office 365 for IT Pros bundle can also download the update/.
Microsoft Search in Bing Gets the Bullet
On 19 December 2024, Microsoft announced the retirement of the Microsoft Search in Bing feature. Copilot is better at searching and presenting web and work results. Although tenant administrators might worry about the recent batch of retirements, the fact is that Microsoft retires unsuccessful products and features from Microsoft 365 all the time. The swift demise of the Office tags feature is another example.
The Confusing Renaming of Microsoft 365 Copilot
Microsoft loves branding exercise. At least, that can be the only reason why the Microsoft 365 Copilot rename is happening. I can think of no other reason why Microsoft would seek to confuse its customers by applying the Microsoft 365 moniker to an app that can’t access Microsoft 365 data, unless of course people pay to use Copilot agents. It’s all very confusing.
Blocking Microsoft 365 Copilot Making Inferences in Teams Meetings
The Copilot inference and evaluation policy controls if users can ask Copilot in Teams to evaluate the emotions of other meeting participants. It sounds creepy that meeting participants can ask Copilot how someone is feeling based on their contributions to a meeting, but AI is happy to answer unless blocked by policy. Maybe blocking big brother monitoring should be the norm rather than an exception?
Processing Microsoft 365 Retention Labels with the Microsoft Graph PowerShell SDK
Two types of retention labels are in use: Microsoft 365 retention labels and MRM retention tags. Clients hide the difference, but the Microsoft Graph PowerShell SDK cmdlets can only process Microsoft 365 retention labels for files stored in SharePoint Online and OneDrive for Business. EWS can manage MRM retention tags, but it's on a fast path to retirement in 2026...
Microsoft Proposes a Horrible Change for the Search-UnifiedAuditLog Cmdlet
On December 12, Microsoft said that they want to make the Search-UnifiedAuditLog cmdlet use high completeness for all its searches. If implemented, the result will be a disaster because many of the current uses of the cmdlet to retrieve audit log data will be rendered impracticable because of the slowness and unreliability of high completeness searches. Microsoft just doesn't seem to understand how its software is used in production.
Teams Gets Resizable Windows and More Pop-Out Panes
In January 2025, Microsoft will introduce resizable Teams windows for the Windows and Mac desktop clients. This is a fundamental change to the client experience that will affect how end users interact with Teams. In a nutshell, users can resize panes like the chat list or meeting stage to a minimum of 360 pixels, which isn't a lot. On the other hand, you can zoom a Teams window to 400%, which is definitely a lot.
Microsoft 365 Users to Get Outlook’s Org Explorer
Microsoft originally were going to license the Outlook Org Explorer to E3 and E5 users. Then they had the clever plan to license the feature through Viva. The gloss has gone off that idea and now Microsoft says that all commercial Microsoft 365 users will be able to use the Org Explorer starting in early 2025. In other news, you’ve been given 15 months’ notice about Outlook toggling.
How to Configure Sensitivity Labels to Block Document Downloads from SharePoint Sites
The SharePoint Online Block Download Policy controls the ability to use features that rely on downloaded files (including temporary files), such as printing or editing with the Office desktop apps. It's the kind of configuration that organizations might use for sites that hold very confidential files. Although the Set-SPOSite cmdlet can configure the policy for a site, it's easier to use a container management label.
February Deadline Looms for Legacy Exchange Tokens Used by Outlook Add-Ins
A February 2025 deadline looms for Outlook classic add-ins that use legacy Exchange tokens for authentication. Add-ins must switch to nested app authentication (NAA) to have continued access to Exchange mailboxes and other objects. The upgrade is easy enough if the ISV that developed the original add-in is still in business. Things get a lot more complicated when they're not, or you have no idea who developed an add-in.
New Option Available to Update Microsoft 365 User Profile
The scheduled retirement of Delve on December 16, 2024, meant that Microsoft had to create a new way for users to update their profile settings. The new method has now appeared in Microsoft Search, and it will spread to other workloads (like OWA) where users can access and update their profile. The new mechanism is welcome, but it's still too difficult to customize user profiles within a tenant.
Microsoft Kills Viva Goals
Microsoft's announcement of the Viva Goals retirement came as a complete surprise to the customers using Viva Goals to implement the OKR methodology for their organization. From Microsoft's text, it seems pretty clear that Viva Goals just didn't succeed in winning sufficient customers to warrant ongoing development. The outcome is that Microsoft cut its losses and will retire Viva Goals.
Thwarting Social Engineering Attacks Against Teams Federated Chat
A recent reported noted an increase in social engineering attack through Teams federated chat. You can stop these attacks by limiting external access to an allow list of known domains, which is what I do. Or you can depend on the technology built into Teams to detect suspicious connections and remind users about potential risk. This now extends to connections from brands commonly targeted by phishers.
Microsoft 365 Unifies Video Under Clipchamp Brand
A November 26 announcement says that Microsoft 365 Video will bring Stream and Clipchamp together under the Clipchamp brand. A lot of hard work over the past few years created the potentoal for unification as Stream moved to the SharePoint platform and Clipchamp embraced the Microsoft 365 framework. Bringing the two solutions together into a unified Microsoft 365 video platform makes perfect sense.
Switch OneDrive for Business Accounts to Intelligent Versioning
Intelligent versioning means that SharePoint Online manages file versions automatically and only keeps what's needed. The feature works for OneDrive too, if only you can figure out how to enable it. Intelligent versioning can be enabled for a OneDrive account manually. PowerShell is the best option to enable intelligent versioning across a tenant. But how? We explain all here.
Using the Audit Log to Generate a Daily Action Summary for a User
This article describes how to report the audit events for a user over a single day. The task seems simple, but inconsistency in audit payloads make it harder. Workloads don't help by the variations in audit events. In any case, persistence and knowledge about what the audit event captured for an action helps to decode the data, as illustrated by the script detailed here.
Office 365 for IT Pros December 2024 Update
The Office 365 for IT Pros writing team is thrilled to announce the availabilility of the December 2024 update (monthly update #114). Current subscribers can download the updated EPUB and PDF files for the main book and the Automating Microsoft 365 with PowerShell book using their Gumroad.com account or the download files link in their receipt.
Finding Inactive Mailboxes Based on Message Trace Data
This article covers how to use Exchange Online message trace data to find inactive mailboxes based on their message send activity. The script processes user mailboxes but can easily be adapted to process shared mailboxes too. This is only one way to find inactive maiboxes. The other methods mentioned in the article might be better suited to your purpose.
Microsoft Changes Names for Sensitivity Label Permissions
Microsoft recently renamed the default set of sensitivity label permissions. Each permission defines the usage rights for a labelled item for users. The rights range from the basic actions like edit, save, and print to the more advanced extract, right to run macros, and export. The trick is to make sure that sensitivity labels assign the right permissions to users.
The Problem of Document Mismatches and Cloudy Attachments
SharePoint generates document mismatch notifications when users create or update files with sensitivity labels that are higher than the site's container label. Normally, everything works as planned, but if a tenant has a cloudy attachment auto-label retention policy, items can end up in site preservation hold libraries that generate document mismatches. The problem is that you can't stop the mismatches!
The Impact of Generative AI on Technology Websites
Generative AI tools are nice to have, but the LLMs used by these tools must come from somewhere. The impact of generative AI on technology websites is very real and will have a far reaching effect if websites close due to reduced traffic and revenues. How will the LLMs used by generative AI refresh their knowledge base if websites don’t create that information for them (for free)?
Microsoft’s Simple Message at Ignite: It’s All About AI
The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more interesting announcements for Microsoft 365 tenants for Teams, SharePoint Online, and Purview. Many of the new features need high-end licenses or add-ons, but that doesn't mean that the issues addressed by the technology should be ignored.
Use the Microsoft Graph to Report Service Principal Sign-In Activity
Service principal sign-in activity is a new insight available in the Entra admin center. As explained here, it's also possible to use PowerShell to fetch and analyze the data to derive new insights into what apps create service principals in a tenant and what organizations own the apps. Some detective work is needed to fully understand the data. That might be an ongoing task, but at least we have the data.
Track Sensitivity Label Downgrades and Removals with Audit Log Data
The Purview Insider Risk Management solution can do all sorts of clever things, like tracking sensitivity label downgrades and removals as an indicator that a user might be preparing to exfiltrate data. The same kind of checking can be done by using the events captured in the audit log when people remove or change sensitivity labels. All in a few lines of PowerShell...
Microsoft Details Progress Towards a More Secure Exchange Online
In a November 18 post, Microsoft describes some Exchange Online security updates that are due to land between now and 2026. Some of the news is a restatement of previously announced information, like the deprecation of EWS in October 2026. New information includes some information about feature caps that the Graph APIs cannot close when EWS goes away. And then there's a hint about the demise of public folders (again!)
Mandatory MFA Requirement for Microsoft 365 Admin Center
In February 2025, Microsoft will begin enforcing a mandatory MFA requirement for the Microsoft 365 admin center. All connections to the Microsoft 365 admin center must pass an MFA challenge. The move is to increase the percentage of Entra ID user accounts protected by MFA. This article explains what’s happening and outlines how to gain insight into who might be affected by the change.
Use the Audit Log to Find the Last Accessed Date for Documents
The unified audit log is full of interesting information about who did what and when they did it. In this article, I describe how to use file operations audit events to find the last accessed date for documents in a SharePoint Online site. It’s data that isn’t available in the Microsoft Graph, but it is in the unified audit log.
Manage PIM Role Assignments with the Microsoft Graph PowerShell SDK
This article describes how to create eligible and active PIM role assignment requests using cmdlets from the Microsoft Graph PowerShell SDK. Although the PowerShell code is straightforward, Microsoft recommends using the Entra admin center for Privileged Identity Management. But you can automate the management of role assignment requests if you want to.
SharePoint Online Intelligent Versioning and Retention Processing
Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention policies and labels can stop the removal of versions. What happens when a version expires and SharePoint attempts to remove it only to run into a retention block? The answer needed to be researched and is explained here.
Microsoft to Separate Copilot and Teams Compliance Records
In a November 8 post, Microsoft says that Purview Data Lifecycle Management will allow tenants to split processing of Copilot interactions and Teams chats with different policies. The public preview for the change should be available in mid-November. This update makes perfect sense because there’s no logic to dictate that Microsoft 365 tenants want to impose the same retention period for Teams chats and Copilot interactions.
Microsoft Recommends the UnifiedRoleDefinition Graph API for Role Assignment Automation
Microsoft recommends that developers move from the older DirectoryRoles Graph API and use the UnifiedRoleDefinition API instead. Changing APIs will impact the code in any PowerShell scripts used to automate role assignments. In this article, we review some examples of the older way to assign roles and show how to do the same tasks with the new API.
Private Channels Just Don’t Get Any Respect
MIcrosoft launched private channels in November 2019. A lot has happened since and private channels don't really get much attention these days. That's a pity because private channels can be very useful in the right situation. I rediscovered this fact recently when working through an issue with a university where private channels were the right answer. Like all technologies, happiness comes from choosing the right tool.
How Microsoft Copilot Generates Compliance Records
A recent article about analyzing interaction records for Microsoft 365 Copilot led to the question if it's possible to do the same for Microsoft Copilot. After checking the compliance records captured by the Microsoft 365 substrate, we know that it is possible. However, some bugs in dealing with encoded text means that the interactions generated for responses from Microsoft Copilot and Microsoft 365 Chat. All explained here.
Exchange Online Adds Delicensing Resiliency
Microsoft announced Delicensing Resiliency, a new feature for tenants with over 10,000 paid seats, to avoid inadvertent data loss due to licensing errors. Essentially, the feature adds an extra 30-day grace period post license removal during which mailboxes work as normal. The idea is that administrators will have extra time to detect and fix licensing errors that lead to mailbox removal. It seems like a great idea.
Loop App Adds More Support for Sensitivity Labels
Container management label support is coming to the Loop app. Before it arrives, we look at how Loop supports sensitivity labels assigned to pages in Loop workspaces. As you might imagine with the initial implementation of a feature, some gaps are obvious that the Loop developers should fix as they build out full support for sensitivity labels within the Loop ecosystem.
Use the Graph SDK to Manage Group-Based Licensing
Group-based licensing is a mechanism to make it easier to assign and mange product licenses for large sets of user accounts. In this article, we discuss how to use Microsoft Graph PowerShell SDK cmdlets to manage group-based license assignments in a Microsoft 365 tenant. Assigning licenses to groups is very much like direct assignments, but some differences exist.
Office 365 for IT Pros November 2024 Update
Monthly Update #113 (November 2024) for the Office 365 for IT Pros eBook is now available for download by current subscribers from Gumroad.com. Am update is also available for the Automating Microsoft 365 with PowerShell eBook. In other news, we take a look at the Microsoft 365 news from Microsoft's FY25 Q1 results and try to interpret what some of Microsoft's statistics really mean.
Create a Custom Copilot Agent for SharePoint Online
Copilot agents are part of Microsoft's Wave 2 initiative launched in September 2024. Basically, an agent restricts Copilot queries to a defined set of content, meaning that the response generated by Copilot is much more precise and won't be affected by information found in other sites. The wizard makes it very easy to create a new custom agent. Some features are missing, but they're on the way.
Why Are Per-User MFA Settings Available in the Entra Admin Center?
A reader asked why the Entra admin center includes an option to manage per-user MFA settings for accounts. I don't know why Microsoft added this option, but it doesn't take away from the strategy to enforce and manage multifactor authentication through conditional access policies. Microsoft has been very focused on CA policies for the last few years and per-user MFA will eventually be subsumed into the CA strategy.
How to Restore the Service Plan for a Microsoft 365 App
Many articles describe how to disable a service plan for a Microsoft 365 account, but few cover how to enable service plans should the need arise afterward. This article covers the basics of disabling and enabling service plans for Microsoft 365 licenses using PowerShell, including the very important step of finding existing disabled plans. Everything's easy once you know how.
How to Search for Email Protected by Sensitivity Labels
How to find Emails with Sensitivity Labels was the question asked. Everyone knows that you can find SharePoint files protected by sensitivity labels, but what about emails? MAPI properties exist that are promoted to Microsoft Search, and this allows features like end-user searching through the Microsoft 365 app and Outlook to work. But the best way to find emails with sensitivity labels is to use a Purview content search,
Microsoft Says SMEs Can Benefit from Microsoft 365 Copilot
An October 17 report highlights how Microsoft 365 Copilot can benefit SMEs in terms of increased revenue and ROI. But the report is a marketing tool designed to sell more expensive Microsoft 365 Copilot licenses. There's a certain fear of missing out presented by the report, but spending a large amount on licenses without knowing exactly where the return will come from has never been a good business tactic.
How to Set Directory Synchronization Features with the Graph
Directory synchronization features control how the Entra Connect tool works when synchronizing accounts from Active Directory to Entra ID. The current advice is to use a cmdlet from the depreciated MSOL module to update settings. This article explains how to do the job with the Graph APIs, including cmdlets from the Entra PowerShell module.
How to Force Users to Sign in Weekly
A recent question asked how to force users to reauthenticate at 7AM every Monday. The solution seems to revoke access for user accounts. This article describes how to create an Azure automation runbook (PowerShell script) to find target accounts and revoke their access. By linking the runbook to an automation schedule, we can make sure that revocation happens at the desired time.
Microsoft Releases New Cloud Licensing Graph API in Beta
A new Cloud Licensing API has turned up in the Microsoft Graph beta endpoint. Apparently, the new API aims to improve license management in various ways. For now, the new API returns essentially the same licensing data that’s available through other APIs and cmdlets. The full story about what problem Microsoft plans to solve with the Cloud Licensing API and usage rights remains to be seen.
Microsoft Graph Doesn’t Support Custom Attributes for Groups
Container management labels are an effective way to ensure that groups, teams, and sites have the right settings. The Graph doesn't support custom attributes for groups, so these attributes aren’t available to store details of the “approved” container management label to check if anyone has changed the label after the original assignment. Time to find a new way to store this data.
Will Microsoft 365 Copilot Errors and Hallucinations Eventually Corrupt the Microsoft Graph?
Copilot errors in generated text can happen for a variety of reasons, including poor user prompts. If the errors end up in documents, they can infect the Graph and become the root cause for further errors. Over time, spreading infection can make the results derived from Graph sources like SharePoint Online unreliable. Humans can prevent errors by checking AI content thoroughly before including it in documents, but does this always happen?
Teams Revamps its Calendar with Outlook Components
The Teams calendar app is being refreshed in November 2024 when Teams takes on the calendar UI used by OWA and the new Outlook for Windows. The unified Microsoft 365 calendar experience is based on OPX and WebView and looks much better than the old Teams calendar. It makes perfect sense for the same UI to manipulate the same calendar data in both Outlook and Teams.
Working with Copilot Pages
Copilot Pages are part of the September 2024 Copilot Wave 2 announcement. They're a good way to capture the text generated by Copilot in response to a prompt. Each Copilot page is a Loop component stored in a SharePoint Embedded container. Figuring out how to manage these containers will take a little time, especially as Microsoft hasn’t yet delivered the APIs needed to do the job.
Using a Dynamic Microsoft 365 Group with a User Adaptive Scope
Adaptive searches are a nice way to target users, sites, and groups for Purview retention processing. But a user adaptive scope can't select members of a group and target them. That is, unless you use the same attribute to identify users for both a dynamic group and an adaptive scope, which is what’s explained here.
No Reason to “Upgrade” Distribution Lists to Microsoft 365 Groups
The Exchange admin center feature to allow administrators to initiate an upgrade distribution list process to request group owners to migrate distribution groups to Microsoft 365 groups is terrible. In my experience, the request goes into a black hole and never emerges, or the process fails immediately. But you shouldn’t be upgrading distribution lists to Microsoft 365 groups anyway because groups are often overkill when all that's needed is a way to distribute email to multiple recipients.
How I Write PowerShell Scripts for Microsoft 365
The question of how best to write PowerShell for Microsoft 365 was asked during a TEC 2024 PowerShell workshop. There are many variables, and one has the right answer. To start the ball rolling, this article describes how I write PowerShell for Microsoft 365 using a variety of modules such as Exchange, SharePoint, Teams, and the Microsoft Graph PowerShell SDK.
New Outlook for Windows Can Start with No Internet
Offline access is a fundamental feature for email clients. The new Outlook introduced initial support in June 2024. Now it can start without a network connection, which is something that Outlook classic has been doing for 27-odd years. The update provoked a search for where the new Outlook stores the data used when working offline, and we think we know where the data is.
Free Teams Licenses Now Blocked for Federated Communications
Microsoft announced blocked Teams federated chat for trial tenants in June 2024. That block is now well and truly enforced. If you use an account in a trial tenant (and many flavors of these accounts exist), then you won’t be able to set up a federated chat with someone in another Microsoft 365 tenant. It’s an example of how Microsoft restricts service functionality to stop misuse.
Delve Retirement and User Profiles
The Delve browser app retires on December 16, 2024. It's time to check if the change will affect how people interact with user profiles in Microsoft 365 tenants. A new “user profile experience” is due to arrive in November that should allow people to update details in their profile. Hopefully, the new experience will include photo updates, which have long been a problem area for Microsoft 365 apps.
Adding a Custom Test to the Maester Tool
The Maester tool is a great way to get a security assessment for a Microsoft 365 tenant. Being able to create custom Maester tests makes it even better. In this article, we explain how to create a custom Maester test that reads the Entra ID Groups policy to report if users are allowed to create new Microsoft 365 groups (and teams).
Microsoft Retiring the Revoke-SPOUserSession Cmdlet
Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November 2024. The cmdlet is replaced by the Revoke-MgUserSignInSession cmdlet, which works across Microsoft 365 rather than just SharePoint Online. All of this happened while the 2nd annual PowerShell Script-Off happened at TEC 2024 and competitors struggled with what to do to secure a user account for an ex-employee.
SharePoint Oversharing, Governance, and Lifecycle
SharePoint Advanced Management (SAM) is a $3/user/month add-on that can help Microsoft 365 tenants manage problems like oversharing, data governance, and site lifecycle. A TEC 2024 session describe how SAM can help tenants cope with these issues in the AI era.
Making Sure that Outlook Puts Deleted Items in the Right Place
The Outlook (classic) client has a registry setting to control moving deleted items from a shared mailbox. The new Outlook for Windows client doesn't have an equivalent setting, so items removed from a shared mailbox end up in the Deleted Items folder of the user’s mailbox rather than the Deleted Items folder in the shared mailbox. It’s an example of one of the things to fix before the new Outlook can take over.
Office 365 for IT Pros October 2024 Update
The Office 365 for IT Pros team is delighted to announce the availability of monthy update #112. Subscribers for the 2025 edition can now download the updated files from Gumroad.com. We've also updated the Automating Microsoft 365 with PowerShell book, which is included as part of the Office 365 for IT Pros bundle and availanle separately, including as a printed version. We're now working on monthly update #113, due on November 1, 2024.
Accessing Online Archives with Outlook Mobile
Following a change made to Microsoft Synchronization Technology to support the new Outlook for Windows, Outlook mobile supports access to archive mailboxes. For mailboxes enabled with an archive, the archive mailbox is listed like other mailboxes and opened in the same way. The only thing to remember is that archive items tend to be old and therefore you’ll probably have to instruct Outlook to download the items to the device.
TEC 2024 Rolls Into Dallas
TEC 2024 (aka "The Experts Conference") takes place on Oct 1-2 at the Loews Arlington Hotel. TEC is a great conference for many reasons, notably the intensely practical nature of the coverage technology receives during conference keynotes, sessions, and workshops. If you’re looking for a high-quality event to attend in 2025, put TEC 2025 on the list.
No Practical Way to Disable OneDrive for Business
Some organizations want to disable OneDrive for Business to force people to use SharePoint Online. This might have been possible in the past. It isn't practical now because of the way that Microsoft has concentrated personal storage for Microsoft 365 apps in OneDrive for Business. It’s a better idea to come up with some practical methods to ensure that valuable information is recovered from OneDrive on an ongoing basis.
DLP Policy Tips Get New Premium Conditions
MC894577 announces that DLP policy tips displayed in Outlook will soon support a set of new conditions. That's good, but the text of the announcement is unclear about important points like the clients that will support the new policy tips, what kinds of groups are supported by the conditions, and precise details of how Outlook will differentiate between users with Office 365 E3 and E5 licenses.
Installing the Entire Microsoft Graph PowerShell SDK Seems Like the Right Idea
An article described some benefits that could be gained from not installing the complete Microsoft Graph PowerShell SDK. The question is whether the claimed benefits are more theoretical than actual. It’s hard to say because it all depends on how someone uses the SDK for development or to run scripts. Anyway, it’s a topic worth discussing.
How to Add Contacts to User Mailboxes From a CSV File
A recent script demonstrated how to import contacts into user mailboxes using a list in a SharePoint site as the source. With a quick change, a CSV file becomes the source. This is a great example of how adaptable PowerShell is and how to update code found in articles to meet your needs. If you do ask an author to change their code, remember to try first and tell them why the change should be made.
How Outlook Suppresses Duplicate Contacts (or Not…)
The new Outlook for Windows and OWA now can suppress duplicate contacts. This means duplicate contacts are hidden, not removed. Tests reveal that duplicate suppression does work and probably does well in most cases. However, the lack of documentation around when suppression occurs and how decisions to suppress are made mean that Microsoft has some work to do here.
Get-Mailbox Versus Get-ExoMailbox
Microsoft's advice is to use the Get-ExoMailbox cmdlet instead of its older Get-Mailbox counterpart. Generally, this is good advice that you should follow. However, the older cmdlet can do a job in certain circumstances, so don’t write it off completely. More importantly, make sure that filtering of objects is done using server-side filters. This will improve script performance significantly.
Using the Get-RecoverableItems Cmdlet to Report Recoverable Items
Sometimes you don't need the full-fledged Graph API to report details of items in Recoverable Items and the Get-RecoverableItems cmdlet can do the job. The data fetched by the cmdlet isn’t as rich as the information available through the Graph, but if all you want is a simple listing of what’s in a mailbox’s Deletions folder, Get-RecoverableItems is a good solution. And best of all, we provide a full script to show how.
How to Report the Information Stored in Recoverable Items
This article explains how to use the Microsoft Graph PowerShell SDK to report Recoverable Items in a form that is usable for eDiscovery investigators and other highly-privileged use. The script fetches details of items found in folders like Deletions, Purges, Versions, and SubstrateHolds. Because accessing mailbox data is a sensitive action, consider restricting access to confidential mailboxes using RBAC for applications.
The New Microsoft 365 Photo Update Settings Policy for User Profile Photos
A new photo update settings policy aims to cure the mish-mash of existing settings controlling how user profile photos are updated in Microsoft 365. The new policy is based on a Microsoft Graph resource. Work is needed to update clients to respect the policy settings and take over from current controls, like the OWA mailbox policy.
Copilot Usage Report APIs Available
In MC877369, Microsoft announced the availability of three Copilot usage reports in the Graph usage reports API to track usage of Copilot for Microsoft 365 in the apps enabled for Copilot, like Outlook, Excel, Word, PowerPoint, Loop, etc. The data available in the Copilot usage reports isn’t very informative and you might be better off using audit records to analyze what’s happening.
Microsoft 365 Licensing Report Script V1.94
The Microsoft 365 Licensing Report PowerShell script has been upgraded to generate detailed license information and to deal with expired license subscriptions. You can download V1.94 of the script from GitHub. Before attempting to run the licensing report script, take the time to read previous articles to understand the basics of the script and how to generate the files used for pricing information.
Automatic Hiding of Teams Channels Continues
The Teams feature to hide inactive channels is now fully rolled out. Another recent change suppresses notifications from hidden channels, and this could cause a problem for people who rely on notifications to know what’s happening in a channel. Both updates are good, but some differentiation or control over notifications for user-hidden and auto-hidden channels might be good.
Microsoft 365 Admin Center to Support Continuous Access Evaluation
The Microsoft 365 admin center will support continuous access evaluation (CAE) from September 2024 to help revoke access from accounts more quickly when critical events happen (like an account password being changed). Adding CAE support to an admin center is always a good idea, but it shouldn’t take away from the need to protect Microsoft 365 accounts with multifactor authentication. Stop compromise before you need to react to compromise!
Purview eDiscovery’s Big Makeover
eDiscovery is a calling best left to skilled investigators. But Microsoft 365 administrators need to know how to search and how the new Purview eDiscovery works. The new implementation is due by the end of 2024 and is in preview now. It unifies the three existing solutions in the Microsoft 365 eDiscovery space and promises to deliver new functionality. But will it make its dates? Who knows!
Using Guest Accounts to Bypass the Teams Meeting Lobby
One of the things that vexes me is the need to change account to attend a Teams meeting. I forget this all the time and end up with unexpected waits in virtual lobbies, twiddling my thumbs while waiting for someone to admit me to the call. Sometimes I end up missing calls because people can’t admit participants from outside the tenant if they don’t have a guest account. The solution might come from the application of more intelligence and a change to the Teams UI.
Copilot’s Automatic Summary for Word Documents
The automatic document summary feature for Word duly turned up and Copilot for Microsoft 365 has been busy generating summaries ever since. The feature works well for documents with less than 80,000 words, which should be enough for most documents but limits summarization for documents that might use it most, like complex plans or contracts. In any case, I haven’t found a way to turn document summaries off. Maybe that’s coming.
Teams Improves Text Pasting and Mic Pending
Thankfully, Teams pasted text no longer contains a timestamp and the author's name. The change is effective worldwide and addresses a longstanding irritation. Quite why it took so long for Microsoft to understand how people felt about the insertion of unwanted metadata is a mystery, but it’s gone now. And in other news, Mic Pending is a new feature for Teams calls and meetings.
Transferring Reusable PowerShell Objects Between Microsoft 365 Tenants
People often need to transfer objects or code between Microsoft 365 tenants. When it comes to dealing with objects, the Microsoft Graph PowerShell SDK's ToJsonString method is very useful. The method outputs a string containing JSON content, but only for object properties that have a value. This makes the much easier to use the output as the basis for a template object or as the payload body to create an object in another tenant.
Office 365 for IT Pros September 2024 Update
Files are available for download for the September 2024 update for the Office 365 for IT Pros (2025 edition) eBook. This is monthly update #111. As normal, the update covers a bunch of new information and insights from across the Microsoft 365 ecosystem.
Microsoft Withdraws Copilot Catch Up Feature
After reaching 50% deployment and on track to general availability, Microsoft decided to withdraw the Copilot catch up feature. Catch up shows a set of cards in a carousel to highlight documents and other items that Copilot believes are of interest to the user. It's like the insights surfaced in other places within Microsoft 365, such as Office applications, Viva Insights, and Delve.
PnP PowerShell Changes Its Entra ID App
On August 21, 2024, news emerged that the PnP PowerShell module will transition from using a multi-tenant Entra ID app to a tenant-specific app. The change is scheduled for September 9, 2024, which doesn’t leave a lot of time available for developers to review, update, and test PowerShell scripts based on PnP PowerShell. Some extra warning would have been nice.
Why Entra ID can Restore Some Types of Deleted Groups and Not Others
The ability to restore deleted groups only covers Microsoft 365 groups. That's an odd situation to be in given the different types of groups in Microsoft 365, and the reasons why things work (or don’t) the way they do is down to history and different teams within Microsoft. It’s logical that customers assume they can restore any type of deleted group. Microsoft needs to do some magic to make that assumption real.
The Problem with Scoped Audit Log Searches
Microsoft Purview and the Exchange Online Search-UnifiedAuditLog cmdlet both perform searches of the Microsoft 365 unified audit log. Both mechanisms support the concept of scoped searches to limit audit records returned by searches to the administrative units an account can manage. But the permissions assigned by the two mechanisms aren’t synchronized, which can lead to complications.
Finding Non-Compliant Shared Mailboxes
Shared mailboxes have Entra ID accounts. No one needs to sign into the accounts because Exchange Online manages connections using mailbox permissions. But it can happen that people do sign into shared mailboxes and if the accounts aren’t licensed, they don’t comply with Microsoft licensing requirements. As explained here, some PowerShell can check for potential licensing violations.
Teams External Domain Activity Report Gets a Refresh
Microsoft says that they plan to refresh the Teams external domain activity report from September 2024. But access to the report requires a Teams Premium license. It seems like this kind of fundamental information should be available to every tenant as it’s not basic security data instead of something that could be considered as Advanced Collaboration Analytics.
Unlicensed OneDrive for Business Accounts Report Available
Microsoft announced their plan to charge for unlicensed OneDrive for Business accounts in July. Now we have an unlicensed OneDrive accounts report in the SharePoint Online admin center. The report divides unlicensed OneDrive accounts into four categories and it’s up to Microsoft 365 tenant administrators to figure out whether to retain or remove unlicensed accounts before automatic archival comes into force in January 2025.
The Ups of Rationalizing License Management in the Microsoft 365 Admin Center
The decision to rationalize license management in the Microsoft 365 admin center wasn't popular but the signs are that it could deliver benefits to customers in the form of new features and functionality. The first updates are a GUI to manage self-service purchases and trials together with notifications to administrators when a user makes a self-service purchase. More needs to happen, but positive indications are there.
Reporting Entra ID Administrative Role Assignments
A recent report highlighted the problem of on-premises accounts synchronized to Entra ID that receive administrative role assignments. This article explains how to report the administrative role assignments managed by Privileged Identity Management (PIM) or direct role membership so that it's easy to highlight on-premises accounts holding administrative roles.
Mandatory MFA Requirement for Access to Azure Sites and Tools
Microsoft's project to impose a mandatory MFA requirement for access to Azure management tools and sites will start enforcement on or after October 15, 2024. The new requirement will only affect users who access Azure sites and tools (like PowerShell). Normal users shouldn’t notice any difference. The Azure MFA requirement is a great way to drive home the need for MFA to protect Microsoft 365 administrator accounts against attack. Prepare now!
Microsoft Copilot to Get Enterprise Data Protection
Updates Rolling Out in September 2024 On August 15, 2024, Microsoft announced updates for Microsoft Copilot slated “to bring enterprise data protection to more organizations.”Given the profusion of Copilots in the Microsoft ecosystem, it’s important to realize that this is not Copilot for Microsoft 365.Instead, Microsoft Copilot is the free version-for-customers that doesn’t … Read More "Microsoft Copilot to Get Enterprise Data Protection"
Switching Microsoft 365 Data Report Privacy On and Off
The Usage Reports Graph API is now generally available, which means that it's fully supported. In other news, a Graph API is available for Microsoft 365 Backup, The news demonstrates once again how widely the Graph APIs are used with Microsoft 365 and why tenant administrators should acquire some knowledge about how the Graph works.
Handling the Too Many Retries Error and Dealing with Odd Numbers of Audit Events
The AuditLog Query Graph API remains in beta status but cmdlets are now available in the Microsoft Graph PowerShell SDK. This led to some oddities in results when the number of audit events found by a search didn't match those reported by the Purview compliance portal. It all worked out in the end. In other news, the Set-MgRequestContext helped sort out some retry problems.
Comparing Microsoft Cloud Email Services
HVE and ECS are two competing Microsoft Cloud Email Services. At least, they seem to compete. In reality, HVE and ECS serve different target audiences. HVE is all about internal email services for apps and devices while ECS is for high volume external mailings like customer newsletters. We tested both services by sending subscription reminder notifications to Office 365 for IT Pros readers.
Handling Online Teams Meetings Organized by Ex-Employees
When someone leaves a Microsoft 365 organization, the possibility exists that they leave some active Teams online meetings dangling behind them. What can be done to take over these meetings and make someone else the meeting organizer? The answer is simple: nothing. Organizing a replacement meeting is one way out, but maybe it’s best to use a dedicated account to organize important company events.
Microsoft 365 Admin Center to Take Over License Assignments
Microsoft is removing license assignments from the Entra admin center. From Sept 1, new license assignments are done in the Microsoft 365 admin center. In other news, a new Self-service trials and purchases page is coming to the Microsoft 365 admin center to control the ability of users to purchase self-service licenses or use trial licenses.
How to List Details of Teams Apps
A question asked about filtering Teams apps based on their blocked status. The Teams admin center doesn't support this kind of filter and getting details of Teams apps is surprisingly difficult. For instance, you can't get a list of the 2,500+ apps shown in the Teams admin center. PowerShell cmdlets are available to list Teams apps, but they focus on apps known to a tenant rather than the entire catalog.
Dealing with Teams Chat Messages When People Leave
Tenant administrators know that they need to deal with mailboxes and OneDrive accounts when people leave, but what about Teams chat messages? Or rather, the information stored in the compliance records captured in Exchange Online mailboxes? Reviewing chat messages can be an ardous task, so perhaps the solution might be to export the compliance records to a PST for long-term retention.
Teams Tightens Access Controls for Meeting Recordings and Transcripts
Teams meeting transcripts are enormously helpful and are used by many features, including Copilot for Microsoft 365. Access to transcript files needs good control because of the possibility of confidential information being captured in transcripts. Several recent changes made to the Teams meeting policy and meeting options help organizations to exert better control over access to transcript files.
Microsoft Quashes Bad Habit of Sending Passwords in Email
MC837081 announces that the Microsoft 365 admin center is to lose its ability to send password in email after updating a user account. It's the right thing to do because sending passwords in email is bad practice and encourages people to treat passwords with less respect than they should. The long term solution is to move away from passwords, but it will take time before Microsoft 365 is passwordless.
Microsoft Cloud Revenues Keep on Growing
The Microsoft FY24 Q4 results delivered solid growth in Microsoft Cloud revenues. No new numbers were given for Office 365 or Teams users, possibly because of a slowdown in new user acquisition. We learned that Teams Premium now has more than 3 million users and that Copilot for Microsoft 365 is being used by more customers than ever before, but without real numbers it's hard to say just how well things are going.
Office 365 for IT Pros August 2024 Update
The first update for Office 365 for IT Pros (2025 edition) or monthly update #110 is now available for subscribers to download. The update covers both the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell books. Many of the changes in this update are small but we do have some new information to share in some chapters.
Teams App-Centric Management (ACM)
Teams ACM replaces app permission policies with an easier method of defining who can use Teams apps. A wizard in the Teams admin center runs a one-time non-reversable switchover from app permission policies to ACM and makes sure that the permissions assigned through policy are present for each app. In other news, Teams is much better at presenting Graph permissions that apps need to run.
Microsoft to Charge for Unlicensed OneDrive for Business Accounts
Microsoft plans to archive unlicensed OneDrive sites starting in January 2025. The obsolete sites will end up in Microsoft 365 archive, from where the sites can be reactivated for a small per-gigabyte fee. Archived sites are indexed and discoverable. However, the message is clear: remove unlicensed OneDrive sites now. They’re only cluttering up your digital landscape and might give Copilot for Microsoft 365 a headache.
Finding Managers of Users with the Microsoft Graph PowerShell SDK
The task to find manager for Entra ID accounts seems simple until you find the bunch of utility accounts created by Exchange Online that should be ignored. This makes the task more “interesting” when the time comes to find user accounts that don’t have assigned managers. Eventually, all the filters work, and you have a result, but the task is more complicated than it should be.
The Maddening Side of the Microsoft Graph PowerShell SDK
All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well known. But it’s much harder when the underlying foundation contributes to the craziness as described in this article. Graph pagination works in a specific way and Microsoft tunes the Graph to deliver great performance by reducing the set of properties returned for objects. Both can cause concern for developers.
The OneDrive for Business Problem Created When Deleting User Accounts
On the surface, the work to delete OneDrive for Business accounts seems straightforward because Microsoft provides a 30-day deletion period to review contents and uses an automatic delegation process to assign control over the account to the deleted user’s manager. But given the number of applications that store data in OneDrive for Business, can anyone perform an end-to-end review of what’s in the account in a reasonable time?
Stream Moves to Intelligent Versioning
In a change designed to reduce the consumption of storage quota, Stream video versions are no longer being generated for non-video updates such as changes to video metadata. Anything that alters the video content, like trimming some seconds from the start or end of a video, will create a new version. It seems like a perfectly reasonable change to make that might help SharePoint storage not be consumed quite so quickly.
Adding Cost Center Reporting to the Microsoft 365 Licensing Report
The Microsoft 365 licensing report now supports a cost center analysis based on cost center values stored in an Exchange custom attribute. The new analysis is entirely optional, but it seems like many tenants store cost center values in custom attributes, so this update might work well for them. That is, if the cost center data stored in Exchange is accurate… Rubbish in always means rubbish out…
Comparing Shared and Inactive Mailboxes for Retaining Ex-Employee Content
Every Microsoft 365 tenant must deal with ex-employee mailboxes. The default choice is to make the mailboxes into shared mailboxes. But inactive mailboxes could be a better option to deal with the requirements to preserve user privacy and avoid inadvertent disclosure of PII to people who don’t need that information. Perhaps it’s time to reassess how your organization deals with ex-employee mailboxes?
Self-Service Purchase Notifications for Tenant Administrators
I dislike the Microsoft 365 self-service purchase mechanism and disable it in any tenant where I can. Global and Billing administrators for tenants that allow self-service purchases will soon receive notifications when self-service purchases occur to allow them to take action to allow, cancel, or change the purchased subscription. Or they can do what I do and avoid the problem in the first place by prohibiting self-service purchases.
Exchange Online Previews Inbound SMTP DANE with DNSSEC
On July 17, Microsoft announced the public preview of inbound SMTP DANE with DNSSEC for Exchange Online, a welcome step forward to improve messaging security. A previous attempt to launch the preview foundered because Microsoft wanted to insist on Microsoft 365 E5 licenses for the feature. Mature reflection prevailed and inbound DANE with DNSSEC is available to all, which is how it should be.
Team Owners Can Rename the General Channel
In what seems to be a small change, team owners can rename general channels (naturally with 'meaningful names.' The change is more important than it seems because it’s associated with an effort to make users think about using channels as the basis for collaboration instead of always creating a new team. Being able to rename the General channel might make the channel more useful. After all, it's just a regular channel.
Monitoring Updates to Sensitivity Label Policies and Labels
A reader wanted to know why the Purview Compliance portal doesn't show who last updated sensitivity label policies. The reason why is unclear, but what's for sure is that Purview doesn't record the data anywhere. But PowerShell and the audit log soon reveal who last made changes to labels and policies. It's yet another example of how PowerShell fills gaps Microsoft leaves behind.
Upgrading the Teams and Groups Activity Report to 6.0
The Teams and Groups activity report is a popular script that helps administrators identify inactive teams and groups within a Microsoft 365 tenant. The script code has been developed over the years. The last version converted to Graph API requests to improve performance. This time, the upgrade is to use the Microsoft Graph PowerShell SDK to make the code easier to maintain.
Outlook Mobile Continues to Set the Standard for Microsoft 365 Email Mobility
It's common to be asked which is the best mobile email client for Exchange Online. My view is that Outlook Mobile is the only client to use (if possible). I know that this opinion is unpopular with devotees of clients like the Apple iOS mail client, but the simple facts are that Outlook mobile is more functional and better integrated into the Microsoft 365 ecosystem. That's the defining factor for many.
The Right Way to Replace the Remove-SPOExternalUser Cmdlet
Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend using Remove-AzureADUser as a replacement. It's a bad call because that cmdlet is part of a now-retired and soon to be deprecated module. Overall, recommendations like this make you think that Microsoft doesn’t know what’s happening across the whole of Microsoft 365. And you might be right.
Office Connectors Retirement for Teams
In June, Microsoft retired Office Connectors for SharePoint Online and Microsoft 365 Groups. Starting on August 15, they're retiring connectors for Teams. The problem is finding out which teams and channels have configured connectors. That's when PowerShell comes in handy, as we prove with a script to report which teams have connectors.
Configuring Outlook DLP Policy Pop-Ups for Sensitive Content
A cloud policy setting enables a delay for evaluating message content and allows Outlook DLP Policy Tips to be displayed after detection of a policy violation. The setting works by pausing message sends until Outlook has had time to check the content for DLP policy violations Pop-up messages inform users about the pause and the result of the check.
Outlook Mobile Introduces Synchronization Window
A new Outlook Mobile synchronization setting allows users to select a window of between 1 and 90 days to download copies of email and attachments. The new setting allows organizations who worry about corporate data being on mobile devices to limit exposure to one day while enabling people who like having their entire mailbox on their device get closer to that point. Everyone wins.
New Policy to Disable Some In-Product Messages in Teams
In a welcome update, the Teams development group have provided a new policy setting to control the display of some in-product messages in Teams clients. The policy can only be updated with PowerShell. Some other Microsoft 365 development groups need to follow Teams and offer paying customers a way to suppress the annoying in-product ads.
All SharePoint Online Sharing Links Now Support Expiration Dates
A very useful update to support sharing links expiration for all link types used by SharePoint Online and OneDrive for Business is now rolling out and should be available in all Microsoft 365 tenants soon. Until now, expiration dates were only available for anyone links. Many organizations don’t allow anyone links, so enabling the feature for company-wide and specific people links will be much appreciated.
Teams to Begin Automatically Hiding Inactive Channels
From mid-July 2024, Teams will begin hiding inactive channels for users. The inactive channels can be unhidden, and users can opt out of the automatic process. The new clean up routine can be invoked whenever users want and if a mistake is made, it’s easy to unhide a channel. Given the number of channels in use, it’s likely that a few in everyone’s channel list are inactive and deserve to be hidden.
Using Company-wide Sharing Links with Copilot for Microsoft 365
Some folks wonder why they can't use documents shared with them using company-wide links with Copilot for Microsoft 365. As it turns out, the answer is simple. People must redeem a sharing link before SharePoint validates their access to a shared file. Copilot cannot use a document unless it has access to it. All of which brings up the point if it’s a good idea to use company-wide sharing links.
Office 365 for IT Pros 2025 Edition is Now Available
Office 365 for IT Pros 2025 edition, the 11th edition of the most comprehensive and in-depth book covering the Microsoft 365 Office servers, is now available. Office 365 for IT Pros subscriptions include a new 240-page book titled Automating Microsoft 365 with PowerShell covering PowerShell, Microsoft Graph APIs, and the Microsoft Graph PowerShell SDK. No Microsoft 365 tenant administrator should be without a copy of Office 365 for IT Pros!
Teams Chat Gets the Shared Tab
The old Files tab in Teams chat is being replaced by the Shared tab. The new tab exposes both files and hyperlinks and Microsoft says that the Shared tab will support more types of objects in the future. No dates are given for the future enhancements, but the new Shared tab will roll out for Teams chat users in early July 2024. I like the new tab because I tend to share many hyperlinks in chats.
Teams to Block Federated Communications with Trial Tenants
Microsoft is moving to block federated communications with trial Microsoft 365 tenants to cut off a potential exploitation route for attackers. The new block goes into force on July 29, 2024, and is controlled by the ExternalAccessWithTrialTenants setting in the tenant federation configuration policy. We’ve been saying for years that tenants should clamp down on federated chat. It seems that Microsoft now agrees.
The Curiously Unfinished Outlook Settings API
The Outlook settings API is a unfinished Graph API that can read and update some but not all mailbox settings. It's a pity that the API is incomplete because it would be nice to have a comprehensive API that supported every mailbox setting, including some of the more recently introduced tweaks seen in OWA. The current state of the Outlook settings API is usable but not for much, but at least it can update auto-reply settings.
Adding Details of Authentication Methods to the Tenant Passwords and MFA Report
V1.2 of the User Passwords and MFA report includes the names of authentication methods registered for user accounts. V1.3 expands the amount of detail reported for each method, such as the phone number used for SMS challenges, or the email address used for SSPR. It’s a small but important detail that’s useful to administrators. However, it also comes with a potential privacy issue, so the script must handle that too.
Outlook (Win32) Becomes Outlook (Classic)
Microsoft has announced the formal renaming of the Win32 version of Outlook to be Outlook (classic). It's preparing for the general availability of the new Outlook for Windows, expected very soon into the new Microsoft fiscal year starting on July 1, 2024. The change doesn’t affect the status of Outlook (classic) or the commitment to support the client until at least 2029.
Planner User Policy Stops Task and Plan Deletions
The Set-PlannerUserPolicy cmdlet allows Microsoft 365 tenant administrators stop users deleting tasks created by other users. However, an undocumented consequence of setting the policy for user accounts is that it stops those accounts removing plans too. The unexpected block imposed by Set-PlannerUserPolicy caused me problems when attempting to delete a plan with PowerShell. It would be nice if the modules created by Microsoft worked as expected (and as documented).
Version 1.9 of the Microsoft 365 Licensing Report
The Microsoft 365 Licensing Report is a popular PowerShell script that's just been updated to V1.9 with a bunch of changes to highlight different aspects such as license costs for disabled user accounts and inactive user accounts. Copious use of some very dubious color choices makes the HTML report created by the script look very nice (if you're color blind) and the new version can generate an Excel worksheet.
Microsoft Urges Consumer and Enterprise Users to Move to Newer Outlook Versions
Microsoft wants users to upgrade from legacy Outlook clients. The biggest impact for Microsoft 365 tenants might be the loss of OWA light, but consumer users are in for the same kind of change that enterprise users experienced when Microsoft blocked basic authentication for Exchange Online. The announcement wasn't very clear about what's happening, so we're happy to clarify matters.
Working with Calendar Permissions using the Microsoft Graph PowerShell SDK
The Set-MailboxFolderPermission cmdlet is usually used to set calendar permissions, including the permission for the default user to allow everyone in an organization to see each other’s calendars. But you can use cmdlets from the Microsoft Graph PowerShell SDK too. The Graph SDK cmdlets are faster, but not enough to warrant replacing the Exchange cmdlet in scripts. We explain why here.
Using PowerShell to Post Channel Messages with Teams Workflows
The incoming webhook connector is a popular method to post information to Teams channels, but Microsoft seems set on retiring the Office connectors. The Teams post to channel workflow when a webhook request is received seems like is a possible replacement, but it's not just a matter of switching mechanisms. Some PowerShell magic is needed to create a suitable adaptive card to post to the channel, which is exactly what we explain how to do here.
Per-User MFA State Added to Tenant Passwords and MFA Report
A Microsoft Graph update makes per-user MFA state available for user accounts. Being able to access the data means that we can include it in the User Passwords and Authentication report. You can now see if accounts are disabled, enabled, or enforced for per-user MFA along with all the other information captured about passwqrd changes, MFA authentication methods, and so on.
Blocking Download Access to Teams Channel Meeting Recordings
Our review of the Videos chapter for the Office 365 for IT Pros eBook found a Teams meeting policy setting we hadn't documented to block downloads for channel meeting recordings. Naturally, this was a disaster, so we spent some time investigating what the policy setting does and if it's useful in practice. It works, but do you want to block downloads of channel meeting recordings?
To Splat or Not to Splat, That’s the Question
Splatting is an optional PowerShell technique designed to make it easier to pass parameter values for cmdlets. It’s a personal choice whether to use splatting instead of passing values to individual parameters in the command line. Although the Microsoft Graph PowerShell SDK can be a little strange at times, you can use splatting with SDK cmdlets, even with some pretty complex parameters such as those used to filter objects.
The End for Office 365 Connectors Comes Into Sight
Office 365 Connectors bring data from external sources into Microsoft 365 apps like Teams and Outlook. Workflows and Power Automate are replacing Connectors for Microsoft 365 Groups (Outlook groups) and SharePoint Online. Connectors are still available in Teams but for how long? No one knows, but it does seem like Microsoft is rationalizing no-code automation around Power Automate.
Understanding SharePoint Online Storage
Understanding SharePoint Online storage used to be easy. Then applications like Loop arrived. Other influences like retention and archive can affect storage too. It's a complicated situation before you throw OneDrive for Business into the mix and consider that Microsoft has removed unlimited OneDrive storage while an increasing number of apps store files in OneDrive. It's a complicated situation.
Interpreting Audit Records for Teams Meeting Recordings (Again)
Three years ago, I wrote a script to analyze the audit records generated for Teams meeting recordings. Then things changed in terms of how the audit records were generated and how the Search-UnifiedAuditLog cmdlet returns audit search results. All of which meant that considerable work was needed to revamp (rewrite) the script. Maybe you need to check any script that uses the Search-UnifiedAuditLog cmdlet too?
Report Delegated Permission Assignments for Users and Apps
This article describes how to use the Microsoft Graph PowerShell SDK to report delegated permission assignments to user accounts and apps. Like in other parts of Microsoft 365, the tendency exists to accrue delegated permissions for both user accounts and apps over time. There's nothing wrong with having delegated permissions in place, if they are appropriate and needed - and that's why we report their existence.
Choosing Between Graph API Requests or Graph SDK Cmdlets
Deciding whether to use Microsoft Graph PowerShell SDK cmdlets or Graph API requests is sometimes not easy. Some say that it's best to use Graph API requests everywhere and avoid the complication of possibly buggy Graph PowerShell SDK cmdlets. My approach is different. I start with Graph PowerShell SDK cmdlets and only resort to Graph API requests when absolutely necessary. It works for me!
Teams Custom Emojis Arrive in June 2024
The latest technology initiative from Microsoft comes in the form of Teams custom emojis, designed to bring light and happiness to Microsoft 365 tenants. Of course, the light and happiness will only happen if tenants don't disable the settings in Teams messaging policies that allow users to upload custom emojis. A tenant can support up to 5,000 Teams custom emojis. That's a lot of room for people to get inventive.
Notify When Available Comes to Teams 2.1
Without any fuss or bother, Microsoft announced that the Teams 2.1 client has regained the Notify When Available feature. This functionality allows users to subscribe to the presence status for someone else to receive notifications when that person's presence status changes to Available. It's a very useful and worthwhile feature to have that goes back to Skype. It's good to have it back!
Office 365 for IT Pros June 2024 Update
The June 2024 update for the Office 365 for IT Pros 2024 edition ebook is available for download. We're also announcing the availability of the 2025 edition on 1 July 2024. Office 365 for IT Pros 2025 edition drops the companion volume and introduces a new book dedicated to Automating Microsoft 365 with PowerShell. Anyone who subscribes to the 2024 edition in June 2024 will receive a free update to the 2025 edition when it is published.
Better Copilot Audit Records and Copilot Chat Appears in Classic Outlook
Copilot audit records generated for the Microsoft 365 audit log capture details of the resources (files, emails, and documents) used by Copilot in its answers. This doesn't sound very exciting, but it is important for forensic investigators who need to understand what information is consumed to generate AI answers. In another development, the Copilot for Microsoft 365 chat app is now available in Outlook classic.
Teams Meeting Audit Events Available to Purview Audit Standard Customers
Microsoft is deploying additional audit events to tenants with Purview Audit (Standard) licenses. Among the 15 Teams events in the set are Teams meeting audit events to capture details of meetings and participants. Unhappily, some of the data that you'd like to have for meetings, like the subject, are missing. And meeting participant information is available for some classes of user but not for others.
Teams Adjusts the Activity Feed
The Teams Activity feed received two recent major changes. First, calendar notifications now show up in the feed. Second, the set of filters that were available are reduced to just two (mentions and unread). Reducing the filters is part of Microsoft’s effort to streamline the Teams 2.1 client and remove unnecessary screen elements. I guess it’s OK, and you can disable the calendar notifications to stop that annoyance.
Reporting Mailbox Audit Configurations
A request came in for a PowerShell script to report mailbox audit configurations to check that the important new events are being generated by mailboxes. After diverting into the hellhole of Microsoft licensing, normal sanity was resumed and a PowerShell script written to do the job. The script generates a CSV file or Excel worksheet for tenant administrators to review. After that, it's up to you.
Teams Changes Location for Meeting Transcripts
Microsoft is changing the storage location for Teams Meeting Transcripts from Exchange Online to OneDrive for Business. The change is designed to standardize storage of meeting recordings and transcripts in OneDrive for Business. The change makes sense seeing that Stream has completed its migration to SharePoint and OneDrive. In other news, because transcripts are now so important for other features, a bunch of new controls are coming to allow organizations to limit access to this data.
Stream Development Presses Ahead After Migration Finishes
The Stream browser client has received some nice new features including the ability to trim videos in a very efficient manner and to add callouts to videos to appear between specific timecodes. And there’s Copilot for Stream, which is available if you have Copilot for Microsoft 365. The extra functionality demonstrates that Microsoft continues to invest in the development of the Stream client, which is nice.
Microsoft Finally Delivers Promised Audit Events to Purview Audit Standard Tenants
A May 20 post contains the welcome news that the new audit events promised for Purview Audit standard customers should be available in June 2024. Some of these events are for Exchange Online, like the famous MailItemsAccessed event. Others are for Teams and SharePoint Online. In the case of Exchange, tenant administrators might have to do some work to validate that mailbox audit configurations are correct.
Organizers of Teams Recurring Meetings Can Create Loop Workspaces for Shared Content
A new feature for Teams recurring meetings allows meeting organizers to create Loop workspaces to hold content shared within the meetings. It's an example of close integration between different parts of the Microsoft 365 ecosystem to add value for customers. That's great, providing you have the correct licenses to allow meeting organizers to create Loop workspaces and don't need to support guest access (coming soon).
Big Change Coming in Authentication for Outlook Add-ins
On April 9, 2024, Microsoft announced a big change in authentication for Outlook add-ins. It's likely that people don't realize the kind of change that's coming. The change removes legacy Exchange authentication methods and replaces them with Nested App Authentication (NAA). Time is running short for developers to upgrade and test their code and Microsoft 365 tenants to get ready for the changeover.
European Union Lines up Anti-Trust Charges Against Microsoft Over Teams
The Financial Times reported that the EU is lining up new charges against Microsoft for Teams anti-competitive behavior. Given that Microsoft has already unbundled Teams from Office 365 products, it's hard to know what remedy the EU will seek. If it's a fine, then Microsoft could be charged up to 10% of their worldwide revenues. That's unlikely, but the issue highlights how hard it is to compete against an integrated solution.
Microsoft Causes Fuss Around Azure MFA Announcement
On May 14, Microsoft announced that they will require Azure MFA for connections to services starting in July 2024. No details about the implementation are available, so it's difficult to measure the likely impact on Microsoft 365 tenants. Given that very few people access services like the Azure portal, it's probable that the impact will not be large, but it would be nice to hear more precise details from Microsoft.
Teams Adds Slash Commands to the Message Compose Box
Teams has added the ability to use slash commands (shortcuts) to the message compose box. Although the feature seems useful, I wonder about its potential usage. The fact is that people are pretty accustomed to how they compose message text and other options are available to add Loop or code blocks or set their online status, so why would they use the slash commands in the message compose box?
SharePoint Online Deletion of Non-Empty Folders
A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have always worked. Even so, it's good to have this capability because it helps site users clean out old and obsolete information, something that's becoming increasingly important in the AI era for Microsoft 365.
The Extremely Useful Meeting Follow Response
The Follow response is a new option for people invited to a meeting to indicate that they can't attend but are interested in what happens. Replying with a Follow response means that the user gains access to the meeting artifacts (like the chat and recap). It also means that the allotted time is not blocked in their calendar. The feature will be most valuable to people who have heavily-used calendars.
Block Device Code Authentication Requests with Conditional Access
This article describes the process of blocking device code authentication requests against Entra ID with a preview feature for conditional access policies. It's a good idea to tighten tenant security by removing device code authentication unless a clearly-defined need exists for apps to authenticate using this method. I suspect that most tenants will find that they can happily do without device code authentication.
Team and Channel Creation Simplified in New Design
Team channel collaboration might be a better choice than always creating a new team to host discussions about a topic, especially if channels grow in features. Now that a single team can support a mix of up to 1,000 regular, shared, and private channels, all of which can be archived, is it a good option to continue to create new teams? The answer is probably not, especially if Microsoft continues on a path to develop channel capabilities.
Update Entra ID User Role Permissions to Secure Your Tenant
The user authorization policy defines user role permissions, or actions that non-admin users can take within an Entra ID tenant. The default settings are silly. I can't think of good reasons to allow non-admin users to create new registered apps, tenants, or security groups. Why default settings allow these actions is a mystery, and it could be they're just outdated.
Microsoft Launches Support for Entra ID External Authentication Methods
In a May 2 announcement, Microsoft said that they have signed up 9 ISVs to add support for Entra ID authentication methods. The third-party methods work the same way as native Entra ID authentication (like the Authenticator app), meaning that verified connections can be used by other Entra solutions like Privileged Identity Management.
Teams Adds Background Effects for Mobile Video Messages
The Teams iOS client can send one-minute Teams video messages (or clips) to chats or channels conversations. Now, the videos can use image or blur backgrounds. Nice as it is to be able to expose your artistic side in Teams messaging, the compliance problem with Teams video messages remains. If you allow users to send video messages, remember that they could use this route to get around compliance barriers.
More Microsoft Graph PowerShell SDK Problems
Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case, Microsoft changed cmdlet names. In another, it's an identity issue caused by incompatible assemblies. In both cases, questions have to be asked about the level of testing done by Microsoft before they release a new module. Bugs do happen, but testing should catch the obvious problems.
Microsoft Retires Stream Mobile App
On May 2, 2024, Microsoft announced the retirement of the Stream Mobile app on July 1, 2024. It's all to do with rationalization and focus, or so Microsoft says. In any case, the suggested replacements are the OneDrive and Microsoft 365 apps, both of which are capable of handling video uploads, management, and playback.
Removing Outlook Add-ins From Mailboxes with PowerShell
The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was asked how to disable the add-in for some mailboxes. Here's how to do the job using PowerShell to find a set of target mailboxes and then turn off Send to Teams for each mailbox.
Office 365 for IT Pros May 2024 Update Available
Another month, another update for the Office 365 for IT Pros eBook. In this case, it's monthly update #107 for Office 365 for IT Pros (2024 edition), now available for download by subscribers from Gumroad.com and Amazon.com. Like every month, update #107 contains a mixture of new features and revised knowledge, all essential information for Microsoft 365 tenant administrators to have.
Disabling Bits of Copilot for Microsoft 365
The Copilot for Microsoft 365 license has 8 service plans to govern feature availability. You can disable individual components, if you know what you're doing. One thing that's not possible is to disable Copilot for individual Office apps. A single service plan covers all the "productivity apps," so they're either all on or all off.
Teams Classic Client Slipping Away
The Teams classic client has been replaced by the Teams 2.1 client. Microsoft will block access to the Teams classic client for people running the app on unsupported platforms in October 2024. The final block swings into place for everyone on July 1 2025. The migration to the new client appears to be going well, so I'm not sure if many will miss the old client.
Microsoft Cloud Exceeds 50% of Microsoft Total Revenues
The Microsoft FY24 Q3 results didn't contain any new user numbers for Office 365 or Teams. However, we did learn that Copilot and Azure are popular words in the Microsoft lexicon. As usual, statistics were introduced without context, but investors won't really care too much as Microsoft continues to generate tons of revenue at a healthy margin, especially from its cloud business.
Teams Meet Now Feature Gets a Makeover for Group Chats
Teams group chats are getting a new Meet Now experience. Is that good news? Well, it's not an earthshattering change, but it is a nice change because it simplifies the way the Meet Now feature works. It's the kind of change that software vendors make to tidy up the loose ends in a product.
Sending Urgent Teams Chats with PowerShell
A reader asked if it is possible to script sending chat messages. In this article, we explore how to compose and send Teams urgent messages to a set of recipients using Microsoft Graph PowerShell SDK cmdlets. The conversation with each recipient is a one-to-one chat that Teams either creates from scratch or reuses (if a suitable one-on-one chat exists).
How to Remove a Single Service Plan from User Accounts with PowerShell
Some years ago, I wrote a script to demonstrate how to remove service plans with PowerShell. This article describes some upgrades to make the script even better by improving the code and leveraging complex Microsoft Graph queries against the license information stored for Entra ID user accounts. It's PowerShell, so feel free to change the script!
Disappointing Session Schedule for M365 Conference
The M365 Conference takes place in Orlando, FL from April 28 to May 2, 2024. I have two sessions, but my attempts to find sessions that cover all of Microsoft 365 failed because there's no coverage of Entra ID and Exchange Online. Instead, the Microsoft priorities like Copilot, Viva, and SharePoint take front and center stage. I think that's a pity, but maybe the reason is because speakers don't submit sessions covering Entra ID and Exchange Online topics?
Removing Licenses from Entra ID Accounts When a Replacement License Exists
License management is a core competence for Microsoft 365 tenant administrators. This article explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It's the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
Microsoft Graph Activity Logs Hit General Availability
April 11 saw the general availability of Microsoft Graph activity logs, a new set of data recording details of Graph API HTTP requests made in a tenant. The logs are intended to help security analysts understand actions taken by apps in a tenant such as data access or configuration updates. Before working with Graph activity logs, security analysts will need to understand Graph API requests and the context they’re made.
How to Create a Password Expiration Report
Although the trend is toward password authentication, many Microsoft 365 tenants still use passwords and some force users to change passwords regularly. This article explains how to create a password expiration report with PowerShell. The script caters for where a tenant password expiration policy is set for passwords to never expire. If anything else, it's yet another example of how to extract information using PowerShell.
Exchange Online Moves to Tighten Platform Security
Exchange Online announced two important changes on April 15. SMTP AUTH is being depreciated and a new external recipient rate limit is being introduced. The changes are intended to improve the security of Exchange Online. The introduction of an external recipient rate limit is also intended to reduce the ability of spammers to abuse the platform.
Maester: Microsoft Security Test Automation Framework
The Maester tool is a community initiative to create a tool to help tenant administrators improve the security of their Entra ID tenants. It’s still in its early stages, but even so Maester shows signs that it will be a valuable asset for administrators who want to learn more about securing their tenant against possible external compromise.
Teams Adds Support for Customizable Group Chat Pictures
Microsoft Teams now boasts the ability to add customizable group chat pictures to what might be otherwise a set of chats with not-very-good generated pictures. The idea is to make it easier for people to find the right group chat in their chat list, Of course, it might be difficult to find just the right picture to use, but Microsoft has selected 36 illustrations and there's over 1,800 emojis to choose from.
Security and Privacy Concerns Continue Swirling Around the new Outlook for Windows
Monarch client security became an issue last year when a German website reported some issues. It turns out that the reported problems are mostly hyperbole, but that hasn't stopped them persisting, especially when email client competitors like Proton weigh in. It's regrettable that much of the commentary is based on an incomplete understanding of how Monarch works, but Microsoft doesn't help themselves by not explaining the facts.
Upgrade Classic Azure Administrator Roles by August 2024
A recent note from Microsoft advised that if your tenant uses classic Azure administrative role, you need to switch to Azure RBAC roles by 31 August 2024. This forced me to think about how many Azure services does my tenant consume. The number was surprising and it's grown over time, which is why Microsoft 365 tenant admins should pay attention to Azure.
Modifying the Teams Tenant Federation Configuration with PowerShell
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant federation configuration again to improve how a script works. Instead of taking all the domains guest accounts came from and adding them to the configuration, I created a function to check if the tenant uses Microsoft 365. If it does, we add the tenant to the allow list in the tenant federation configuration. If not, we ignore the domain.
How to Retrieve Loop Workspaces Data with PowerShell
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it only retrieved the first 200 workspaces. I hadn't realized that the Get-SPOContainer cmdlet supported an odd form of pagination to retrieve workspace data. In any case, I figured out how to page top find all available workspaces and updated the script. It's just another example of oddness in the SharePoint Online PowerShell module
Microsoft Toughens Premium Sensitivity Label License Requirements
According to Microsoft 365 notification MC736438, Microsoft is getting tougher at enforcing the rules for Purview information protection licenses. In a nutshell, if administrators and end users don't have premium licenses, features like automatic labeling policies or default sensitivity labels for document libraries won't work. Users can still apply sensitivity labels manually.
Microsoft Increases Number of Self-Purchase Product Licenses to 25
A new major version of the MsCommerce PowerShell module makes you hope that something good is included in the new code. In this case, it’s hard to know if the developers did anything but increase the major version number for the MsCommerce module. Not much has changed. The module is as bad as ever, but at least it can be used to disable self-purchases of all supported licenses, which is all that's really important.
Interpreting Audit Events for Copilot for Microsoft 365
The unified audit log includes Copilot for Microsoft 365 audit events captured when users interact with Copilot through apps. The information is very helpful in terms of understanding the usage of Copilot in different apps (apart from Outlook, which isn't captured). Some care needs to be taken to understand the data and interpret the audit events, but that's usual when dealing with Microsoft 365 audit data.
The New Manage Distribution Groups OWA Component Has a Problem with Role Assignments
Microsoft announced a new component for OWA distribution list management but clearly the engineers never took role assignment policy customizations into account. If they had, they wouldn't have created something that ignores the way organizations block end user ability to create new distribution lists. It's just a sad indication of Microsoft's attitude to one of the workhorses of Exchange.
Office 365 for IT Pros April 2024 Update
The April 2024 update for the Office 365 for IT Pros eBook is now available for subscribers to download from Gumroad.com or Amazon.com. Like every month, update #107 covers lots of new material to document the changing landscape of Microsoft 365. The author team would appreciate if subscribers download and use the updated version - there's no point in using old stuff to navigate an ecosystem that changes all the time.