The Return of the General Channel

The return of the general channel

Last year, Microsoft removed the need to have a General channel in a team. Now the General channel is making a comeback, and you can choose to have one in a team. If you choose to have a General channel, it appears at the top of the channel list. If not, Teams sorts the channel list alphabetically. In other news, code snippets are being replaced by code blocks and the end of classic Teams is nigh.

May 2025 Update for the Office 365 for IT Pros eBook

Office 365 for IT Pros May 2025 Update

Subscribers for Office 365 for IT Pros (2025 edition) eBook can download the May 2025 updates (#119) now. Update #11.3 for the PowerShell book is also downloadable. Another month brings a new batch of changes, updates, and new information. The Microsoft 365 conference happens this month, and Microsoft might disclose some interesting nuggets there, but only about SharePoint, OneDrive, or Teams. Oh well… on to June.

Microsoft Introduces Control for Direct Send in Exchange Online

Reject Send for Direct Send in Exchange Online

The Direct Send feature allows apps and devices to send unauthenticated email via Exchange Online to internal receipts. Microsoft doesn’t want unauthenticated connections to send email because these connections could be hijacked by spammers. Enter the Reject Send feature to block Direct Send. Reject Send is in preview now but Microsoft wants it to be the default setting in the future.

How to Find Active EWS-Based Apps in a Microsoft 365 Tenant

Exchange Web Services usage report

Microsoft will retire Exchange Web Services (EWS) from Exchange Online on October 1, 2026. A new usage report helps tenants understand what apps use EWS. Many of the apps are likely to be first-party (Microsoft) apps, but some might be third-party apps developed externally or internally. Those apps need to be retired or upgraded to use Graph APIs. Time is slipping away to do the work.

Automating Microsoft 365 with PowerShell Update #11

Automating Microsoft 365 with PowerShell Update #11

Update #11 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download. The eBook is now over 300 pages long and includes extensive coverage of using PowerShell to interact with Exchange Online, Teams, Planner, SharePoint Online, and OneDrive for Business data using workload modules or the Graph APIs (and Microsoft Graph PowerShell SDK).

Copilot’s Solution to Fix Grammar and Spellings

Fix Grammar and Spelling Errors

Microsoft 365 Copilot will soon introduce a feature to fix spelling and grammar errors with one click. At least, that’s the promise when Microsoft delivers the new feature in late April 2025. It seems like a good idea to do everything with a single pass to generate error-free text that the user can accept or reject. Quite how well this works in practice remains to be seen.

Replacing Litigation Holds with an eDiscovery Case

Litigation Holds and eDiscovery

Litigation holds were great when introduced with Exchange 2010. Fifteen years on, better methods exist to preserve user information, like eDiscovery holds. It might seem unnatural to move from litigation holds to eDiscovery cases, but this approach allows the preservation of both mailbox and OneDrive content for as long as necessary. Retention policies can serve the same purpose, so choice exists for modern preservation.

Microsoft Retires Exchange Server OWA Access to Online Archives

Online archives and Exchange Server OWA

Microsoft’s April 17 announcement that OWA in Exchange Server will not support access to online archives after May 12, 2025, surprised quite a few people. However, the decision is entirely logical and is driven by falling mailbox numbers on-premises and the need to match engineering and support costs with revenue. Outlook classic continues to support access to online archives. Maybe Outlook will be the Exchange on-premises client for the future.

Exchange Online Moves Closer to Dumping EWS

dedicated exchange hybrid app

Microsoft is introducing a Dedicated Exchange Hybrid App to facilitate the transition away from EWS to use Graph API requests for rich hybrid coexistence (free/busy, Mail Tips, and user photos). The plan involves the creation of an Entra ID app to hold EWS permissions (stage 1) followed by Graph permissions (stage 2). Everything has to be complete by October 1, 2026, because that’s when EWS goes away.

An Account Blocked by MACE Credential Revocation is A Good Way to Start a Saturday Morning

Leaked credentials and risky accounts

The last thing you want on a Saturday morning is to find that Entra ID has blocked your account because of leaked credentials. Even though the account is protected by MFA, it’s still important to remediate the event by changing its password. A check against some beta sign-in metrics shows that no one has tried to use the leaked credentials, so that’s good.

How to Report the Sponsors of Entra ID Guest Accounts

Guest accounts and sponsors

Entra ID populates the sponsor property for new guest accounts with details of the person who invites the guest to the tenant. It’s data that can be used for different purposes, such as having someone to justify the continued presence of a guest account in a Microsoft 365 tenant. This article explains how to report guest accounts and their sponsors with some straightforward PowerShell.

Important Purview eDiscovery Changes Take Effect in May 2025

Purview eDIscovery changes in May 2025

Microsoft is making some important changes to Purview eDiscovery from May 26, 2025. The changes affect how content searches work and are likely to affect many Microsoft 365 tenants. Administrators and eDiscovery investigators will both have to master new ways of working with eDiscovery cases, searching for information, reviewing search results, and exporting what’s found. Changes to PowerShell cmdlets might affect scripts, so there’s lots to consider.

Licensing Auto-Label Policies for Sensitivity Labels

Microsoft Purview makes it easy to apply sensitivity labels to Office documents and PDF files with auto-label policies. Licenses are needed for auto-label policies, but at what cost? We look at the various licenses available to cover the functionality and consider if a DIY approach using the Graph API to apply labels would be cost effective.

Entra ID to Disable Service Principal-Less Authentication

Service principal-less authentication

Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn’t exist today but might in the future. The strange thing is that many Microsoft 365 applications seem to use service principal-less authentication. Microsoft will take care of first-party apps before March 2026, but there’s work to do for apps from other vendors.

Microsoft Attempts to Fix Microsoft Graph PowerShell SDK Problem with Azure Automation

Buggy Microsoft Graph PowerShell SDK

V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version to make it possible for the SDK to work with Azure Automation runbooks again and address many of the obvious problems that should never have appeared outside Microsoft. It will take time for customer confidence to be restored.

Are Microsoft E5 Licensing Add-Ons a Good Deal?

Microsoft E5 Security for Microsoft 365 Business Premium

The Microsoft E5 Security add-on is available for Microsoft 365 Business Premium (and other) tenants. The add-on looks like a bargain because the bundle offers significant value over individual licenses, but is it really? Like everything in life, unless you can use something, there’s no point in having it. In this case, have a plan to use E5 Security to deliver measurable results before you hand over any more license revenue to Microsoft.

Reporting the Creation of SharePoint Agents

Sharepoint agents and audit records

Any site member can create a SharePoint agent. There’s no out-of-the-box method to report the creation of agents, but agents are created like any other file, and SharePoint Online captures audit records for file creations. Some PowerShell retrieves the file creation events and extracts the necessary information about who is creating agents and what sites the agents are created in.

Use Auto-Label Policies to Protect Old Files from Copilot

Trainable classifiers and auto-label policies

Often Microsoft 365 tenants have large numbers of old but confidential documents that they need to protect and stop Microsoft 365 Copilot finding. Auto-label policies and trainable classifiers can apply sensitivity labels to protect Office files from Microsoft 365 Copilot using the DLP policy for Copilot. It’s a great example of combiining Microsoft 365 features to achieve a goal.

How to Report Who Shared What File From SharePoint Online Sites

Report file sharing events

File sharing is at the heart of SharePoint Online. Being able to report file sharing events by analyzing the audit log is a good skill for Microsoft 365 tenant administrators to have. It allows administrators to know who shared what with whom and if the information being shared is protected adequately with sensitivity labels. But reporting file sharing is not just a matter of retrieving audit events. Work is necessary to refine and extract the goodness from the data.

Microsoft Defender for Office 365 Exposes Bad Links in Email Preview

Email Preview for Microsoft Defender for Office 365

Microsoft Defender for Office 365 includes many tools to help investigators manage threat. The Email Preview tool shows the layout and appearance of the messages with which attackers try to fool recipients. It’s a valuable way of understanding how threat penetrates. But a recent change makes bad links in the email preview clickable, and that doesn’t seem like a good idea.

Bringing Artificial Intelligence to Entra ID Conditional Access

Conditional access optimization agent

The Conditional Access Optimization Agent is one of 6 Security Copilot agents unveiled by Microsoft on March 24, 2025. The idea is that the agent can optimize CA policies by observing the connectivity behavior within a tenant. The agent can suggest how to fill gaps in CA coverage, detect new users and apps, and generally be helpful. Is it worth it? Experience will tell…

Transferring Meeting Ownership From an Ex-Employee Can Be Hard Work

Transfer meeting ownership

Neither Outlook nor Teams includes a transfer meeting ownership feature for user calendars. Moving meetings owned by an ex-employee to give someone else the ownership requires manual intervention to find and reschedule meetings. Administrators can cancel future meetings for a user. In this article, we explore how to generate a report of meetings that might need to be rescheduled.

How SharePoint Online Restricted Content Discovery Works

Restricted Content Discovery (RCD) is a solution to prevent AI tools like Microsoft 365 Copilot and agents accessing files stored in specific sites. RCD works by setting a flag in the index to stop Copilot attempting to use files. RCD is available to all tenants with Microsoft 365 Copilot and it’s an excellent method to stop Copilot finding and reusing confidential or sensitive information.

Office 365 for IT Pros April 2025 Update

Office 365 for IT Pros Monthly Update #118

The April 2025 Update for the Office 365 for IT Pros eBook is now available for subscribers to download. This is monthly update #118 for Office 365 for IT Pros. The Automating Microsoft 365 with PowerShell eBook also receives an update to version #10. With sending messages to the wrong place in the news, we also consider whether the same problem can arise with Microsoft 365. It can, but mitigation exists.

How to Find Who Assigned Retention Labels to SharePoint Files

Retention label assignments

A reader asked if it’s possible to discover who made retention label assignments for SharePoint files. The Files Graph API can’t tell you who (or what policy) made retention label assignments, but it’s possible to find this information in the audit log and use that data to report the requested information. All with a few lines of PowerShell!

Duplicate Mail User Objects Created for Guest Accounts

EX1015484 duplicate mail users

The February 2025 EX1015484 incident explains why mail user objects with duplicate SMTP addresses are created for guest accounts. That’s a problem because Exchange Online can’t route messages to objects with duplicate email addresses. Fortunately, you can find out if any duplicates exist in your tenant with some PowerShell. Problems happen!

Artificial Intelligence, PowerShell, and Microsoft 365 Administration

artificial intelligence and powershell

Artificial Intelligence and PowerShell should be a good thing to help hard-pressed Microsoft 365 tenant administrators cope with common tasks. The early signs are there with Copilot in the Microsoft 365 admin center. However, the current state of the art depends on what’s gone before and can’t handle the kind of complex automation that tenants sometimes need, like generating a licensing report from Entra ID, product information, and license costs.

How to Stop Microsoft 365 Users Uploading SharePoint Online and OneDrive for Business Files to ChatGPT

Block ChatGPT access to OneDrive for Business files

Microsoft 365 users can connect their OneDrive for Business account to ChatGPT. This is not a great thing because it exposes the potential for sensitive corporate information to be exposed outside the organization. How can you block ChatGPT Access to OneDrive? The best way is to stop people from using the ChatGPT app. If that’s not possible, make sure to encrypt confidential files with sensitivity labels.

Why Teams Clients Prompt for Your Location

Teams clients and location privacy

Teams Windows and Mac desktop clients have started to prompt users about location privacy. Location data is used by several Teams features like the Call Quality Dashboard and emergency calling, so it’s good to allow access. These are Teams Phone features that you might not care about, but keeping an eye on location privacy is a good thing in case the data is used elsewhere.

Microsoft’s Attempts to Improve the Teams UI Are Not Always Successful

auto-hide inactive channels

Microsoft is tweaking the auto-hide inactive channels feature to make it less automatic and more user controllable (opt-in). It’s a good change for Teams to make. In other news, I’ve reverted to the old method of accessing chats and channel conversations because the new experience doesn’t work for me. Both situations prove how hard it is to make GUI changes to popular applications.

Copilot in Outlook Gets a Revamp

Copilot for Outlook and its Revamped UI

Microsoft has given the Copilot for Outlook UI a revamp to make the UI easier to use. The new UI is certainly better and reveals the option to rewrite as a poem. Not that sending poetic emails will make much difference to anyone, but the revamp proves once again that good design makes a difference. Overall, the new UI is a sign that Copilot is maturing after its hectic start.

Use Data Loss Prevention to Stop Microsoft 365 Copilot Chat from Processing Documents in Its Responses

DLP policy for Microsoft 365 Copilot

The DLP policy for Microsoft 365 Copilot blocks access to sensitive files by checking for the presence of a sensitivity label. If a predesignated label is found on a file, Copilot Chat is blocked from using the file content in its responses. The nicest thing is that the DLP policy prevents users knowing about sensitive information by searching its metadata.

Updating Email Addresses After Removing Domains

Remove domain from a Microsoft 365 tenant

Microsoft 365 makes it easy to remove domains. However, if you remove a domain and don’t adjust email proxy addresses, some fix-up might be needed to make sure that mail-enabled objects don’t have primary SMTP addresses or proxy addresses that use the removed domains. This article explains how to fix up mail-enabled objects with PowerShell to remove traces of any removed domains.

Facilitator Agent Brings AI-Powered Notetaking to Teams Chat

Facilitator agent AI Notes for Teams chat

The Facilitator agent can make sense of the messages posted to a Teams chat and summarize the discussion and extract to-do items and unanswered questions. It’s a very practical tool that allows chat participants to focus on the ebb and flow of a conversation instead of pausing to take notes. A Microsoft 365 Copilot license is required before you can use AI Notes in Teams chat.

Time to Remove the Old Report Message Add-Ins

Report button for Outlook

Microsoft says that the Report Button is now available for all Outlook clients and it’s time to remove the old Report Phishing and Report Message add-ins. A note in the documentation says that the old add-ins are unsafe, but Microsoft is probably more concerned about getting rid of COM-based add-ins. In any case, a single button to handle all aspects of reporting suspicious email seems like a good idea.

SharePoint Online PowerShell Module Gets Modern Authentication

SharePoint Online PowerShell Module Upgraded from IDCRL to OAuth

Microsoft has announced that the SharePoint Online PowerShell module will be upgraded from the very old and now obsolete IDCRL protocol to use modern (OAuth) authentication in versions released from March 28, 2025. The update to OAuth should not affect scripts, but it’s always wise to test in case your use of the module is an edge case that Microsoft doesn’t test.

Why Only Web-Based Outlook Clients Can Recall Encrypted Email

message recall for protected messages

The new message recall facility has been around since 2022. Even after Microsoft revamped the feature in 2023, it’s still only possible to recall protected messages with OWA and the new Outlook. As it turns out, the reason is that a premium license is needed and Outlook classic might need some new code to check for that license. In other news, Outlook mobile now supports message recall.

How to Send Outlook Newsletters with Email Communication Services

Outlook Newsletters and Azure ECS

Outlook Newsletters are intended for internal communications, at least for the preview. It’s possible to take the HTML for a newsletter and send it with Azure Email Communication Services (ECS), the PAYG service for bulk email. It sounds like a good way to use Outlook Newsletters to share information with customers and other external recipients. Some manual intervention makes everything works. It would be great if Microsoft tweaked Outlook to remove the rough edges.

Microsoft Imposes 1-Year Retention for Teams Meeting Attendance Reports

Teams Meeting Attendance Report Retention Policy

Microsoft has enabled a one-year retention policy for Teams meeting attendance reports. Tenants can’t opt out of the policy or set a different retention period. Microsoft says that the new policy exists to make sure that Teams complies with the Microsoft privacy policy. Another way of looking at the situation is that the new policy will simply remove some old data that no one ever looks at.

Exchange Online Restricts the Number of Dynamic Distribution Groups

Limit for dynamic distribution groups

Exchange Online is imposing a new tenant-wide limit of 3,000 Dynamic Distribution Groups. Few tenants might be affected, but the question might be asked why Microsoft is limiting DDGs at this point. Is it a cunning plan to prompt people to use dynamic Microsoft 365 groups instead? Or are some tenants abusing DDGs in weird and wonderful ways? Who knows, but the limit applies from early April 2025.