Mastering Office 365 and Microsoft 365
Colored folder icons does not seem like a new feature that should appear in an email client that’s been around for a long time, but the new Outlook for Windows and OWA now both offer users the ability to choose different colors for folder icons. Apparently, this is an important step forward in the development of the new Outlook and might just be the killer feature to convince the curmudgeons who use Outlook classic to switch.
A change made in late 2024 allows Microsoft 365 tenants to use IOS build numbers in Exchange ActiveSync device access rules. Apparently, the idea is that tenants can insist that people use iOS devices with very specific build numbers (like iOS 18.3.1 22D72) before the devices can synchronize with Exchange Online mailboxes. You never know when you might need the feature (or so they say).
Outlook Newsletters is an app for the new Outlook and OWA that allows users to create and send good-looking newsletters to internal recipients. It’s an easy-to-use app created using components drawn from across the Microsoft 365 software toolbox that will be of interest to anyone who needs to send internal newsletters on a regular basis.
The developers rushed out Version 2.26.1 of the Microsoft Graph PowerShell SDK to fix some obvious issues. Alas, problems persist in PowerShell SDK cmdlets, including licensing failures and an issue that prevents the Connect-MgGraph cmdlet from being able to obtain an access token from Entra ID. My advice is to stay with V2.25 until Microsoft resolves the problems and generates a new stable version of the SDK.
The Office 365 for IT Pros writing team is thrilled to announce that monthly update #117 for March 2025 is now available for subscribers to download from Gumroad.com. The March release also includes an update (#9) for the Automating Microsoft 365 with PowerShell book. In a world where change happens all the time, it’s nice (but a lot of work) to keep pace with developments.
There’s no doubt that SharePoint Online sites and OneDrive for Business accounts hold lots of old files. A new On Demand Classification PAYG service aims to find and classify that data and apply sensitivity and retention labels based on policy settings. It’s a good idea for tenants that has these kinds of cold files hanging around gathering dust without anyone knowing if any of the files hold confidential information.
SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft Search, DLP, eDiscovery, and content searches, but only for files processed by Microsoft Search. Processing happens automatically when new files are created or existing files are edited, so making all UDP-protected files searchable will take some time. Indexing doesn’t make UDP-protected files available to Copilot.
Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage higher use of Microsoft 365 Archive to store old but wanted material in a safe location while removing it from the view of apps like Microsoft 365 Copilot. The reduction in fees does not apply to archived OneDrive for Business accounts.
A bunch of problems with V2.26 of the Microsoft Graph PowerShell SDK V2.26 make the software unusable. Not only did Microsoft do a horrible job of testing the new release before making it available to customers, but they also failed to communicate the level of change in the new SDK and how it could impact Azure Automation runbooks.
Free downloads of Office 365 for IT Pros, normally in PDF format, are available from sites around the internet. All are illegal and outdated copies. Some go back as far as the fifth edition (2018). Downloading and sharing illegal copies is a violation of our copyright, and we protest these actions by notifying the sites that they’re hosting illegal content. Most sites take down the PDFs quickly, but chasing this kind of stuff is still painful.
Exchange Web Services (EWS) will retire in October 2026. Tenants that still need to use EWS must explicitly set EWSEnabled to true in the organization configuration. If they don’t, the previous rule that allows mailboxes enabled for EWS to function won’t work. The change is part of the preparation for the phase-out of EWS. To help, we’ve written a script to send email to administrators listing accounts still enabled for EWS.
Some people get great results from AI tools like Microsoft 365 Copilot. Others struggle to make Copilot useful. As an article by a Microsoft product manager points out, the reason might be the way we use Copilot. If you don’t give Copilot the right data to work with and don’t ask the right questions through well-structured prompts, there’s no prospect of good answers.
Many examples are available online to explain how to add a single attachment to messages using the Microsoft Graph PowerShell SDK. Here we look at the principles behind how to add attachments (one or many) to messages before sending them with the Send-MgUserMail cmdlet. Get the principles right and you’ll never go wrong!
The Automating Microsoft 365 with PowerShell eBook is now at update #9. The latest update spans 300 pages of content covering how to use PowerShell with the Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive for Business, Teams, Planner, and Entra ID. There’s no other book that includes so many worked-out examples of how to get things done with PowerShell and Microsoft 365.
Microsoft has announced the removal of events alerts from the Purview Audit solution. Fortunately, the decision doesn’t affect activity alerts. Audit-based activity alerts are a way for tenants to mark events that they want to be notified about through email when these events appear in the unified audit log. Although they remain available, better ways exist to monitor critical audit events. The only problem is deciding which approach to take.
The Microsoft Graph PowerShell SDK offers developers easy access to data across the Microsoft 365 ecosystem and that’s good. However, there’s a problem with Graph SDK plain text passwords that must be fixed. In today’s threat climate, passwords should be passed as secure strings. It’s a small but important step to improve overall security.
SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they’re properly indexed to become searchable. This article explores how even non-SharePoint administrators can create, index, and search custom columns. The key thing is to take your time. SharePoint cannot be rushed!
A new preview option in the Entra admin center supports the ability to update multiple Entra ID accounts. You can update properties, add managers and sponsors, update group membership, revoke account access, and so on. The only surprising thing about the new option is that it’s taken Microsoft so long to add it to the admin center.
An article about the horrible devastation that an attacker can wreak inside a compromised Microsoft 365 tenant highlighted how protected actions can help by preventing attackers from being able to permanently remove user accounts unless they can pass additional authentication tests. Protected actions won’t stop attackers that have complete control over a tenant, but it might irritate them!
In this primer, we cover how to create and execute Azure Automation Exchange Online runbooks (scripts) using cmdlets from the Exchange Online management module. Some setup is necessary before runbooks can process Exchange cmdlets, but once the necessary resources and permissions are in place, it’s all plain sailing. The next challenge is how to output data created in a runbook…
The Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Maester usually tests tenant settings to find and highlight misconfigurations or potential issues. Some new custom tests look for missing user account properties, which is great except for the problem of finding the right accounts to check. All discussed here.
A new people administrator role is available in Entra ID. The new role allows holders to manage settings associated with people, like pronouns and custom properties for the Microsoft 365 user profile card. The people administrator role is a less privileged way to assign responsibilities for people actions and removes the need to assign more privileged roles like User administrator. Time for a role review!
Entra ID retains audit log records for service principal signins for 30 days. The audit data can reveal some interesting insights such as the presence of unexpected service principals or access to an application from an external source, or even the use of an app secret by an application instead of a more secure method. It’s time to write some PowerShell to interpret the data.
A set of new granular Graph permissions for User account management is now available to handle common operations like changing account passwords or updating phone numbers. There’s no need to update existing code unless you want to use the principle of lease privilege, in which case you’ll replace the current permissions with the new permissions. My feeling is that relatively few will go update code, but I could be surprised.
Monthly update #116 (February 2025) is available for the Office 365 for IT Pros eBook. The refresh includes update #8 new files for the Automating Microsoft 365 with PowerShell eBook. We’ve also updated the print (paperback) version that’s sold on an on-demand basis through Amazon.com. Things keep on changing inside Microsoft 365 with agent management a new challenge that’s coming into view.
Microsoft reannounced the Teams policy to suppress certain categories of in-product advertising messages but has done nothing to control Teams pop-up messages that irritate users. The volume of pop-up messages appears to have increased, or maybe it’s my frustration level that’s rising. A simple setting to turn informational pop-up messages would be appreciated.
Microsoft’s FY25 Q2 results featured bumper Microsoft Cloud revenues, which broke the $40 billion mark for the first time. Although they wanted to talk a lot about Copilot and AI in general, Microsoft didn’t give any new user numbers for Microsoft 365 or Teams.
This article covers how to use HVE with Azure Automation to send email. HVE is Exchange Online’s High Volume Email solution for internal communications. In the discussion, we cover how to retrieve credentials from Azure Key Vault, how to retrieve data from a web page, and how to bring everything together in a message submitted to HVE.
This article describes how to use Azure Automation for audit searches. The runbook runs an audit search to find events for specific operations, refines the set of events found by the search, and sends the information by email. Hopefully, someone will respond to the message and do the right thing to check the insight derived from the events.
Monthly update #8 is now available for the Automating Microsoft 365 with PowerShell ebook. Subscribers can download the updated files from Gumroad.com. The Office 365 for IT Pros eBook includes Automating Microsoft 365 with PowerShell. Both books are updated monthly. Mastering the Microsoft Graph is a major focus of the PowerShell book, which should be helpful to anyone trying to upgrade scripts from the old AzureAD and MSOL modules.
Entra ID allows unprivileged users to update the user principal name for their accounts via the admin center or PowerShell. It seems silly because no justification for allowing people to update such a fundamental property is evident. Perhaps Microsoft has some excellent logic for allowing such updates to occur, but blocking access seems like the right thing to do.
After creating a runbook to process Microsoft 365 data, registering the runbook with an automation schedule means that the runbook will execute on a reliable basis. This article discusses how to publish and register a runbook so that an automation schedule takes over the burden of running the job. In addition to describing the necessary steps in the Azure portal, we also give you the PowerShell commands.
The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint Online list. Once in the lists, items can be processed using Power Automate, Power Apps, or Power BI or exported to Excel. It’s a great way of capturing information generated by background jobs.
A reader asked why it seems so difficult to use Azure Automation runbooks to process Microsoft 365 data. In fact, it’s not so hard, and here’s a primer to help you understand how to create the necessary Azure Automation environment to develop and execute runbooks. Once modules and permissions are in place, everything falls into place.
Deleting an Entra ID user account can result in ownerless groups if the account being removed is the only group owner. Before deleting accounts, it’s a good idea to proactively replace group owners. This article explains how to replace group owners in the fastest and most scalable manner using the Microsoft Graph PowerShell SDK.
The Microsoft 365 user profile card offers users the chance to record and playback name pronunciations, if tenant settings allow. The new setting is controlled by a Graph API and turns name pronunciation recording and playback on or off for the entire tenant. Microsoft says that helping people pronounce other peoples’ names properly is a good thing. It will be interesting to see how many use this feature.
The Microsoft 365 Copilot Chat app is the free to use chat app available to commercial Microsoft 365 customers. The free chat app now supports Copilot agents, including agents that are grounded against Graph data (on a pay-as-you-go metered basis). The free chat app is highly functional, and Microsoft hopes that it will convince customers to buy the full-fledged Copilot.
After many twists and turns since August 2021, the MSOnline module retirement will happen in April 2025. The AzureAD module will then retire in the 3rd quarter. It’s way past time to upgrade PowerShell scripts. The question is whether to use the Entra module or the Microsoft Graph PowerShell SDK. I know which option is best and say why in this article.
Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Microsoft Graph PowerShell SDK based on the API. The net result is that the API appears to work well but some problems are evident in the cmdlets. Or maybe it’s just my lack of knowledge!
In January 2025, Teams will support the ability to post video clips to channel conversations in posts and replies. The feature is similar to that released for Teams chat in September 2022. It’s also similar to the ability to include a video clip in Outlook messages. Given the popularity of video clips in other apps, it’s likely that this feature will be popular with users.