After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration will work. Users who lose access to content shared from SharePoint Online or OneDrive for Business will have to contact the original sharer to ask them to generate a new sharing link. Sounds like a recipe for confusion, which is what might happen.
An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve data. The article is an interesting read and reveals how Copilot can reveal data in password protected Excel worksheets. However, many of the issues raised can be controlled by applying available controls, and the biggest worry is lhow the account being used to run Copilot came to be compromised!
At Ignite 2024, Microsoft said that Copilot for Microsoft 365 tenants would benefit from SharePoint Advanced Management (SAM). What does that mean? Well, it doesn’t mean that Copilot tenants get SAM licenses, which is what many expect. It does mean that SAM checks for Copilot before it lets tenants use some, but not all, of its features. Read on…
Any site member can create a SharePoint agent. There’s no out-of-the-box method to report the creation of agents, but agents are created like any other file, and SharePoint Online captures audit records for file creations. Some PowerShell retrieves the file creation events and extracts the necessary information about who is creating agents and what sites the agents are created in.
File sharing is at the heart of SharePoint Online. Being able to report file sharing events by analyzing the audit log is a good skill for Microsoft 365 tenant administrators to have. It allows administrators to know who shared what with whom and if the information being shared is protected adequately with sensitivity labels. But reporting file sharing is not just a matter of retrieving audit events. Work is necessary to refine and extract the goodness from the data.
Restricted Content Discovery (RCD) is a solution to prevent AI tools like Microsoft 365 Copilot and agents accessing files stored in specific sites. RCD works by setting a flag in the index to stop Copilot attempting to use files. RCD is available to all tenants with Microsoft 365 Copilot and it’s an excellent method to stop Copilot finding and reusing confidential or sensitive information.
Microsoft has announced that the SharePoint Online PowerShell module will be upgraded from the very old and now obsolete IDCRL protocol to use modern (OAuth) authentication in versions released from March 28, 2025. The update to OAuth should not affect scripts, but it’s always wise to test in case your use of the module is an edge case that Microsoft doesn’t test.
There’s no doubt that SharePoint Online sites and OneDrive for Business accounts hold lots of old files. A new On Demand Classification PAYG service aims to find and classify that data and apply sensitivity and retention labels based on policy settings. It’s a good idea for tenants that has these kinds of cold files hanging around gathering dust without anyone knowing if any of the files hold confidential information.
SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft Search, DLP, eDiscovery, and content searches, but only for files processed by Microsoft Search. Processing happens automatically when new files are created or existing files are edited, so making all UDP-protected files searchable will take some time. Indexing doesn’t make UDP-protected files available to Copilot.
Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage higher use of Microsoft 365 Archive to store old but wanted material in a safe location while removing it from the view of apps like Microsoft 365 Copilot. The reduction in fees does not apply to archived OneDrive for Business accounts.
SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they’re properly indexed to become searchable. This article explores how even non-SharePoint administrators can create, index, and search custom columns. The key thing is to take your time. SharePoint cannot be rushed!
Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Microsoft Graph PowerShell SDK based on the API. The net result is that the API appears to work well but some problems are evident in the cmdlets. Or maybe it’s just my lack of knowledge!
An interesting article by Microsoft’s Mark Kashman lists his top five SharePoint features shipped in 2024. Four of the five features involve extra cost. Is the trend of Microsoft charging extra for most new features likely to continue in 2025? The need to generate additional revenues from the Microsoft 365 installed base probably means that this is the new normal.
SharePoint Online intelligent versioning uses algorithms to decide what file versions must be kept for file recoverability. Unwanted versions are discarded (trimmed). A notional 500 version limit applies when intelligent versioning is in force but if data lifecycle management (retention) is used, SharePoint cannot trim versions to keep within the 500 version threshold. Some change is needed to resolve the conflict.
The SharePoint Online Block Download Policy controls the ability to use features that rely on downloaded files (including temporary files), such as printing or editing with the Office desktop apps. It’s the kind of configuration that organizations might use for sites that hold very confidential files. Although the Set-SPOSite cmdlet can configure the policy for a site, it’s easier to use a container management label.
SharePoint generates document mismatch notifications when users create or update files with sensitivity labels that are higher than the site’s container label. Normally, everything works as planned, but if a tenant has a cloudy attachment auto-label retention policy, items can end up in site preservation hold libraries that generate document mismatches. The problem is that you can’t stop the mismatches!
The unified audit log is full of interesting information about who did what and when they did it. In this article, I describe how to use file operations audit events to find the last accessed date for documents in a SharePoint Online site. It’s data that isn’t available in the Microsoft Graph, but it is in the unified audit log.
Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention policies and labels can stop the removal of versions. This article explains what happens when SharePoint Online attempts to trim (remove) unwanted versions of files under the control of retention policies and labels.
The Delve browser app retires on December 16, 2024. It’s time to check if the change will affect how people interact with user profiles in Microsoft 365 tenants. A new “user profile experience” is due to arrive in November that should allow people to update details in their profile. Hopefully, the new experience will include photo updates, which have long been a problem area for Microsoft 365 apps.
Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November 2024. The cmdlet is replaced by the Revoke-MgUserSignInSession cmdlet, which works across Microsoft 365 rather than just SharePoint Online. All of this happened while the 2nd annual PowerShell Script-Off happened at TEC 2024 and competitors struggled with what to do to secure a user account for an ex-employee.
SharePoint Advanced Management (SAM) is a $3/user/month add-on that can help Microsoft 365 tenants manage problems like oversharing, data governance, and site lifecycle. A TEC 2024 session describe how SAM can help tenants cope with these issues in the AI era.
On August 21, 2024, news emerged that the PnP PowerShell module will transition from using a multi-tenant Entra ID app to a tenant-specific app. The change is scheduled for September 9, 2024, which doesn’t leave a lot of time available for developers to review, update, and test PowerShell scripts based on PnP PowerShell. Some extra warning would have been nice.
Microsoft announced their plan to charge for unlicensed OneDrive for Business accounts in July. Now we have an unlicensed OneDrive accounts report in the SharePoint Online admin center. The report divides unlicensed OneDrive accounts into four categories and it’s up to Microsoft 365 tenant administrators to figure out whether to retain or remove unlicensed accounts before automatic archival comes into force in January 2025.
In a change designed to reduce the consumption of storage quota, Stream video versions are no longer being generated for non-video updates such as changes to video metadata. Anything that alters the video content, like trimming some seconds from the start or end of a video, will create a new version. It seems like a perfectly reasonable change that might help SharePoint storage not be consumed quite so quickly.
Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend using Remove-AzureADUser as a replacement. It’s a bad call because that cmdlet is part of a now-retired and soon to be deprecated module. Overall, recommendations like this make you think that Microsoft doesn’t know what’s happening across the whole of Microsoft 365. And you might be right.
A very useful update to support sharing links expiration for all link types used by SharePoint Online and OneDrive for Business is now rolling out and should be available in all Microsoft 365 tenants soon. Until now, expiration dates were only available for anyone links. Many organizations don’t allow anyone links, so enabling the feature for company-wide and specific people links will be much appreciated.
Some folks wonder why they can’t use documents shared with them using company-wide links with Copilot for Microsoft 365. As it turns out, the answer is simple. People must redeem a sharing link before SharePoint validates their access to a shared file. Copilot cannot use a document unless it has access to it. All of which brings up the point if it’s a good idea to use company-wide sharing links.
Our review of the Videos chapter for the Office 365 for IT Pros eBook found a Teams meeting policy setting we hadn’t documented to block downloads for channel meeting recordings. Naturally, this was a disaster, so we spent some time investigating what the policy setting does and if it’s useful in practice. It works, but do you want to block downloads of channel meeting recordings?
Office 365 Connectors bring data from external sources into Microsoft 365 apps like Teams and Outlook. Workflows and Power Automate are replacing Connectors for Microsoft 365 Groups (Outlook groups) and SharePoint Online. Connectors are still available in Teams but for how long? No one knows, but it does seem like Microsoft is rationalizing no-code automation around Power Automate.
Understanding SharePoint Online storage used to be easy. Then applications like Loop arrived. Other influences like retention and archive can affect storage too. It’s a complicated situation before you throw OneDrive for Business into the mix and consider that Microsoft has removed unlimited OneDrive storage while an increasing number of apps store files in OneDrive. It’s a complicated situation.
A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have always worked. Even so, it’s good to have this capability because it helps site users clean out old and obsolete information, something that’s becoming increasingly important in the AI era for Microsoft 365.
On March 27, SharePoint history reached its 23rd year. That’s a great achievement and SharePoint Online powers many apps. But dark clouds are on the horizon as information governance becomes a real issue for Microsoft 365 tenants. Too much information that is never cleared out is held in SharePoint, a fact revealed by the ability of Copilot to find and consume documents.
Microsoft’s support for SharePoint Online PowerShell has degraded over the last few years. Pnp.PowerShell is now the best option as not much is happening in the official SharePoint Online management module or the tenant settings Graph API. the lack of progress is a pity, but perhaps it’s also true that community-driven projects sometimes deliver better results.
Restricted SharePoint Search is an answer for customers who don’t like the idea of Copilot for Microsoft 365 being able to find documents in any site the signed-in user has access to. A curated list of 100 sites will be avialable to Copilot along with user data in OneDrive and files that have been shared with or worked on by a user. Will this scheme allow tenants to deploy Copilot while they sort out site permissions? Time will tell, starting in April 2024.
A longstanding problem (SP676147) open since September 2023 causes problems retrieving important SharePoint usage data like site URLs and user activity data. The problem shows up in the usage reports section of the Microsoft 365 admin center and affects any attempt to fetch SharePoint usage data via Graph API requests. It’s odd that the problem has lasted so long.
Document mismatch notifications tell users when they apply a higher-priority sensitivity label to documents than applied to the site. Some organizations don’t like these messages because they think the notifications confuse recipients. In this article, we discuss how to use a mail flow rule to redirect the messages to an address who can help people understand how to use sensitivity labels.
This article explains how I use custom document properties with SharePoint Online to track the topics covered by blog articles that I write. The custom document properties allow me to track where and when articles appear and the technology areas covered in their text. It’s a very easy update that can be applied in many situations where SharePoint is used to store documents.
The Sensitive by Default control allows tenants to prevent external access to newly uploaded documents until DLP processing checks their content. The idea is to close off the opportunity external users have to access control between its upload and DLP scanning of the content. You can combine the sensitive by default control with sensitivity labels to exert maximum control over confidential material.
Cloudy attachments are links to files sent in messages. An auto-label policy can capture copies of cloudy attachments and make them available for eDiscovery. Sounds good, but you need Office 365 E5 or above licenses to use an auto-label policy and Purview eDiscovery (premium). Even so, it’s a nice example of applying technology to solve a problem, even if it does use up some valuable SharePoint Online storage quota.
SharePoint Embedded is a new Microsoft offering for application developers. The big upside is that apps can take advantage of the Microsoft 365 ecosystem. Cost is the potential downside. Microsoft will charge using a pay-as-you-go model, but estimating the likely cost could be difficult until more experience about how apps use SharePoint Embedded emerges.