Office 365 for IT Pros offers extensive coverage of the Microsoft 365 ecosystem. Learn from our knowledge and practical insight into how things really work.
Agent governance is the framework that allows tenants to deploy agents safely, securely, and under control. A new ISV offering from Rencore helps to fill some gaps in Copilot agent governance that currently exist in what’s available in Microsoft 365. It’s good to see ISV action in this space because the last thing that anyone wants is the prospect of Copilot agents running amok inside Microsoft 365 tenants.
Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerShell SDK and Exchange Online Management modules. The root cause is a decision to remove support for .NET6, but the worrying point is the lack of awareness within Microsoft engineering that Azure Automation is where many critical scripts run. Better pre-release testing is definitely needed.
On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Microsoft 365 apart from the need to connect to Azure from time to time. Microsoft 365 Local is an on-premises packaged solution. There’s nothing bad about that because some companies need to run on-premises servers for their own reasons. But calling it Microsoft 365?
People Skills is a new Microsoft 365 solution that uses AI to determine what skills are possessed by users based on their profile and activities. The skills recorded for users turn up on the Microsoft 365 profile card, just like the older SharePoint/Delve implementation. Is this an example of more AI being used “just because we can” or a useful solution? It’s up to you to decide.
The AI-based generative summaries featured by Google and other search engines remove organic traffic from technology websites and make it less attractive for content creators to write about new topics. The upshot is likely to be a decrease in the amount of new knowledge shared on public websites and a resultant lack of information for the AI LLMs to feed off.
An OWA mailbox setting is available to block PST access for the new Outlook for Windows client. The setting mimics controls available for Outlook classic, where companies have been blocking PST access for a long time. Once email is in a PST, it’s invisible to any of the compliance solutions that organizations pay for. It’s also invisible to Copilot, which might not be a bad thing…
A recent post revealed that the Mailbox Import-Export Graph API doesn’t capture audit events for its operations. The API is in beta, but this is disappointing. Auditing any mailbox is important, but it becomes a critical requirement when the possibility exists that attackers could use the API to exfiltrate mailbox data outside of the tenant. This is a hole that Microsoft needs to close.
A set of 80 mysterious SharePoint Embedded containers turned up because Microsoft pre-provisioned storage for files used as knowledge sources by Copilot agents. Details of the pre-provisioning are in message center notification MC1058260, but who has the time to read and analyze everything posted to the message center? And anyway, the mysterious containers have now disappeared…
The June 2025 update for the Automating Microsoft 365 with PowerShell eBook is now available. Coding automation with Microsoft 365 PowerShell can be challenging, but not with this book beside you. It contains hundreds of examples of working with Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, Teams, and Planner using regular PowerShell cmdlets and the Graph APIs.
A new feature of the Quest On Demand migration suite supports the tenant-to-tenant migration of Exchange and SharePoint content protected by sensitivity labels. This might not seem a big deal, but it’s the first time that a migration product has been able to automatically move protected files and messages from one tenant to another, including files protected by sensitivity labels with user-defined permissions.
This week’s Microsoft layoffs provide a timely reminder to review how to retain and secure ex-employee data. OneDrive for Business might be the biggest challenge because of the variety of application data that now ends up in user OneDrive accounts. Agents and Flows are also an area of concern, as are objects like apps, phone numbers, and recurring meetings.
The Microsoft E5 Security add-on is available for Microsoft 365 Business Premium (and other) tenants. The add-on looks like a bargain because the bundle offers significant value over individual licenses, but is it really? Like everything in life, unless you can use something, there’s no point in having it. In this case, have a plan to use E5 Security to deliver measurable results before you hand over any more license revenue to Microsoft.
Microsoft Defender for Office 365 includes many tools to help investigators manage threat. The Email Preview tool shows the layout and appearance of the messages with which attackers try to fool recipients. It’s a valuable way of understanding how threat penetrates. But a recent change makes bad links in the email preview clickable, and that doesn’t seem like a good idea.
Artificial Intelligence and PowerShell should be a good thing to help hard-pressed Microsoft 365 tenant administrators cope with common tasks. The early signs are there with Copilot in the Microsoft 365 admin center. However, the current state of the art depends on what’s gone before and can’t handle the kind of complex automation that tenants sometimes need, like generating a licensing report from Entra ID, product information, and license costs.
Microsoft has enabled a one-year retention policy for Teams meeting attendance reports. Tenants can’t opt out of the policy or set a different retention period. Microsoft says that the new policy exists to make sure that Teams complies with the Microsoft privacy policy. Another way of looking at the situation is that the new policy will simply remove some old data that no one ever looks at.
Some people get great results from AI tools like Microsoft 365 Copilot. Others struggle to make Copilot useful. As an article by a Microsoft product manager points out, the reason might be the way we use Copilot. If you don’t give Copilot the right data to work with and don’t ask the right questions through well-structured prompts, there’s no prospect of good answers.
A new preview option in the Entra admin center supports the ability to update multiple Entra ID accounts. You can update properties, add managers and sponsors, update group membership, revoke account access, and so on. The only surprising thing about the new option is that it’s taken Microsoft so long to add it to the admin center.
The Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Maester usually tests tenant settings to find and highlight misconfigurations or potential issues. Some new custom tests look for missing user account properties, which is great except for the problem of finding the right accounts to check. All discussed here.
Microsoft’s FY25 Q2 results featured bumper Microsoft Cloud revenues, which broke the $40 billion mark for the first time. Although they wanted to talk a lot about Copilot and AI in general, Microsoft didn’t give any new user numbers for Microsoft 365 or Teams.
This article describes how to use Azure Automation for audit searches. The runbook runs an audit search to find events for specific operations, refines the set of events found by the search, and sends the information by email. Hopefully, someone will respond to the message and do the right thing to check the insight derived from the events.
A reader asked why it seems so difficult to use Azure Automation runbooks to process Microsoft 365 data. In fact, it’s not so hard, and here’s a primer to help you understand how to create the necessary Azure Automation environment to develop and execute runbooks. Once modules and permissions are in place, everything falls into place.
The Microsoft 365 user profile card offers users the chance to record and playback name pronunciations, if tenant settings allow. The new setting is controlled by a Graph API and turns name pronunciation recording and playback on or off for the entire tenant. Microsoft says that helping people pronounce other peoples’ names properly is a good thing. It will be interesting to see how many use this feature.
The Office365ITPros GitHub repository holds over 300 PowerShell scripts showing how to interact with Microsoft 365 and Entra ID. Anyone can contribute to Office365ITPros by forking the code to a copy of the repository and making changes to scripts there. If you want, you can push the changes back to us so that we can consider their inclusion in Office365ITPros. It’s a great example of community in action.
News that Viva Engage search results are included in the results generated by Office.com and SharePoint.com is not unexpected. Only certain Viva Engage items appear in search results such as storyline items and question and answers from public communities. In other news, ten years after Microsoft’s Acompli acquisition, there’s no doubt that Outlook Mobile is a huge success.
On 19 December 2024, Microsoft announced the retirement of the Microsoft Search in Bing feature. Copilot is better at searching and presenting web and work results. Although tenant administrators might worry about the recent batch of retirements, the fact is that Microsoft retires unsuccessful products and features from Microsoft 365 all the time. The swift demise of the Office tags feature is another example.
The Copilot inference and evaluation policy controls if users can ask Copilot in Teams to evaluate the emotions of other meeting participants. It sounds creepy that meeting participants can ask Copilot how someone is feeling based on their contributions to a meeting, but AI is happy to answer unless blocked by policy. Maybe blocking big brother monitoring should be the norm rather than an exception?
The scheduled retirement of Delve on December 16, 2024, meant that Microsoft had to create a new way for users to update their profile settings. The new method has now appeared in Microsoft Search, and it will spread to other workloads (like OWA) where users can access and update their profile. The new mechanism is welcome, but it’s still too difficult to customize user profiles within a tenant.
Microsoft’s announcement of the Viva Goals retirement came as a complete surprise to the customers using Viva Goals to implement the OKR methodology for their organization. From Microsoft’s text, it seems pretty clear that Viva Goals just didn’t succeed in winning sufficient customers to warrant ongoing development. The outcome is that Microsoft cut its losses and will retire Viva Goals.
Generative AI tools are nice to have, but the LLMs used by these tools must come from somewhere. The impact of generative AI on technology websites is very real and will have a far reaching effect if websites close due to reduced traffic and revenues. How will the LLMs used by generative AI refresh their knowledge base if websites don’t create that information for them (for free)?
The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more interesting announcements for Microsoft 365 tenants for Teams, SharePoint Online, and Purview. Many of the new features need high-end licenses or add-ons, but that doesn’t mean that the issues addressed by the technology should be ignored.
In February 2025, Microsoft will begin enforcing a mandatory MFA requirement for the Microsoft 365 admin center. All connections to the Microsoft 365 admin center must pass an MFA challenge. The move is to increase the percentage of Entra ID user accounts protected by MFA. This article explains what’s happening and outlines how to gain insight into who might be affected by the change.
A reader asked how to find emails with sensitivity labels. Everyone knows that you can find SharePoint files protected by sensitivity labels, but what about emails? MAPI properties exist that hold details of sensitivity labels. These properties are promoted to Microsoft Search, and this allows features like end-user searching through the Microsoft 365 app and Outlook to work. But the best way to find emails with sensitivity labels is to use a Purview content search.
Copilot errors in generated text can happen for a variety of reasons, including poor user prompts. If the errors end up in documents, they can infect the Graph and become the root cause for further errors. Over time, spreading infection can make the results derived from Graph sources like SharePoint Online unreliable. Humans can prevent errors by checking AI content thoroughly before including it in documents, but does this always happen?
Copilot Pages are part of the September 2024 Copilot Wave 2 announcement. They’re a good way to capture the text generated by Copilot in response to a prompt. Each Copilot page is a Loop component stored in a SharePoint Embedded container. Figuring out how to manage these containers will take a little time, especially as Microsoft hasn’t yet delivered the APIs needed to do the job.
The Delve browser app retires on December 16, 2024. It’s time to check if the change will affect how people interact with user profiles in Microsoft 365 tenants. A new “user profile experience” is due to arrive in November that should allow people to update details in their profile. Hopefully, the new experience will include photo updates, which have long been a problem area for Microsoft 365 apps.
The Maester tool is a great way to get a security assessment for a Microsoft 365 tenant. Being able to create custom Maester tests makes it even better. In this article, we explain how to create a custom Maester test that reads the Entra ID Groups policy to report if users are allowed to create new Microsoft 365 groups (and teams).
Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November 2024. The cmdlet is replaced by the Revoke-MgUserSignInSession cmdlet, which works across Microsoft 365 rather than just SharePoint Online. All of this happened while the 2nd annual PowerShell Script-Off happened at TEC 2024 and competitors struggled with what to do to secure a user account for an ex-employee.
TEC 2024 (aka “The Experts Conference”) takes place on Oct 1-2 at the Loews Arlington Hotel. TEC is a great conference for many reasons, notably the intensely practical nature of the coverage technology receives during conference keynotes, sessions, and workshops. If you’re looking for a high-quality event to attend in 2025, put TEC 2025 on the list.
A new Entra ID photo update settings policy aims to cure the mish-mash of existing settings controlling how user profile photos are updated in Microsoft 365. The new policy is based on a Microsoft Graph resource. Work is needed to update clients to respect the policy settings and take over from current controls, like the OWA mailbox policy.
After reaching 50% deployment and on track to general availability, Microsoft decided to withdraw the Copilot catch up feature. Catch up shows a set of cards in a carousel to highlight documents and other items that Copilot believes are of interest to the user. It’s like the insights surfaced in other places within Microsoft 365, such as Office applications, Viva Insights, and Delve.