Microsoft to Block Users Granting Third-Party App Access to User Sites and Files

App consent policy for 3rd party apps

In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.

Using a Copilot Agent in SharePoint to Interact with Office 365 for IT Pros

Copilot Studio agent with Office 365 for IT Pros

Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs issued for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks as knowledge sources. If you’ve got Microsoft 365 Copilot licenses, this is an interesting way to interact with the books.

SharePoint Online Dumps OTP Authentication for Sharing Links

Entra ID B2B Collaboratio n and SharePoint Online Sharing Links

After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration will work. Users who lose access to content shared from SharePoint Online or OneDrive for Business will have to contact the original sharer to ask them to generate a new sharing link. Sounds like a recipe for confusion, which is what might happen.

Penetration Test Asks Questions About Copilot Access to SharePoint Online

Copilot for Microsoft 365 Penetration Test

An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve data. The article is an interesting read and reveals how Copilot can reveal data in password protected Excel worksheets. However, many of the issues raised can be controlled by applying available controls, and the biggest worry is lhow the account being used to run Copilot came to be compromised!

How to Stop Microsoft 365 Users Uploading SharePoint Online and OneDrive for Business Files to ChatGPT

Block ChatGPT access to OneDrive for Business files

Microsoft 365 users can connect their OneDrive for Business account to ChatGPT. This is not a great thing because it exposes the potential for sensitive corporate information to be exposed outside the organization. How can you block ChatGPT Access to OneDrive? The best way is to stop people from using the ChatGPT app. If that’s not possible, make sure to encrypt confidential files with sensitivity labels.

SharePoint Online Adds Support for Sensitivity Labels with User Defined Permissions

SharePoint Online support for user-defined permissions

SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft Search, DLP, eDiscovery, and content searches, but only for files processed by Microsoft Search. Processing happens automatically when new files are created or existing files are edited, so making all UDP-protected files searchable will take some time. Indexing doesn’t make UDP-protected files available to Copilot.

Microsoft Removes Reactivation Fee for Archived SharePoint Sites

No more reactivation fees for archived SharePoint sites

Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage higher use of Microsoft 365 Archive to store old but wanted material in a safe location while removing it from the view of apps like Microsoft 365 Copilot. The reduction in fees does not apply to archived OneDrive for Business accounts.

How to Index and Search SharePoint Online Custom Columns

SharePoint Online custom columns.

SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they’re properly indexed to become searchable. This article explores how even non-SharePoint administrators can create, index, and search custom columns. The key thing is to take your time. SharePoint cannot be rushed!

Primer: Output Data Generated with an Azure Automation Runbook to a SharePoint List

The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint Online list. Once in the lists, items can be processed using Power Automate, Power Apps, or Power BI or exported to Excel. It’s a great way of capturing information generated by background jobs.

Using the SharePoint Pages Graph API

Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Microsoft Graph PowerShell SDK based on the API. The net result is that the API appears to work well but some problems are evident in the cmdlets. Or maybe it’s just my lack of knowledge!

SharePoint Online Intelligent Versioning and the 500 Version Limit

SharePoint Online intelligent versioning uses algorithms to decide what file versions must be kept for file recoverability. Unwanted versions are discarded (trimmed). A notional 500 version limit applies when intelligent versioning is in force but if data lifecycle management (retention) is used, SharePoint cannot trim versions to keep within the 500 version threshold. Some change is needed to resolve the conflict.

Microsoft’s Simple Message at Ignite: It’s All About AI

The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more interesting announcements for Microsoft 365 tenants for Teams, SharePoint Online, and Purview. Many of the new features need high-end licenses or add-ons, but that doesn’t mean that the issues addressed by the technology should be ignored.

How SharePoint Online Intelligent Versioning Interacts with Retention Policies and Labels

Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention policies and labels can stop the removal of versions. This article explains what happens when SharePoint Online attempts to trim (remove) unwanted versions of files under the control of retention policies and labels.

Create a Custom Copilot Agent for SharePoint Online

Copilot agents are part of Microsoft’s Wave 2 initiative launched in September 2024. Basically, an agent restricts Copilot queries to a defined set of content, meaning that the response generated by Copilot is much more precise and won’t be affected by information found in other sites. The wizard makes it very easy to create a new custom agent. Some features are missing, but they’re on the way.

SharePoint Online Deletion of Non-Empty Folders

A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have always worked. Even so, it’s good to have this capability because it helps site users clean out old and obsolete information, something that’s becoming increasingly important in the AI era for Microsoft 365.

SharePoint Marks Its 23rd Anniversary

On March 27, SharePoint history reached its 23rd year. That’s a great achievement and SharePoint Online powers many apps. But dark clouds are on the horizon as information governance becomes a real issue for Microsoft 365 tenants. Too much information that is never cleared out is held in SharePoint, a fact revealed by the ability of Copilot to find and consume documents.

Full SharePoint Online Support for PDFs with Sensitivity Labels

Sensitivity Label PDF support is now available in SharePoint Online and OneDrive for Business. In effect, this means that SharePoint can protect and process PDFs in the same way as it handles Office documents. Given the widespread use of PDFs in many organizations, this is an important step forward for those wishing to protect their most sensitive information.

SharePoint Online Block Download Policy for Teams Meeting Recordings

SharePoint Online has a new block download file policy that stops users from downloading Teams meeting recordings. The policy applies to all sites and OneDrive for Business accounts in the tenant and is due to be part of the feature set covered by the Syntex-SharePoint Advanced Management license.

SharePoint Online Gets Closer to Azure AD

SharePoint Online is embracing Azure AD more closely by forcing new tenants to use the integration between the two Microsoft 365 components. In addition, site sharing will use the Azure AD invitation mechanism instead of SharePoint’s own code. The changes make a lot of sense and shouldn’t cause much disruption for tenants. It’s a good reminder to check the relevant policies that control external access via Azure B2B Collaboration.

Microsoft Introduces New Syntex-SharePoint Advanced Management License

Applying a default sensitivity label to a SharePoint Online document library is just one of the set of security and management and governance features requiring the new Syntex Advanced Management license. The new license is in preview so all the features that it covers might not be fully baked. Microsoft 365 customers might well ask if this is yet another example of Microsoft bundling features into a new paid-for add-on license. Of course it is. You don’t expect new functionality for free, do you?

The Role of SharePoint Online in Microsoft 365

SharePoint Online is a critical piece of the Microsoft 365 ecosystem. Its document management service is consumed by many apps like Teams, Yammer, and Planner. OneDrive for Business, the personal side of SharePoint Online, also contributes to SharePoint’s success with components like the synchronization client. Without SharePoint Online, Microsoft 365 would be a very different offering and a worse platform to work with.

Azure AD Conditional Access Policies Get App Filter

Azure AD conditional access policies can now use an app filter based on custom security attributes to restrict access to specific apps. It’s a neat idea that should be popular in larger enterprises where the need exists to manage large numbers of apps. In other news, the Graph X-Ray tool is available in the Windows Store and a neat cmd.ms tool is available to provide shortcuts to Microsoft 365 sites.

SharePoint Online Loses Its Inside Look

Surprisingly, Microsoft has decided to retire the SharePoint Inside Look feature. This is where background processes extract three points from the text of Word documents and use them to help users understand the essence of the document. The text is also used in SharePoint sharing notifications. It’s a pity that the feature is going, but it’s English only and the resources needed to accommodate other languages might be too much for the predicted return.

New Account Switcher Coming for Microsoft 365 Web Apps

In a March 4 update, Microsoft announced that Microsoft 365 web apps will get a new account switcher to allow users to run multiple signed-in sessions and switch between the accounts seamlessly. Not every Microsoft 365 web app supports the new feature, with Teams being a notable miss, but there’s enough there to make this a very useful feature.

Why Exchange Online Mailboxes have SharePoint Online Proxy Addresses

A post by the Exchange development group tried to explain why mailboxes have SharePoint Online proxy addresses. It’s all down to the Microsoft 365 substrate, which needs the proxy addresses to ingest digital twins from SharePoint Online into Exchange Online for use by shared services like Microsoft Search. The upshot is that you can’t remove a mailbox permanently without some background processes kicking in to make sure that SharePoint is taken care of.

Microsoft Lists Available as Preview for Consumer Accounts

Microsoft Lists is now available in a preview for users with Microsoft Service Accounts (MSA). The preview is tagged as a lightweight version of the enterprise capabilities available in SharePoint Online. When generally available, we might see this as a premium consumer offering. In other news, an opinion says that Lists should replace Planner. I disagree, and say why.

How Default Sensitivity Labels Work with SharePoint Online Document Libraries

SharePoint Online and OneDrive for Business will soon gain the ability to apply default sensitivity labels to document libraries. The feature is currently in preview and requires some complicated PowerShell to configure, but Microsoft is working on the GUI and expects to make the capability generally available later this year.

Continual Access Evaluation Enabled for Critical Azure AD Events in Microsoft 365 Tenants

On January 10, Microsoft announced that the base Office 365 workloads support Continuous Access Evaluation (CAE) for critical Azure AD events like password changes or account deletions. Although you can take CAE even further with conditional access policies, giving Exchange Online, SharePoint Online, and Teams the ability to react to critical events in almost real-time is a very big thing indeed.

Sharing Links for Video and Audio Files Block Downloads by Default

A new tweak to the sharing link dialog used by OneDrive for Business, SharePoint Online, and other Microsoft 365 workloads block downloads of video and audio files by default. This is probably what you want to happen as, unlike Office documents, when you share a video or audio file, it’s likely to be final content ready to be consumed rather than being worked on.

How OneDrive’s New Sharing Link Dialog Makes It Easier to Configure Settings

A new sharing link dialog for OneDrive for Business and SharePoint Online is rolling out to Office 365 tenants. The new dialog makes it easier to configure settings for copy links. This might sound like a small thing on the overall scale of Microsoft 365, but making it absolutely clear how to configure sharing links is a good step towards helping users send the right kind of links when they share documents with others.

How to Analyze Audit Records for SharePoint Online Sharing Events

When SharePoint users share information, Office 365 captures events in its audit log. By analyzing the events, we can build a picture of how people share information. The sad thing is that the audit events logged when someone extends the validity of a sharing link doesn’t contain as much information as you might like. Even so, we can still analyze the sharing events to build a picture of what happens in an Office 365 tenant.

How to Use the SharePoint Expiring Access Policy for External Users

The SharePoint Online expiring access policy controls how long external users can use a sharing link. You don’t have to use this policy, but it’s a good idea to configure it. And once the policy is active, users will see notices when their sharing links approach expiration. The process to renew (extend) sharing links is quick and easy. And if you want even more protection, consider combining this policy with sensitivity labels.

How to Create a DLP Policy to Stop External Sharing of Teams Meeting Recordings

Teams meeting recordings can contain a lot of confidential information. It’s a quick and easy task to create a Data Loss Prevention (DLP) policy to stop people sharing these files externally, In this post, we show just how simple the required policy is, and just how effective it is at stopping external sharing.

Some Microsoft 365 Features Highlighted at Fall Ignite 2021 You Can Use Now

To help you recover from the blizzard of Microsoft 365 information released at Fall Ignite 2021, here are some notes about features and functionality you might have missed. Like any list created by a conference (virtual) attendee, it reflects my interests and what I was looking for. Feel free to disagree on the importance of any or all of the topics discussed here… and suggest some of your own in the comments.

How to Update Custom Properties in the Site Property Bag in SharePoint Online

The site property bag is SharePoint Online’s way to allow tenants to add custom properties. This is useful if you want to add custom properties for search purposes, which is what you might need to do to use the new adaptive scopes for Microsoft 365 retention policies to find and process SharePoint sites. In this article, we explain how to add values to the site property bag, and how to make sure that you don’t leave sites in a position where custom scripting remains enabled.

Why SharePoint Online Will Allow Users to Delete Files with Retention Labels

Users attempting to delete SharePoint Online files assigned Microsoft 365 retention labels are blocked. That is, until a change arrives in November to make SharePoint Online and OneDrive for Business behave in the same manner. It’s a good change because it avoid the scenario where users remove retention labels to delete files, which undermines the organization’s compliance strategy. Now, deleted items go into the preservation hold library and stay there until their retention period expires. My only complaint is that the control over the mechanism is not as simple as it should be, but that’s a small and relatively unimportant flaw in the overall scheme of things.

How Retention is Changing for SharePoint Online’s Preservation Hold Library

The preservation hold library is an important component of SharePoint Online retention processing. A change coming in November should simplify file handling and reduce the amount of storage taken up by retained files in the library. Basically, instead of storing multiple versions of a file, SharePoint Online will hold a single file containing all the updates. It seems like a good change to make. We’ll know more when it rolls out.

SharePoint Admin Center Absorbs OneDrive for Business Management

Microsoft has simplified Microsoft 365 administration by moving controls from the OneDrive for Business admin center into the SharePoint Online admin center. It’s a good step because the two workloads are really two sides of the same file and document management function within Microsoft 365. With many apps moving storage of their data to OneDrive for Business, its role is becoming increasingly important. Even so, OneDrive doesn’t deserve a dedicated management portal.

Teams and SharePoint Online to Synchronize Channel Names Properly

The longstanding problem where the renaming of a Teams channel did not rename the folder in the SharePoint document library is being fixed. First flagged as an issue in 2016, this is one of the oldest bugs in Teams and it’s taken far too long for Microsoft to squash. The good news is that the fix will deploy in mid-September to close off the problem once and for all.

OneDrive’s Sharing Control Upgraded with Shared with Information

The OneDrive for Business sharing control (also used by SharePoint Online) now shows thumbnails of the set of people who already have access to an item. The idea is to give owners of information an at a glance view of who has access. It’s a nice change which adds something that probably no one thought was missing, The little things add all the difference!