Site icon Office 365 for IT Pros

Blog

Advertisements
  1. Copilot Agent Governance Product Launched by ISV June 27, 2025 7:00 am - Agent governance is the framework that allows tenants to deploy agents safely, securely, and under control. A new ISV offering from Rencore helps to fill some gaps in Copilot agent governance that currently exist in what’s available in Microsoft 365. It’s good to see ISV action in this space because the last thing that anyone wants is the prospect of Copilot agents running amok inside Microsoft 365 tenants.
  2. Token Protection Extends to Microsoft Graph PowerShell SDK Sessions June 26, 2025 7:00 am - The conditional access policy condition for token protection now extends to Microsoft Graph PowerShell SDK interactive sessions. Any account within the scope of a CA policy that requires token protection can use Web Account Manager (WAM) to sign in and check that everything is secure and ready to go. It’s a protection that might be of interest to administrators and developers that access sensitive data in Graph SDK sessions.
  3. Microsoft 365 PowerShell Modules Need Better Testing June 25, 2025 7:00 am - Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerShell SDK and Exchange Online Management modules. The root cause is a decision to remove support for .NET6, but the worrying point is the lack of awareness within Microsoft engineering that Azure Automation is where many critical scripts run. Better pre-release testing is definitely needed.
  4. Launch Plan for Office 365 for IT Pros (2026 Edition) June 24, 2025 7:00 am - We're a week away from the launch of the Office 365 for IT Pros (2026 edition) eBook, the 12th edition issued since the first book appeared in 2015. This article describes the launch plan and informs current subscribers about how they will receive an update offer to extend their subscription. We’re also updating the Automating Microsoft 365 with PowerShell eBook.
  5. Outlook’s New Summarize Option for Email Attachments June 23, 2025 7:00 am - Among the blizzard of Copilot changes is one where Outlook can summarize attachments. That sounds small, but the feature is pretty useful if you receive lots of messages with “classic” (file) attachments. Being able to see a quick summary of long documents is a real time saver, and it’s an example of a small change that helps users exploit AI. Naturally, it doesn’t work with Outlook classic.
  6. Microsoft to Block Users Granting Third-Party App Access to User Sites and Files June 19, 2025 1:30 pm - In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.
  7. Updating the Entra ID Custom Banned Password List with PowerShell June 19, 2025 7:00 am - Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. The idea is to prevent easily-guessed terms being used in passwords. You could also block words deemed to be objectionable. In any case, this article explains how to maintain the custom blocked password list with a PowerShell script.
  8. Microsoft Pushes European Sovereign Solutions June 18, 2025 7:00 am - On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Microsoft 365 apart from the need to connect to Azure from time to time. Microsoft 365 Local is an on-premises packaged solution. There’s nothing bad about that because some companies need to run on-premises servers for their own reasons. But calling it Microsoft 365?
  9. People Skills Rolling Out Within Microsoft 365 June 17, 2025 7:00 am - People Skills is a new Microsoft 365 solution that uses AI to determine what skills are possessed by users based on their profile and activities. The skills recorded for users turn up on the Microsoft 365 profile card, just like the older SharePoint/Delve implementation. Is this an example of more AI being used “just because we can” or a useful solution? It’s up to you to decide.
  10. Using a Copilot Agent in SharePoint to Interact with Office 365 for IT Pros June 16, 2025 7:00 am - Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs issued for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks as knowledge sources. If you’ve got Microsoft 365 Copilot licenses, this is an interesting way to interact with the books.
  11. AI Generative Summaries Make Life Even Harder for Technology Websites June 13, 2025 7:00 am - The AI-based generative summaries featured by Google and other search engines remove organic traffic from technology websites and make it less attractive for content creators to write about new topics. The upshot is likely to be a decrease in the amount of new knowledge shared on public websites and a resultant lack of information for the AI LLMs to feed off.
  12. When the Invoke-MgGraphRequest Cmdlet Needs Help to Fetch Responses June 12, 2025 7:00 am - Sometimes it's hard to get a response back from running a Graph API request with the Invoke-MgGraphRequest cmdlet. Graph Explorer helps. So does reading Microsoft’s documentation for the cmdlet. In the end, everything works out and we can discover some valuable information that comes back in a response header. In this case, the response header helps us discover if a purge job works.
  13. How to Block Ad-Hoc Email-Based Subscriptions June 11, 2025 7:00 am - The old Set-MsolCompanySettings cmdlet is no more, so how can a Microsoft 365 tenant block email-based subscriptions? With the Graph, of course! Seriously, there’s no 1-to-1 mapping from the old cmdlet to a new, but some of the settings are available in the Entra ID authorization policy. We can update the authorization policy with PowerShell to block email-based subscriptions, like Copilot Studio.
  14. SharePoint Online Dumps OTP Authentication for Sharing Links June 10, 2025 7:00 am - After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration will work. Users who lose access to content shared from SharePoint Online or OneDrive for Business will have to contact the original sharer to ask them to generate a new sharing link. Sounds like a recipe for confusion, which is what might happen.
  15. How to Block PST Files for the New Outlook for Windows June 9, 2025 7:00 am - An OWA mailbox setting is available to block PST access for the new Outlook for Windows client. The setting mimics controls available for Outlook classic, where companies have been blocking PST access for a long time. Once email is in a PST, it’s invisible to any of the compliance solutions that organizations pay for. It’s also invisible to Copilot, which might not be a bad thing…
  16. Respond to Teams Messages with Multiple Emoji Reactions June 6, 2025 7:00 am - The need for more nuanced responses to Teams chat and channel messages can apparently be met through multiple emoji reactions instead of a basic one-emoji response like a smile or thumbs up. In any case, users can add up to 20 emojis in response to Teams chat and channel messages. The possibilities of what 20-emoji combinations might communicate are endless, or so it seems.
  17. Exchange Online Upgrades Its Message Tracing Capabilities June 5, 2025 7:00 am - Microsoft announced the GA for the new message tracing feature on June 3. The old code will be deprecated in September 2025, so it's time to update any PowerShell scripts that use the Get-MessageTrace or Get-MessageTraceDetail cmdlets. Upgrading is easy and shouldn’t take too long, once you find the time to do the work.
  18. Mailbox Import-Export Graph APIs Leave No Audit Trail June 4, 2025 7:00 am - A recent post revealed that the Mailbox Import-Export Graph API doesn't capture audit events for its operations. The API is in beta, but this is disappointing. Auditing any mailbox is important, but it becomes a critical requirement when the possibility exists that attackers could use the API to exfiltrate mailbox data outside of the tenant. This is a hole that Microsoft needs to close.
  19. New Outlook and OWA Control for Viewing Protected Email June 3, 2025 7:00 am - The new TwoClickMailPreviewEnabled setting in the Exchange organization configuration controls if OWA and the new Outlook for Windows use two-click confirmation to open protected email. The new feature could be useful for people who commonly open confidential and protected email in situations where someone else could see what they’re reading. In other situations, it will irritate people.
  20. June 2025 Update Available for Office 365 for IT Pros (2025 Edition) June 2, 2025 7:00 am - Monthly update #120 (June 2025) is available for the Office 365 for IT Pros eBook. This is the last update for the 2025 edition as the 2026 edition will be available on July 1, 2025. Change continues as Microsoft continues on their odyssey to an agentic world. Growth in the ecosystem continues and Microsoft 365 now has 430 million paid seats, 56 million of whom use Power Platform. All good!
  21. Microsoft Launches the Copilot Interaction Export API May 30, 2025 7:00 am - Microsoft will launch the aiInteractionHistory Graph API (aka, the Copilot Interaction Export API) in June. The API enables third-party access to Copilot data for analysis and investigative purposes, but any ISV who wants to use the API needs to do some work to interpret the records returned by the API to determine what Copilot really did in its interactions with users.
  22. How to List Hidden Group Memberships with the Graph May 29, 2025 7:00 am - A user reported that a script didn't list any details of hidden group memberships and asked why. The reason is that a separate Graph permission controls access to hidden group memberships. If an app doesn’t have the permission, the Graph returns null memberships, which is probably not all that helpful. Once the right permission is in place, everything works.
  23. The Case of the Mysterious SharePoint Embedded Containers May 28, 2025 7:00 am - A set of 80 mysterious SharePoint Embedded containers turned up because Microsoft pre-provisioned storage for files used as knowledge sources by Copilot agents. Details of the pre-provisioning are in message center notification MC1058260, but who has the time to read and analyze everything posted to the message center? And anyway, the mysterious containers have now disappeared...
  24. Microsoft Launches Agent Management in the Entra Admin Center May 27, 2025 7:00 am - The prospect of agents running amok in Microsoft 365 tenants lessened a tad with the introduction of Entra Agent ID. Tenants will be able to manage agents through the Entra admin center. Custom agents created with Copilot Studio or Azure AI Foundry now have Entra identifiers and show up in the admin center. So far, not much else happens but the promise of more functionality is there.
  25. Teams Tweaks its Discover Feed May 26, 2025 7:00 am - The Teams Discover Feed highlights unread items from channels that users might have missed. Microsoft tweaked the feature so that it only works with 5 or more channels. The logic behind the change is that if you have access to less than five channels, the Discover Feed is unlikely to be much use because it probably won’t have many unread messages to show. One limitation is that guest users can’t use the feed.
  26. June 2025 Update for the Automating Microsoft 365 with PowerShell eBook May 23, 2025 7:00 am - The June 2025 update for the Automating Microsoft 365 with PowerShell eBook is now available. Coding automation with Microsoft 365 PowerShell can be challenging, but not with this book beside you. It contains hundreds of examples of working with Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, Teams, and Planner using regular PowerShell cmdlets and the Graph APIs.
  27. How to Add a Loop Workspace to a Standard Teams Channel May 22, 2025 7:00 am - The update to allow team members to add a Loop workspace as a channel tab is now rolling out and should be available worldwide soon. Microsoft is currently putting a lot of emphasis on Loop and its almost read-time collaboration capabilities are turning up in many places within Microsoft 365, like Copilot Pages. Will Loop replace OneNote eventually? That's a big question...
  28. Quest Tool Migrates Protected Email and Files Between Tenants May 21, 2025 7:00 am - A new feature of the Quest On Demand migration suite supports the tenant-to-tenant migration of Exchange and SharePoint content protected by sensitivity labels. This might not seem a big deal, but it’s the first time that a migration product has been able to automatically move protected files and messages from one tenant to another, including files protected by sensitivity labels with user-defined permissions.
  29. Why Copilot Access to “Restricted” Passwords Isn’t as Big an Issue as Uploading Files to ChatGPT May 20, 2025 7:00 am - Some sites picked up the Microsoft 365 Copilot penetration test that allegedly proved how Copilot can extract sensitive data from SharePoint Online. When you look at the test, it depends on three major assumptions: that an attacker compromises a tenant, poor tenant management, and failure to deploy available tools. Other issues, like users uploading SharePoint and OneDrive files to process on ChatGPT, are more of a priority for tenant administrators.
  30. Microsoft 365 Copilot Gets Viva Insights Service Plans May 19, 2025 7:00 am - Two new service plans are now in the Microsoft 365 Copilot license to allow users access to Viva Insights. The new service plans enable the Copilot dashboard in Viva Insights. It’s nice to get new functionality, but sometimes you don’t want people to use a feature, which brings up the topic of disabling a Copilot service plan using GUIs or a PowerShell script.
  31. Time to Review How to Preserve Ex-Employee Data May 16, 2025 7:00 am - This week's Microsoft layoffs provide a timely reminder to review how to retain and secure ex-employee data. OneDrive for Business might be the biggest challenge because of the variety of application data that now ends up in user OneDrive accounts. Agents and Flows are also an area of concern, as are objects like apps, phone numbers, and recurring meetings.
  32. Microsoft Graph PowerShell SDK V2.28 Attempts to Restore Stability May 15, 2025 7:00 am - On May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying problems that have dogged the SDK for several months. The first few days haven’t revealed any new problems and bug reports are being closed, so the signs are positive. But do test before deploying V2.28 into production.
  33. Replacing Litigation Holds with Microsoft 365 Retention Policies May 14, 2025 7:00 am - Litigation holds can retain mailbox data, but that's it. You can swap litigation holds out for a Microsoft 365 retention policy and gain extra functionality, such as retaining OneDrive for Business content for the mailbox owners. It’s easy to script the transition from litigation holds to retention policy using PowerShell and to show how, we include a fully working script.
  34. Use an OWA Mailbox Policy to Block Attachment Download for the New Outlook for Windows May 13, 2025 7:00 am - The ConditionalAccessPolicy setting in an OWA mailbox policy can be configured to work with Entra ID conditional access so that OWA blocks access to attachments on unmanaged devices. Microsoft originally introduced the feature in 2018 and as it turns out, the combination of OWA mailbox policy and CA policy also blocks attachment access for the new Outlook for Windows client.
  35. Penetration Test Asks Questions About Copilot Access to SharePoint Online May 12, 2025 7:00 am - An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve data. The article is an interesting read and reveals how Copilot can reveal data in password protected Excel worksheets. However, many of the issues raised can be controlled by applying available controls, and the biggest worry is lhow the account being used to run Copilot came to be compromised!
  36. How to Enhance Copilot Usage Data May 9, 2025 7:00 am - Copilot usage data can be pretty sparse, but it's easy to enhance the data to gain extra insight into how Microsoft 365 Copilot is used within a tenant. In this case, an administrator wanted to have department and job title information available for each Copilot license holder, so we combined the Copilot usage data with details of Entra ID user accounts with Copilot licenses to create the desired report.
  37. The Downside of Losing the Exchange Mailbox Audit Search Cmdlets May 8, 2025 7:00 am - Microsoft recently announced the deprecation of the Exchange cmdlets to search for mailbox audit data. The audit data is ingested into the Microsoft 365 unified audit log, but it’s more difficult to find and retrieve Exchange mailbox audit events. Methods are available to find mailbox audit data, but interpreting what comes back is different. Any script that depends on the old cmdlets must be updated to interact with the unified audit log.
  38. How to Permanently Remove Mailbox Items with the Graph API May 7, 2025 7:00 am - Some new Graph APIs were announced on April 1 to close a feature gap with EWS. The new APIs permanently remove mailbox items and other objects, including folders, calendars, and calendar items. Permanent deletion means that items cannot be recovered through clients because they end up in the Purges folder in Recoverable Items. This article explains how the new APIs work, including a practical example.
  39. How Microsoft 365 Copilot Tenants Benefit from SharePoint Advanced Management May 6, 2025 7:00 am - At Ignite 2024, Microsoft said that Copilot for Microsoft 365 tenants would benefit from SharePoint Advanced Management (SAM). What does that mean? Well, it doesn’t mean that Copilot tenants get SAM licenses, which is what many expect. It does mean that SAM checks for Copilot before it lets tenants use some, but not all, of its features. Read on…
  40. Microsoft Extends DLP Policy for Copilot to Office Apps May 5, 2025 7:00 am - First introduced in March 2025 to block access to sensitive documents by BizChat, Microsoft has extended the DLP policy for Copilot to cover the web and desktop versions of the Office apps (Word, Excel, and PowerPoint). The implementation works but could confuse users. It might be better if Microsoft simply removes all traces of Copilot when working with files subject to the DLP policy.
  41. The Return of the General Channel May 2, 2025 7:00 am - Last year, Microsoft removed the need to have a General channel in a team. Now the General channel is making a comeback, and you can choose to have one in a team. If you choose to have a General channel, it appears at the top of the channel list. If not, Teams sorts the channel list alphabetically. In other news, code snippets are being replaced by code blocks and the end of classic Teams is nigh.
  42. May 2025 Update for the Office 365 for IT Pros eBook May 1, 2025 3:00 am - Subscribers for Office 365 for IT Pros (2025 edition) eBook can download the May 2025 updates (#119) now. Update #11.3 for the PowerShell book is also downloadable. Another month brings a new batch of changes, updates, and new information. The Microsoft 365 conference happens this month, and Microsoft might disclose some interesting nuggets there, but only about SharePoint, OneDrive, or Teams. Oh well… on to June.
  43. Microsoft Introduces Control for Direct Send in Exchange Online April 30, 2025 7:00 am - The Direct Send feature allows apps and devices to send unauthenticated email via Exchange Online to internal receipts. Microsoft doesn’t want unauthenticated connections to send email because these connections could be hijacked by spammers. Enter the Reject Send feature to block Direct Send. Reject Send is in preview now but Microsoft wants it to be the default setting in the future.
  44. How to Find Active EWS-Based Apps in a Microsoft 365 Tenant April 29, 2025 7:00 am - Microsoft will retire Exchange Web Services (EWS) from Exchange Online on October 1, 2026. A new usage report helps tenants understand what apps use EWS. Many of the apps are likely to be first-party (Microsoft) apps, but some might be third-party apps developed externally or internally. Those apps need to be retired or upgraded to use Graph APIs. Time is slipping away to do the work.
  45. Automating Microsoft 365 with PowerShell Update #11 April 28, 2025 7:00 am - Update #11 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download. The eBook is now over 300 pages long and includes extensive coverage of using PowerShell to interact with Exchange Online, Teams, Planner, SharePoint Online, and OneDrive for Business data using workload modules or the Graph APIs (and Microsoft Graph PowerShell SDK).
  46. Copilot’s Solution to Fix Grammar and Spellings April 25, 2025 7:00 am - Microsoft 365 Copilot will soon introduce a feature to fix spelling and grammar errors with one click. At least, that's the promise when Microsoft delivers the new feature in late April 2025. It seems like a good idea to do everything with a single pass to generate error-free text that the user can accept or reject. Quite how well this works in practice remains to be seen.
  47. Replacing Litigation Holds with an eDiscovery Case April 24, 2025 7:00 am - Litigation holds were great when introduced with Exchange 2010. Fifteen years on, better methods exist to preserve user information, like eDiscovery holds. It might seem unnatural to move from litigation holds to eDiscovery cases, but this approach allows the preservation of both mailbox and OneDrive content for as long as necessary. Retention policies can serve the same purpose, so choice exists for modern preservation.
  48. Microsoft Retires Exchange Server OWA Access to Online Archives April 23, 2025 7:00 am - Microsoft's April 17 announcement that OWA in Exchange Server will not support access to online archives after May 12, 2025, surprised quite a few people. However, the decision is entirely logical and is driven by falling mailbox numbers on-premises and the need to match engineering and support costs with revenue. Outlook classic continues to support access to online archives. Maybe Outlook will be the Exchange on-premises client for the future.
  49. Exchange Online Moves Closer to Dumping EWS April 22, 2025 7:00 am - Microsoft is introducing a Dedicated Exchange Hybrid App to facilitate the transition away from EWS to use Graph API requests for rich hybrid coexistence (free/busy, Mail Tips, and user photos). The plan involves the creation of an Entra ID app to hold EWS permissions (stage 1) followed by Graph permissions (stage 2). Everything has to be complete by October 1, 2026, because that’s when EWS goes away.
  50. An Account Blocked by MACE Credential Revocation is A Good Way to Start a Saturday Morning April 21, 2025 7:00 am - The last thing you want on a Saturday morning is to find that Entra ID has blocked your account because of leaked credentials. Even though the account is protected by MFA, it’s still important to remediate the event by changing its password. A check against some beta sign-in metrics shows that no one has tried to use the leaked credentials, so that’s good.
  51. How to Report the Sponsors of Entra ID Guest Accounts April 18, 2025 7:00 am - Entra ID populates the sponsor property for new guest accounts with details of the person who invites the guest to the tenant. It's data that can be used for different purposes, such as having someone to justify the continued presence of a guest account in a Microsoft 365 tenant. This article explains how to report guest accounts and their sponsors with some straightforward PowerShell.
  52. Important Purview eDiscovery Changes Take Effect in May 2025 April 17, 2025 7:00 am - Microsoft is making some important changes to Purview eDiscovery from May 26, 2025. The changes affect how content searches work and are likely to affect many Microsoft 365 tenants. Administrators and eDiscovery investigators will both have to master new ways of working with eDiscovery cases, searching for information, reviewing search results, and exporting what’s found. Changes to PowerShell cmdlets might affect scripts, so there’s lots to consider.
  53. Licensing Auto-Label Policies for Sensitivity Labels April 16, 2025 7:00 am - Microsoft Purview makes it easy to apply sensitivity labels to Office documents and PDF files with auto-label policies. Licenses are needed for auto-label policies, but at what cost? We look at the various licenses available to cover the functionality and consider if a DIY approach using the Graph API to apply labels would be cost effective.
  54. Entra ID to Disable Service Principal-Less Authentication April 15, 2025 7:00 am - Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn't exist today but might in the future. The strange thing is that many Microsoft 365 applications seem to use service principal-less authentication. Microsoft will take care of first-party apps before March 2026, but there’s work to do for apps from other vendors.
  55. Microsoft Attempts to Fix Microsoft Graph PowerShell SDK Problem with Azure Automation April 14, 2025 7:00 am - V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version to make it possible for the SDK to work with Azure Automation runbooks again and address many of the obvious problems that should never have appeared outside Microsoft. It will take time for customer confidence to be restored.
  56. Are Microsoft E5 Licensing Add-Ons a Good Deal? April 11, 2025 7:00 am - The Microsoft E5 Security add-on is available for Microsoft 365 Business Premium (and other) tenants. The add-on looks like a bargain because the bundle offers significant value over individual licenses, but is it really? Like everything in life, unless you can use something, there’s no point in having it. In this case, have a plan to use E5 Security to deliver measurable results before you hand over any more license revenue to Microsoft.
  57. Reporting the Creation of SharePoint Agents April 10, 2025 7:00 am - Any site member can create a SharePoint agent. There’s no out-of-the-box method to report the creation of agents, but agents are created like any other file, and SharePoint Online captures audit records for file creations. Some PowerShell retrieves the file creation events and extracts the necessary information about who is creating agents and what sites the agents are created in.
  58. Use Auto-Label Policies to Protect Old Files from Copilot April 9, 2025 7:00 am - Often Microsoft 365 tenants have large numbers of old but confidential documents that they need to protect and stop Microsoft 365 Copilot finding. Auto-label policies and trainable classifiers can apply sensitivity labels to protect Office files from Microsoft 365 Copilot using the DLP policy for Copilot. It's a great example of combiining Microsoft 365 features to achieve a goal.
  59. How to Report Who Shared What File From SharePoint Online Sites April 8, 2025 7:00 am - File sharing is at the heart of SharePoint Online. Being able to report file sharing events by analyzing the audit log is a good skill for Microsoft 365 tenant administrators to have. It allows administrators to know who shared what with whom and if the information being shared is protected adequately with sensitivity labels. But reporting file sharing is not just a matter of retrieving audit events. Work is necessary to refine and extract the goodness from the data.
  60. Microsoft Defender for Office 365 Exposes Bad Links in Email Preview April 7, 2025 7:00 am - Microsoft Defender for Office 365 includes many tools to help investigators manage threat. The Email Preview tool shows the layout and appearance of the messages with which attackers try to fool recipients. It’s a valuable way of understanding how threat penetrates. But a recent change makes bad links in the email preview clickable, and that doesn’t seem like a good idea.
  61. Bringing Artificial Intelligence to Entra ID Conditional Access April 4, 2025 7:00 am - The Conditional Access Optimization Agent is one of 6 Security Copilot agents unveiled by Microsoft on March 24, 2025. The idea is that the agent can optimize CA policies by observing the connectivity behavior within a tenant. The agent can suggest how to fill gaps in CA coverage, detect new users and apps, and generally be helpful. Is it worth it? Experience will tell...
  62. Transferring Meeting Ownership From an Ex-Employee Can Be Hard Work April 3, 2025 7:00 am - Neither Outlook nor Teams includes a transfer meeting ownership feature for user calendars. Moving meetings owned by an ex-employee to give someone else the ownership requires manual intervention to find and reschedule meetings. Administrators can cancel future meetings for a user. In this article, we explore how to generate a report of meetings that might need to be rescheduled.
  63. How SharePoint Online Restricted Content Discovery Works April 2, 2025 7:00 am - Restricted Content Discovery (RCD) is a solution to prevent AI tools like Microsoft 365 Copilot and agents accessing files stored in specific sites. RCD works by setting a flag in the index to stop Copilot attempting to use files. RCD is available to all tenants with Microsoft 365 Copilot and it’s an excellent method to stop Copilot finding and reusing confidential or sensitive information.
  64. Office 365 for IT Pros April 2025 Update April 1, 2025 7:00 am - The April 2025 Update for the Office 365 for IT Pros eBook is now available for subscribers to download. This is monthly update #118 for Office 365 for IT Pros. The Automating Microsoft 365 with PowerShell eBook also receives an update to version #10. With sending messages to the wrong place in the news, we also consider whether the same problem can arise with Microsoft 365. It can, but mitigation exists.
  65. How to Find Who Assigned Retention Labels to SharePoint Files March 31, 2025 7:00 am - A reader asked if it's possible to discover who made retention label assignments for SharePoint files. The Files Graph API can't tell you who (or what policy) made retention label assignments, but it’s possible to find this information in the audit log and use that data to report the requested information. All with a few lines of PowerShell!
  66. Duplicate Mail User Objects Created for Guest Accounts March 28, 2025 7:00 am - The February 2025 EX1015484 incident explains why mail user objects with duplicate SMTP addresses are created for guest accounts. That’s a problem because Exchange Online can’t route messages to objects with duplicate email addresses. Fortunately, you can find out if any duplicates exist in your tenant with some PowerShell. Problems happen!
  67. Artificial Intelligence, PowerShell, and Microsoft 365 Administration March 27, 2025 7:00 am - Artificial Intelligence and PowerShell should be a good thing to help hard-pressed Microsoft 365 tenant administrators cope with common tasks. The early signs are there with Copilot in the Microsoft 365 admin center. However, the current state of the art depends on what’s gone before and can’t handle the kind of complex automation that tenants sometimes need, like generating a licensing report from Entra ID, product information, and license costs.
  68. How to Stop Microsoft 365 Users Uploading SharePoint Online and OneDrive for Business Files to ChatGPT March 26, 2025 7:00 am - Microsoft 365 users can connect their OneDrive for Business account to ChatGPT. This is not a great thing because it exposes the potential for sensitive corporate information to be exposed outside the organization. How can you block ChatGPT Access to OneDrive? The best way is to stop people from using the ChatGPT app. If that’s not possible, make sure to encrypt confidential files with sensitivity labels.
  69. Why Teams Clients Prompt for Your Location March 25, 2025 7:00 am - Teams Windows and Mac desktop clients have started to prompt users about location privacy. Location data is used by several Teams features like the Call Quality Dashboard and emergency calling, so it's good to allow access. These are Teams Phone features that you might not care about, but keeping an eye on location privacy is a good thing in case the data is used elsewhere.
  70. Microsoft’s Attempts to Improve the Teams UI Are Not Always Successful March 24, 2025 7:00 am - Microsoft is tweaking the auto-hide inactive channels feature to make it less automatic and more user controllable (opt-in). It's a good change for Teams to make. In other news, I’ve reverted to the old method of accessing chats and channel conversations because the new experience doesn’t work for me. Both situations prove how hard it is to make GUI changes to popular applications.
  71. Copilot in Outlook Gets a Revamp March 21, 2025 7:00 am - Microsoft has given the Copilot for Outlook UI a revamp to make the UI easier to use. The new UI is certainly better and reveals the option to rewrite as a poem. Not that sending poetic emails will make much difference to anyone, but the revamp proves once again that good design makes a difference. Overall, the new UI is a sign that Copilot is maturing after its hectic start.
  72. Use Data Loss Prevention to Stop Microsoft 365 Copilot Chat from Processing Documents in Its Responses March 20, 2025 7:00 am - The DLP policy for Microsoft 365 Copilot blocks access to sensitive files by checking for the presence of a sensitivity label. If a predesignated label is found on a file, Copilot Chat is blocked from using the file content in its responses. The nicest thing is that the DLP policy prevents users knowing about sensitive information by searching its metadata.
  73. Updating Email Addresses After Removing Domains March 19, 2025 7:00 am - Microsoft 365 makes it easy to remove domains. However, if you remove a domain and don't adjust email proxy addresses, some fix-up might be needed to make sure that mail-enabled objects don’t have primary SMTP addresses or proxy addresses that use the removed domains. This article explains how to fix up mail-enabled objects with PowerShell to remove traces of any removed domains.
  74. Facilitator Agent Brings AI-Powered Notetaking to Teams Chat March 18, 2025 7:00 am - The Facilitator agent can make sense of the messages posted to a Teams chat and summarize the discussion and extract to-do items and unanswered questions. It’s a very practical tool that allows chat participants to focus on the ebb and flow of a conversation instead of pausing to take notes. A Microsoft 365 Copilot license is required before you can use AI Notes in Teams chat.
  75. Time to Remove the Old Report Message Add-Ins March 17, 2025 7:00 am - Microsoft says that the Report Button is now available for all Outlook clients and it's time to remove the old Report Phishing and Report Message add-ins. A note in the documentation says that the old add-ins are unsafe, but Microsoft is probably more concerned about getting rid of COM-based add-ins. In any case, a single button to handle all aspects of reporting suspicious email seems like a good idea.
  76. SharePoint Online PowerShell Module Gets Modern Authentication March 14, 2025 7:00 am - Microsoft has announced that the SharePoint Online PowerShell module will be upgraded from the very old and now obsolete IDCRL protocol to use modern (OAuth) authentication in versions released from March 28, 2025. The update to OAuth should not affect scripts, but it’s always wise to test in case your use of the module is an edge case that Microsoft doesn’t test.
  77. Why Only Web-Based Outlook Clients Can Recall Encrypted Email March 13, 2025 7:00 am - The new message recall facility has been around since 2022. Even after Microsoft revamped the feature in 2023, it's still only possible to recall protected messages with OWA and the new Outlook. As it turns out, the reason is that a premium license is needed and Outlook classic might need some new code to check for that license. In other news, Outlook mobile now supports message recall.
  78. How to Send Outlook Newsletters with Email Communication Services March 12, 2025 7:00 am - Outlook Newsletters are intended for internal communications, at least for the preview. It's possible to take the HTML for a newsletter and send it with Azure Email Communication Services (ECS), the PAYG service for bulk email. It sounds like a good way to use Outlook Newsletters to share information with customers and other external recipients. Some manual intervention makes everything works. It would be great if Microsoft tweaked Outlook to remove the rough edges.
  79. Microsoft Imposes 1-Year Retention for Teams Meeting Attendance Reports March 11, 2025 7:00 am - Microsoft has enabled a one-year retention policy for Teams meeting attendance reports. Tenants can't opt out of the policy or set a different retention period. Microsoft says that the new policy exists to make sure that Teams complies with the Microsoft privacy policy. Another way of looking at the situation is that the new policy will simply remove some old data that no one ever looks at.
  80. Exchange Online Restricts the Number of Dynamic Distribution Groups March 10, 2025 7:00 am - Exchange Online is imposing a new tenant-wide limit of 3,000 Dynamic Distribution Groups. Few tenants might be affected, but the question might be asked why Microsoft is limiting DDGs at this point. Is it a cunning plan to prompt people to use dynamic Microsoft 365 groups instead? Or are some tenants abusing DDGs in weird and wonderful ways? Who knows, but the limit applies from early April 2025.
  81. The New Outlook Gains Colored Folder Icons March 7, 2025 7:00 am - Colored folder icons does not seem like a new feature that should appear in an email client that's been around for a long time, but the new Outlook for Windows and OWA now both offer users the ability to choose different colors for folder icons. Apparently, this is an important step forward in the development of the new Outlook and might just be the killer feature to convince the curmudgeons who use Outlook classic to switch.
  82. Using iOS Build Numbers in Exchange ActiveSync Device Access Rules March 6, 2025 7:00 am - A change made in late 2024 allows Microsoft 365 tenants to use IOS build numbers in Exchange ActiveSync device access rules. Apparently, the idea is that tenants can insist that people use iOS devices with very specific build numbers (like iOS 18.3.1 22D72) before the devices can synchronize with Exchange Online mailboxes. You never know when you might need the feature (or so they say).
  83. How to Create and Send an Outlook Newsletter March 5, 2025 7:00 am - Outlook Newsletters is an app for the new Outlook and OWA that allows users to create and send good-looking newsletters to internal recipients. It’s an easy-to-use app created using components drawn from across the Microsoft 365 software toolbox that will be of interest to anyone who needs to send internal newsletters on a regular basis.
  84. Microsoft Graph PowerShell SDK V2.26.1 Remains Flawed March 4, 2025 7:00 am - The developers rushed out Version 2.26.1 of the Microsoft Graph PowerShell SDK to fix some obvious issues. Alas, problems persist in PowerShell SDK cmdlets, including licensing failures and an issue that prevents the Connect-MgGraph cmdlet from being able to obtain an access token from Entra ID. My advice is to stay with V2.25 until Microsoft resolves the problems and generates a new stable version of the SDK.
  85. Office 365 for IT Pros March 2025 Update March 3, 2025 7:00 am - The Office 365 for IT Pros writing team is thrilled to announce that monthly update #117 for March 2025 is now available for subscribers to download from Gumroad.com. The March release also includes an update (#9) for the Automating Microsoft 365 with PowerShell book. In a world where change happens all the time, it’s nice (but a lot of work) to keep pace with developments.
  86. New PAYG Service to Classify Historical SharePoint Data February 28, 2025 7:00 am - There's no doubt that SharePoint Online sites and OneDrive for Business accounts hold lots of old files. A new On Demand Classification PAYG service aims to find and classify that data and apply sensitivity and retention labels based on policy settings. It’s a good idea for tenants that has these kinds of cold files hanging around gathering dust without anyone knowing if any of the files hold confidential information.
  87. SharePoint Online Adds Support for Sensitivity Labels with User Defined Permissions February 27, 2025 7:00 am - SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft Search, DLP, eDiscovery, and content searches, but only for files processed by Microsoft Search. Processing happens automatically when new files are created or existing files are edited, so making all UDP-protected files searchable will take some time. Indexing doesn't make UDP-protected files available to Copilot.
  88. Microsoft Removes Reactivation Fee for Archived SharePoint Sites February 26, 2025 7:00 am - Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage higher use of Microsoft 365 Archive to store old but wanted material in a safe location while removing it from the view of apps like Microsoft 365 Copilot. The reduction in fees does not apply to archived OneDrive for Business accounts.
  89. Microsoft Graph PowerShell SDK Runs into Choppy Waters February 25, 2025 7:00 am - A bunch of problems with V2.26 of the Microsoft Graph PowerShell SDK V2.26 make the software unusable. Not only did Microsoft do a horrible job of testing the new release before making it available to customers, but they also failed to communicate the level of change in the new SDK and how it could impact Azure Automation runbooks.
  90. Tracking Down Bootleg Copies of Office 365 for IT Pros February 24, 2025 7:00 am - Free downloads of Office 365 for IT Pros, normally in PDF format, are available from sites around the internet. All are illegal and outdated copies. Some go back as far as the fifth edition (2018). Downloading and sharing illegal copies is a violation of our copyright, and we protest these actions by notifying the sites that they’re hosting illegal content. Most sites take down the PDFs quickly, but chasing this kind of stuff is still painful.
  91. Another Nail in the Exchange Web Services Coffin February 21, 2025 7:00 am - Exchange Web Services (EWS) will retire in October 2026. Tenants that still need to use EWS must explicitly set EWSEnabled to true in the organization configuration. If they don’t, the previous rule that allows mailboxes enabled for EWS to function won’t work. The change is part of the preparation for the phase-out of EWS. To help, we’ve written a script to send email to administrators listing accounts still enabled for EWS.
  92. Why Microsoft 365 Copilot Works for Some and Not for Others February 20, 2025 7:00 am - Some people get great results from AI tools like Microsoft 365 Copilot. Others struggle to make Copilot useful. As an article by a Microsoft product manager points out, the reason might be the way we use Copilot. If you don’t give Copilot the right data to work with and don’t ask the right questions through well-structured prompts, there’s no prospect of good answers.
  93. Processing Multiple Message Attachments with the Microsoft Graph PowerShell SDK February 19, 2025 7:00 am - Many examples are available online to explain how to add a single attachment to messages using the Microsoft Graph PowerShell SDK. Here we look at the principles behind how to add attachments (one or many) to messages before sending them with the Send-MgUserMail cmdlet. Get the principles right and you’ll never go wrong!
  94. Update #9 for Automating Microsoft 365 with PowerShell eBook February 18, 2025 7:00 am - The Automating Microsoft 365 with PowerShell eBook is now at update #9. The latest update spans 300 pages of content covering how to use PowerShell with the Microsoft 365 workloads, including Exchange Online, SharePoint Online, OneDrive for Business, Teams, Planner, and Entra ID. There’s no other book that includes so many worked-out examples of how to get things done with PowerShell and Microsoft 365.
  95. Purview Retires the Events Alert Capability from Audit Solution February 17, 2025 7:00 am - Microsoft has announced the removal of events alerts from the Purview Audit solution. Fortunately, the decision doesn't affect activity alerts. Audit-based activity alerts are a way for tenants to mark events that they want to be notified about through email when these events appear in the unified audit log. Although they remain available, better ways exist to monitor critical audit events. The only problem is deciding which approach to take.
  96. Microsoft Graph PowerShell SDK Needs to Fix Its Password Problem February 14, 2025 7:00 am - The Microsoft Graph PowerShell SDK offers developers easy access to data across the Microsoft 365 ecosystem and that’s good. However, there's a problem with Graph SDK plain text passwords that must be fixed. In today’s threat climate, passwords should be passed as secure strings. It’s a small but important step to improve overall security.
  97. How to Index and Search SharePoint Online Custom Columns February 13, 2025 7:00 am - SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they're properly indexed to become searchable. This article explores how even non-SharePoint administrators can create, index, and search custom columns. The key thing is to take your time. SharePoint cannot be rushed!
  98. How to Use Bulk User Operations in Entra Admin Center February 12, 2025 7:00 am - A new preview option in the Entra admin center supports the ability to update multiple Entra ID accounts. You can update properties, add managers and sponsors, update group membership, revoke account access, and so on. The only surprising thing about the new option is that it’s taken Microsoft so long to add it to the admin center.
  99. Use Protected Actions to Stop Attackers Hard-Deleting Entra ID Accounts February 11, 2025 7:00 am - An article about the horrible devastation that an attacker can wreak inside a compromised Microsoft 365 tenant highlighted how protected actions can help by preventing attackers from being able to permanently remove user accounts unless they can pass additional authentication tests. Protected actions won’t stop attackers that have complete control over a tenant, but it might irritate them!
  100. Primer: Using Exchange Online PowerShell in Azure Automation Runbooks February 10, 2025 7:00 am - In this primer, we cover how to create and execute Azure Automation Exchange Online runbooks (scripts) using cmdlets from the Exchange Online management module. Some setup is necessary before runbooks can process Exchange cmdlets, but once the necessary resources and permissions are in place, it’s all plain sailing. The next challenge is how to output data created in a runbook...
Exit mobile version