The only always up-to-date eBook for Microsoft 365
The Microsoft FY24 Q3 results didn’t contain any new user numbers for Office 365 or Teams. However, we did learn that Copilot and Azure are popular words in the Microsoft lexicon. As usual, statistics were introduced without context, but investors won’t really care too much as Microsoft continues to generate tons of revenue at a healthy margin, especially from its cloud business.
Teams group chats are getting a new Meet Now experience. Is that good news? Well, it’s not an earthshattering change, but it is a nice change because it simplifies the way the Meet Now feature works. It’s the kind of change that software vendors make to tidy up the loose ends in a product.
A reader asked if it is possible to script sending chat messages. In this article, we explore how to compose and send Teams urgent messages to a set of recipients using Microsoft Graph PowerShell SDK cmdlets. The conversation with each recipient is a one-to-one chat that Teams either creates from scratch or reuses (if a suitable one-on-one chat exists).
Some years ago, I wrote a script to demonstrate how to remove service plans with PowerShell. This article describes some upgrades to make the script even better by improving the code and leveraging complex Microsoft Graph queries against the license information stored for Entra ID user accounts. It’s PowerShell, so feel free to change the script!
The M365 Conference takes place in Orlando, FL from April 28 to May 2, 2024. I have two sessions, but my attempts to find sessions that cover all of Microsoft 365 failed because there’s no coverage of Entra ID and Exchange Online. Instead, the Microsoft priorities like Copilot, Viva, and SharePoint take front and center stage. I think that’s a pity, but maybe the reason is because speakers don’t submit sessions covering Entra ID and Exchange Online topics?
License management is a core competence for Microsoft 365 tenant administrators. This article explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It’s the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
April 11 saw the general availability of Microsoft Graph activity logs, a new set of data recording details of Graph API HTTP requests made in a tenant. The logs are intended to help security analysts understand actions taken by apps in a tenant such as data access or configuration updates. Before working with Graph activity logs, security analysts will need to understand Graph API requests and the context they’re made.
Although the trend is toward password authentication, many Microsoft 365 tenants still use passwords and some force users to change passwords regularly. This article explains how to create a password expiration report with PowerShell. The script caters for where a tenant password expiration policy is set for passwords to never expire. If anything else, it’s yet another example of how to extract information using PowerShell.
Exchange Online announced two important changes on April 15. SMTP AUTH is being depreciated and a new external recipient rate limit is being introduced. The changes are intended to improve the security of Exchange Online. The introduction of an external recipient rate limit is also intended to reduce the ability of spammers to abuse the platform.
The Maester tool is a community initiative to create a tool to help tenant administrators improve the security of their Entra ID tenants. It’s still in its early stages, but even so Maester shows signs that it will be a valuable asset for administrators who want to learn more about securing their tenant against possible external compromise.
Microsoft Teams now boasts the ability to add customizable group chat pictures to what might be otherwise a set of chats with not-very-good generated pictures. The idea is to make it easier for people to find the right group chat in their chat list, Of course, it might be difficult to find just the right picture to use, but Microsoft has selected 36 illustrations and there’s over 1,800 emojis to choose from.
Monarch client security became an issue last year when a German website reported some issues. It turns out that the reported problems are mostly hyperbole, but that hasn’t stopped them persisting, especially when email client competitors like Proton weigh in. It’s regrettable that much of the commentary is based on an incomplete understanding of how Monarch works, but Microsoft doesn’t help themselves by not explaining the facts.
A recent note from Microsoft advised that if your tenant uses classic Azure administrative role, you need to switch to Azure RBAC roles by 31 August 2024. This forced me to think about how many Azure services does my tenant consume. The number was surprising and it’s grown over time, which is why Microsoft 365 tenant admins should pay attention to Azure.
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant federation configuration again to improve how a script works. Instead of taking all the domains guest accounts came from and adding them to the configuration, I created a function to check if the tenant uses Microsoft 365. If it does, we add the tenant to the allow list in the tenant federation configuration. If not, we ignore the domain.
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it only retrieved the first 200 workspaces. I hadn’t realized that the Get-SPOContainer cmdlet supported an odd form of pagination to retrieve workspace data. In any case, I figured out how to page top find all available workspaces and updated the script. It’s just another example of oddness in the SharePoint Online PowerShell module
According to Microsoft 365 notification MC736438, Microsoft is getting tougher at enforcing the rules for Purview information protection licenses. In a nutshell, if administrators and end users don’t have premium licenses, features like automatic labeling policies or default sensitivity labels for document libraries won’t work. Users can still apply sensitivity labels manually.
A new major version of the MsCommerce PowerShell module makes you hope that something good is included in the new code. In this case, it’s hard to know if the developers did anything but increase the major version number for the MsCommerce module. Not much has changed. The module is as bad as ever, but at least it can be used to disable self-purchases of all supported licenses, which is all that’s really important.
The unified audit log includes Copilot for Microsoft 365 audit events captured when users interact with Copilot through apps. The information is very helpful in terms of understanding the usage of Copilot in different apps (apart from Outlook, which isn’t captured). Some care needs to be taken to understand the data and interpret the audit events, but that’s usual when dealing with Microsoft 365 audit data.
Microsoft announced a new component for OWA distribution list management but clearly the engineers never took role assignment policy customizations into account. If they had, they wouldn’t have created something that ignores the way organizations block end user ability to create new distribution lists. It’s just a sad indication of Microsoft’s attitude to one of the workhorses of Exchange.
The April 2024 update for the Office 365 for IT Pros eBook is now available for subscribers to download from Gumroad.com or Amazon.com. Like every month, update #107 covers lots of new material to document the changing landscape of Microsoft 365. The author team would appreciate if subscribers download and use the updated version – there’s no point in using old stuff to navigate an ecosystem that changes all the time.
On March 27, SharePoint history reached its 23rd year. That’s a great achievement and SharePoint Online powers many apps. But dark clouds are on the horizon as information governance becomes a real issue for Microsoft 365 tenants. Too much information that is never cleared out is held in SharePoint, a fact revealed by the ability of Copilot to find and consume documents.
Every Microsoft 365 tenant has a tenant identifier, a unique GUID that’s used within the Entra ecosystem to identify a tenant and its objects. Much has changed since I last wrote about this topic in 2021, including the introduction of new Graph APIs to resolve tenant names to identifiers and vice versa.
After the welcome announcement that the Loop app will support external access, thoughts might turn to figuring out who uses the app. Fortunately, it’s easy to answer the question by using data extracted from the unified audit log. Activity records tell us about both licensed user interaction and unlicensed user activity. It’s good to know what people are up to.
A new preview feature supports high completeness audit log searches. These searches are optimized to make sure that they find every matching audit instead of finishing as quickly as possible. High completeness audit log searches do take more time but their results are accurate and they find more records than Search-UnifiedAuditLog was able to in the past. Looks like a good new feature.
Message center notification MC734281 explains that Copilot for Microsoft 365 will get better grounding for Word, Excel, PowerPoint, and OneNote from April 2024. After the update, the apps will be able to ground user prompts by using Graph and web searches to find relevant information. Being able to generate accurate text seems like a good thing for an AI tool, and there’s no doubt that better grounding will help. But why is it appearing six months after the general availability of Copilot for Microsoft 365?
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I’ve worked on since 2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous ‘not recognized as a valid datetime’ problem, so another update was needed. All good, clean fun.
A new convert to internal user preview feature allows Entra ID administrators to convert external accounts to internal accounts. An option is available in the Users section of the Entra admin center or PowerShell can be used to automate the conversion of accounts. It’s a useful feature that should prove popular.
Microsoft 365 Backup costs are charged on a PAYG basis against an Azure subscription. You pay a flat fee of $0.15 per month per gigabyte of protected content. This article discusses calculating the sizes of protected data and reports the costs accrued over two months.
Microsoft’s support for SharePoint Online PowerShell has degraded over the last few years. Pnp.PowerShell is now the best option as not much is happening in the official SharePoint Online management module or the tenant settings Graph API. the lack of progress is a pity, but perhaps it’s also true that community-driven projects sometimes deliver better results.
An article by security researchers Black Hills pointed to some vulnerabilities with incoming webhook connectors and email connections for Teams channels. Fortunately, it seems like Microsoft is making changes to Teams to improve security. Even so, it’s always wise for tenants to keep an eye on how information flows into Teams.
The Loop app is a powerful collaborative platform that has been handicapped up to now with a restriction on its External Sharing capabilities. That restriction is being lifted in a two-phase process starting in April 2024. Tenants without sensitivity labels will get the capability first followed by those that use sensitivity labels.
This article describes how to use sign-in data to identify unused Entra ID registered devices. It’s an imperfect solution because Entra ID doesn’t log device information in many sign-in records. I’m sure there’s a good reason why Microsoft doesn’t capture the device information, but it’s a little frustrating. We have an imperfect and partial solution, but that’s better than nothing.
This article describes the experience of creating a custom quarantine message for Exchange Online Protection to send to those with email held in quarantine. The Microsoft Defender portal allows administrators to create custom settings for up to three languages. My initial attempts failed, but then something happened and all is well. It could just be the difference between English and English…
An interesting LinkedIn post by a Microsoft employees relates how Copilot for Microsoft 365 saves him 14 hours monthly. Reports like this must be taken with a pinch of salt because many factors combine to determine the success individuals achieve with a new technology. However, there’s a ring of truth in this report. The question is can others achieve the same results?
On March 7, Microsoft published a timeline for the New Outlook for Windows client that says that support for the classic client will be until at least 2029. Three phases must be navigated and a lot of functionality added before the new Outlook for Windows can replace Outlook Classic, including fundamental functionality like offline mode.
A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use Microsoft 365 PowerShell and use ISV products instead. It’s a silly position to argue. PowerShell is an important automation tool for administrators that can’t be replaced by any ISV product. ISV products have their place and fill many gaps, but arguing to dump PowerShell and use ISV products instead just can’t be justified.
Restricted SharePoint Search is an answer for customers who don’t like the idea of Copilot for Microsoft 365 being able to find documents in any site the signed-in user has access to. A curated list of 100 sites will be avialable to Copilot along with user data in OneDrive and files that have been shared with or worked on by a user. Will this scheme allow tenants to deploy Copilot while they sort out site permissions? Time will tell, starting in April 2024.
The use of Information Protection sublabels is one of the questions for teams implementing sensitivity labels in Microsoft 365 tenants. Some like the granular appearance of sublabels and consider them a valuable guide to assist users to pick the most appropriate label. Others prefer a simple list of sensitivity labels. Both approaches work well. It’s up to you to decide.
An update allows Teams owners to archive Teams channels. This is an excellent way of keeping old channels online while removing them from open view. The PowerShell cmdlets have not yet caught up the archive channel option so they don’t report this status, but all good things come to those who wait and I’m sure that we will be able to report archived channels soon.
Microsoft has released the View Another Mailbox feature for the new EAC. This is part of the build-out of the new EAC functionality before the retirement of the old EAC. Interestingly, the new feature depends on the old Exchange Control Panel dating back to Exchange 2010. Things aren’t quite as modern and fast as Microsoft says they are.