The only always up-to-date book about the cloud Office system in Microsoft 365 covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more
The June 2021 (and last) update is available for the Office 365 for IT Pros eBook (2021 edition). A new edition is being worked on and will be available next month. The June update spans 19 of 24 chapters. Subscribers to the EPUB/PDF version can download the updated files from Gumroad.com while Kindle buyers must contact Amazon support to ask for their content to be refreshed.
Because it sits on top of so many Microsoft 365 components, Teams is easily the hardest Office 365 workload to backup. You can try to backup Teams by copying its compliance records stored in Exchange Online, but that’s only a partial (and bad) solution that utterly fails to take the full spectrum of Teams data into account.
Now rolling out to Office 365 tenants, Teams meeting organizers can review the attendance data for meetings and webinars in a new dashboard. The same data can be downloaded to a CSV file for analysis. Teams stores the attendance report data in the Exchange Online mailbox of the meeting organizer. It’s a good example of the Microsoft 365 substrate in use.
A preview for Sensitivity Labels show how they can use Azure AD authentication contexts and conditional access policies to protect SharePoint Online sites. Although you can link conditional access policies to sites with PowerShell, it’s a lot easier to make the connection through sensitivity labels. Any SharePoint Online site which receives a label configured with an authentication context automatically invokes the associated conditional access policy to protect its contents.
Sometimes it’s wise to give PowerShell scripts a turbo boost. This is certainly true for the Groups and Teams Activity report script, where a large amount of PowerShell processing has been replaced with speedy Microsoft Graph API calls. The result is much faster processing, which means that the script is more useful in large tenants. I still wouldn’t try to run it against 100,000 groups, but anything smaller should be OK. I think!
New PowerShell commands for sensitivity labels can configure default sharing link settings for SharePoint Online sites. Any site assigned a label configured for default sharing links inherits those settings within 24 hours. The new settings are in public preview now with general availability expected later this year. They build on the existing set of controls for container management available for sensitivity labels and show how powerful it is for organizations to be able to deploy management policy settings via labels.
Finding out which Azure AD accounts have licenses (service plans) for different applications isn’t difficult. You can do it with either PowerShell or the Microsoft Graph API. This article explains how to use PowerShell (and the equivalent Graph API call) to find accounts which have a certain license (service plan) enabled or disabled. Once you know how to navigate license data in Azure AD accounts, you can take the code and adapt it for different purposes.
Microsoft’s Collaborative Work Model (CWM) tries to paint a picture of how Microsoft 365 apps help people to organize tasks and get things done more efficiently. CWM isn’t a bad thing, as far as it goes, but it’s just not practical because it ignores the critical role played by email as the glue connecting Microsoft 365 apps together. Or more correctly, email and the substrate. Oh well, it’s only a marketing message…
A new control allows organizers of Teams meetings to disable videos for attendees before or during calls. Organizers and presenters can also selectively enable video for specific attendees. It’s probable that this feature will be most interesting to those who want to run webinars through Teams meetings, but other use cases exist too… like when someone turns up with an objectionable background image!
Anyone writing PowerShell code against Azure Active Directory probably uses the Azure AD module. In June 2022, Microsoft will deprecate the API underpinning the Azure AD module. Tenants who want to use PowerShell to create scripts to automate administrative processes will need to move to Graph API calls or use the Microsoft Graph PowerShell SDK. Either way, there’s a bunch of work to do to upgrade scripts.
Teams mobile clients can translate messages into the preferred language of the device owner by sending text to the Microsoft Translator service. This is the same capability that the desktop and browser clients have had for nearly three years. The implementation works well and is very useful when people want to share their thoughts with others in a channel and need to write in their own language.
Office 365 Cloud App Security (OCAS) is very good at identifying potential problems for tenant administrators to investigate. But don’t think that it’s always right. Humans are often better at resolving issues than computers are, simply because we can use our wider knowledge of how applications work and the Office 365 datacenter network to understand what might be behind an alert. Humans might be slower than computers, but when it comes to resolving OCAS alerts, we’re always better.
Microsoft says a change to Outlook shared calendaring is arguably the biggest made since 1997. That’s all marketing hyperbole because many other more important technical advances have occurred in that time, including drizzle mode synchronization, Autodiscover, and Outlook Anywhere. What’s your favorite Outlook feature since 1997?
Licensing is everyone’s favorite topic. Combine it with information protection and governance and peoples’ eyes glaze over. Even so, it’s important to know what information protection and compliance features need which licenses as you don’t want to get into a position where something stops working because Microsoft enables some code to enforce licensing requirements. This post covers the basics of licensing and how Microsoft differentiates between manual processing and automated processing when deciding if a feature needs a standard or premium license.
The Microsoft 365 compliance center has a new content search UI. The new UI is prettier than before, but it’s also slower and more buggy. After several years of effort to develop content searches, you’d expect Microsoft to do better. A lot betterr. Unhappily, the beauty of the new interface seems to have distracted the engineers from the problems that become all too apparent when you try to use content searches to do real work. What, if any testing, was done to validate the new UI is unknown.
The value of the Teams Approvals app is much improved when organizations create their own approval templates to meet business needs. It’s easy and quick to do, with the only challenge being the limited set of field types available to build the form. Even so, you can get creative and build some nice approvals templates for use everywhere in an Office 365 tenant, limited to just some users, or in a specific team.
A new feature allows Teams meeting organizers to lock a meeting and stop attendees joining. This isn’t a feature for “normal” meetings. Instead, it’s there to protect the privacy of confidential meetings and is the online meeting equivalent of locking the doors to a conference room. Get everyone you want into the meeting and then set up a barrier to joining. Who wouldn’t like that!
Microsoft will soon impose a limit on the number of PST versions kept by SharePoint Online and OneDrive for Business. PST files have no business being in cloud storage, so this is a reasonable step. People shouldn’t keep PSTs in SharePoint or OneDrive document libraries and organizations shouldn’t let them. In fact, you should block PSTs from OneDrive synchronization and make plans to eradicate these pesky files.
The Word for Windows desktop app in Microsoft 365 apps for enterprise boasts “modern comments.” Some good features are included, like snippet previews in the email notifications sent when reviewers post comments to documents. Word even has its own task management capabilities which aren’t linked to Microsoft 365 tasks. That’s about the only bum note sounded by modern comments.
Outlook Mobile now allows users to create delegates for their mailbox in the app without going near administrators. Sounds good, but Outlook Mobile uses its own delegation model, meaning that its permissions don’t work with OWA or Outlook desktop. Using its own permissions might make Outlook Mobile users happy, but it’s a very strange approach to take when the access doesn’t work in the other clients.
Office 365 tenants can connect eSignature applications to Teams approval requests. It’s a good way of combining cloud services to get the best of both worlds. Teams makes it easy for users to create and send approval requests for eSignature while the eSignature provider takes care of the processing. This article covers how to use Adobe Sign with Teams approvals.
Compliance role groups control access to Microsoft 365 compliance functionality. A new permissions page makes it easier to manage these groups in the Microsoft 365 compliance center, where you can also manage the Azure AD roles used by Microsoft 365 compliance. If you want to generate a report about who holds what role, you’ve got to use PowerShell. The code is easy once you know which roles you want to report.
Blocking domains through the Azure AD B2B collaboration policy stops group owners adding new guest accounts from certain domains. It does nothing about existing guests from those domains. Fortunately, it’s relatively easy to check the guest membership of Groups and Teams to find guests from the blocked domains. And once you know those problem guests, you can decide what to do up to and including removing guest accounts from the tenant.
An update to Microsoft 365 apps for enterprise, aka Office Pro Plus, means that Word, Excel, and PowerPoint now suggest files which users might want to open. Although the traditional Most Recently Used (MRU) list isn’t being replaced, the set of suggested files is device independent and based on other activity than just simple file opens.
A report saying that Teams would record every meeting automatically caused some concern, but it’s untrue. Instead, ISV solutions are available to allow companies which need to record meetings to create compliance policies to assign to specific users so that their meetings are recorded to meet legal or regulatory requirements. It would be nice to be able to update meeting options so that organizers could opt for automatic recording of certain meetings. Maybe that’s what Microsoft meant when they responded to a User Voice request. No doubt, time will tell.
Without any fanfare, Microsoft released V2.3.1 of the Microsoft Teams PowerShell module on May 10. The new module contains some fixes but little extra functionality. Essentially, this release is all about clearing the decks to prepare for the retirement of Skype for Business Online on July 31, 2021. Those who use the old Skype for Business Online connector need to upgrade their scripts before it stops working on May 15, 2021.
Microsoft Teams Connect now allows external (federated) people to join group chats. Federated participants come from other Microsoft 365 tenants. Previously, federated chats were only supported for 1:1 conversations, but as part of the effort to prepare for the introduction of shared channels (also based on federation), multiple external participants can join a group chat.
Without warning (for security reasons), Microsoft stopped the Exchange Online Set-User cmdlet being able to update the work and mobile numbers for Azure AD accounts. We don’t know what kind of security concerns caused Microsoft to take this action, but it might be associated with administrative roles. In any case, this disappointing example of how to communicate with customers might end up with people having to update some PowerShell scripts – and no one likes unexpected work.
Azure B2B collaboration is used by Microsoft 365 Groups-based apps like Teams, Planner, and Yammer to create new guest accounts. You can update settings in the Azure AD portal to stop new accounts from specific domains or restrict guests to a list of known domains. But before you go ahead and update the settings, it’s a good idea to know where existing guest accounts come from. It’s easy to create a report with PowerShell. The next step might be to remove guests from offending domains.
Microsoft 365 eDiscovery features will respect documented limits from May 10. The changes are likely made to conserve resources consumed by searches against the massive amounts of data now found in Office 365 tenants. The changes probably won’t affect eDiscovery investigators except in reminding everyone that the items shown in search preview are only a representative sample of what can be found by a full search.
Teams meeting organizers can control which participants can bypass the meeting lobby to join automatically, Microsoft has increased the set of available lobby options to handle a range of conditions from all-comers calls to those to discuss sensitive and confidential information. Here’s a quick review of the available options and what each does.
Exchange Online assigns large mailbox quotas to users. These quotas are needed to cope with the volume and size of modern email. What used to take 2 KB in 1996 now consumes 60 times more. And while email is more graphical and prettier to look at, you’d wonder if the value of the actual content has changed much, if at all.
Organizers of Teams meetings can create polls to use during their event. The polls now boast some AI capabilities to help organizers choose the right questions. Organizers can also create and launch polls using the Teams mobile client. This seems to be taking mobility a little further than you might want to use it, but I guess some people run meetings from large iPad devices.
Microsoft has announced that Whiteboard will move its storage from Azure to OneDrive for Business. It’s a good move because it addresses several important issues. around search, eDiscovery, compliance, and data governance The switchover is due in October 2021, but Office 365 tenants will get an opt-in choice to move earlier.
The May 2021 update for the Office 365 for IT Pros (2021 edition) eBook contains changes to 20 of the 24 chapters. The changes cover many topics from Microsoft’s FY21 Q3 results to new sensitivity labels settings for Outlook. Now spanning over 1,300 pages, Office 365 for IT Pros is packed full of practical and most importantly, up-to-date knowledge and guidance about Office 365, Exchange Online, SharePoint Online, OneDrive for Business, Teams, Planner, Azure AD, PowerShell, the Microsoft Graph, and many other topics.
Microsoft is rolling out a new calendar board view for OWA. The new board looks very similar to a Project Moca board, which isn’t surprising because it’s a customized Moca board tailored to focus on the calendar. There’s no news yet when Project Moca might exit its current preview status, but maybe the new view will help by convincing people about the worth of configurable boards.
For whatever reason, Microsoft decided to cancel plans to remove the Top Senders and Recipients report from the SCC, citing customer feedback as the reason. The thing is that the SCC report and its underlying cmdlet use an old data source. The Microsoft Graph Reports API is the modern approach and an adequate replacement usage reports is available in the Microsoft 365 admin center. I really can’t understand why anyone would want to keep the old report as it’s not very good at all.
In their FY21 Q3 results, Microsoft announced that Teams now boasts 145 million daily active users. That’s a growth of 30 million over the last six months. Office 365 now has nearly 300 million paid seats. A paid seat is different to an active user, but Microsoft loves to mix up its data so that people believe what Microsoft wants them to think. In any case, the numbers are impressive.
Over time, a Microsoft 365 tenant might accumulate many Azure AD integrated apps. Do you know what these apps do or who uses them? It’s good to do a regular audit and cleanout of unwanted apps left behind for tests, trials, or expired applications. We use a script published on Practical365.com to grab the data from Azure AD and then import it into Microsoft Lists. The results we got might surprise you.
Exchange Online supports the ability to send email using any SMTP proxy address assigned to a mailbox. Following the announcement of the feature, users had many questions including what clients can be used. Here are some common questions and answers about the feature, including some PowerShell to report the set of proxy addresses assigned to user mailboxes.
The Teams developers are very proud that the new emoji picker expands the set of available emojis from 85 to over 800. No doubt some will welcome the increase. It will leave others cold as they wonder why Microsoft uses development resources to fill what seems to be an unimportant gap. In any case, the new emoji picker comes to Teams near you sometime soon. Enjoy!