The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more
The Office 365 for IT Pros eBook team is delighted to announce the availability of the June 2023 update (update #96). Please download and use the new files! This is the last update we’ll issue for the 2023 edition as the 2024 edition will appear in July. Existing subscribers will be able to update to the 2024 edition at a very attractive price when the new book is available.
The success of the PowerShell Community is rooted in sharing knowledge and code. This makes it difficult when a company like Office 365 Reports (AdminDroid) steals code from PowerShell scripts written by other people and uses the code for their commercial purposes. I don’t like when this happens. I don’t like when the miscreant ignores my protest, so this article explains what happened and why this is a simple case of plagiarism.
Work locations are a new concept that OWA and Teams share in an attempt to make it easier for people to schedule meetings with knowledge of where participants are working from. It’s a nice idea but the implementation is sadly flawed because of a lack of flexibility in defining or customizing locations. Let’s hope Microsoft improves the feature in future.
Sometimes, long running PowerShell scripts encounter the problem of Azure AD access token lifetime expiration. In other words, the default lifetime of tokens issued by Azure AD is too short to allow the script to complete before the token expires. Two solutions exist. Use a token lifetime policy to prolong access token lifetimes or check in code for potential expiration and renew when necessary.
I now have a Microsoft Graph Early Adopter badge. I didn’t ask for it. The badge just arrived via email. Which brings me to how to deliver product feedback. Sure, you can make comments via GitHub, but that ignores a perfectly good feedback portal developed to allow people to give direct feedback (including requests for new features) to Microsoft. You won’t get a badge for providing feedback via the portal, but it’s the right thing to do.
Microsoft didn’t do a great job of announcing the side-by-side viewing feature for Microsoft 365 apps. It seemed like the only reason for the feature was to drive usage for the Edge browser. As it turns out, you can choose to have Microsoft 365 apps use a different browser, and the tools to do that are now available.
Microsoft 365 includes a framework to create, send, and manage organization messages to users. It’s a good idea, but the implementation is sadly limited. First, you’re restricted to messages that Microsoft wants administrators to send to boost consumption of the Office apps. Second, you can’t customize the text or the appearance of the messages. Last, the dashboard to manage organization messages is half-finished.
Nearly seven years into the product’s existence, Teams offline meetings can now be scheduled through the Teams calendar, but only for Teams private meetings. Making it possible to set aside time for private commitments and in-person meetings is sensible and a good change. The only mystery is why it took so long to happen.
Planning the introduction of sensitivity labels for meetings means that you pay attention to label scoping and naming. Having too many meeting labels will confuse users and the same will happen if the label display names don’t convey their purpose. This article explains some simple steps to take to make sure that your meeting labels work well.
The Outlook board view originated as Project Moca, an app to organize items from Outlook and other sources, then became the board view in the OWA calendar. That status lasted two years and now Microsoft will retire the board view from Outlook on June 26, 2023. It’s probably because Microsoft 365 boasts a surplus of ways to record notes in some shape or form. That, and the fact that hardly anyone uses Outlook boards.
Microsoft is upgrading the Stream web app with some nice features to make it easier to create good-looking recordings. My favorite is the Stream teleprompter, but that’s only because I fluff my lines so often that having a teleprompter to work with will reduce the number of retakes I have to do. Other changes include being able to use window as a video background and some important updates for video transcripts, including yet another reason to make sure that every user account has a photo.
A May 10 post reveals how Loop task list components can synchronize with Planner (using a roster container) to make the Loop tasks available to other apps like To Do. It’s the first implementation of Planner roster (or lightweight) containers, meaning that the containers holding tasks are not associated with a Microsoft 365 group. Everything seems to work very smoothly and the technology is available now.
Microsoft announced the availability of the SharePoint Admin API for the Microsoft Graph on May 8. The API currently supports a small set of tenant settings., but it’s a start and a pointer to where Microsoft is going. And while they’re looking in that direction, maybe they might accelerate production of a Graph API for Exchange Online management.
Outlook users can now apply sensitivity labels for meetings to protect the information contained in the meeting body and attachments. Outlook desktop and OWA clients can apply sensitivity labels to meetings. Outlook Mobile clients can process protected meetings and view the meetings in the calendar, but the protected meeting content (the body) is unavailable because it is encrypted.
Exchange Online organizations configured with multiple geos (satellite regions) still find it problematic to search for mailbox audit events. Microsoft might have fixed the problem for admin audit events, but mailbox audit events are often more important.
Protected actions are a new preview feature for Azure AD conditional access policies. You can associate protected actions with an authentication context and specify that anyone who wants to use these actions should meet the conditions set in a conditional access policy. Although only a limited set of actions are available in the preview, you can see the value of what Microsoft is doing and how it might apply to actions across the Entra and Azure portals.
Microsoft plans to roll out the new Teams channels experience to commercial and GCC tenants in mid-June 2023 with GCC-High and DoD tenants getting the software in July. The new UI gives Teams channel conversations a visual makeover and adds some useful features like being able to pop out conversations and using Viva Topics in messages, Moving the compose box to the top of the screen takes a bit of getting used to, as does the way that Teams creates a focus on reading a conversation. Overall, the new UI is an incremental rather than a radical improvement, which is probably what people want.
Container management labels apply settings to the Microsoft 365 Groups to which they are assigned. This article describes how to generate a report about the container management labels assigned to groups. The report highlights groups that don’t have labels and those that don’t have owners.
Microsoft Purview data lifecycle management (retention labels and policies) support Azure AD administrative units to scope the set of objects that compliance administrators can manage. Administrative units can be used with data lifecycle management, data loss prevention (DLP), and information protection (sensitivity labels). You’ll need Microsoft 365 E5 licenses (or equivalents) to manage the policies, but that shouldn’t be an issue for the kind of enterprise tenants Microsoft is targeting this functionality at.
The Word Send to Kindle option available in Word desktop and browser apps makes it easy to send documents in Kindle or PDF format to an Amazon account. Once the documents are transferred, they can be synchronized to any Kindle device owned by the account. Everything works well and the feature is welcome, even if it replicates functionality that has long been available outside Word. Including the feature in Word reduces friction for users, and that’s always a good thing.
The set of permissions consented for the Microsoft Graph Explorer allows the app to run Graph API requests. Over time, the set of Graph Explorer permissions can accumulate to a point where the app is overly permissioned. That can be a bad thing because you might overlook the need for an app to have consent for a permission to run successfully. In this article, we look at how to remove permissions from the Graph Explorer.
Microsoft has announced the preview of the Teams payment app. The app can handle payments through Teams chats and meetings in the United States and Canada using services like Stripe, PayPal, and GoDaddy. We’ve got a Stripe account to handle payments for the Office 365 for IT Pros eBook, so we took the new app for a test run and it proved very easy to set up and use. The payments app should be very popular with small businesses.
The Microsoft 365 profile card (for OWA initially) lists the set of connected Viva Topics for a person. This only happens when the user has a Viva Topics or Viva Suite license. It’s an example of how Microsoft is building out the set of information available in user profile cards and embedding Viva Topics in as many places as possible. All good if you use Viva Topics!
Monthly Update #95 for the Office 365 for IT Pros eBook is now available. Like any of our monthly updates, #95 contains lots of new information about Teams, Exchange Online, SharePoint Online, PowerShell, and Azure AD. We continue on our voyage of discovery about all aspects of Office 365 and the wider Microsoft 365 ecosystem as we prepare for update #96 in June and the 2024 edition in July.
Teams Wikis are rapidly approaching the point where they become unsupported. Microsoft has a migration utility to move wiki content to OneNote. This article covers how the migration works and what happens after Teams wiki content moves to OneNote.
Booming Microsoft Cloud revenues and the growth of Office 365 paid seats to 382 million are highlights of Microsoft’s FY23 Q3 results. Other interesting topics included Teams reaching 300 million monthly active users, EMS getting to nearly 250 million users and some hints about how Microsoft will charge for products like Microsoft 365 Copilot when the AI-powered software becomes available.
While working with SharePoint Online yesterday, an in-product ad for a Microsoft 365 conference popped up. This kind of in-product messaging is terribly distracting and not what you’d expect to happen in enterprise software. I have no idea why Microsoft is doing this, but if you don’t like it, please let them know.
New options to handle teams expiration and restoration are available in the Teams admin center. Having the options in the TAC is useful even if there’s no new magic involved because it’s possible to perform these operations using other Microsoft 365 consoles or programmatically with PowerShell or Graph API requests. Even so, because some teams administrators only ever use the Teams admin center, it’s good to have these options available there.
Teams Shared Channels are a great way to collaborate across multiple Microsoft 365 tenants. From an administrative side, it’s nice to know about who’s connecting – who’s coming into your tenant to use a Teams shared channel and who’s leaving your tenant to share ideas in a Teams shared channel belonging to another tenant. This article explains how to retrieve that information from Azure AD shared user profiles.
Token protection is a new session control (preview) for Azure AD conditional access policies. The idea is to bind a sign-in token to a user’s device to stop attackers attempting to reuse the token to compromise the user’s account. Only a limited set of Microsoft 365 apps support token protection at present, but it’s an idea that should help if token theft becomes as pervasive as some predict.
Microsoft introduced video messages in Teams chat in November 2022. Now they’ve added auto-generated captions and transcripts for the one-minute long clips. This allows people to read the content of video messages without having their audio on, which could be handy in noisy places. Despite the availability of the transcript, the compliance issues we pointed to last November still exist. That’s regrettable.
Microsoft has announced the retirement of the unified labeling client on April 11, 2024. The client, also known as the AIP add-on for Office, went into maintenance mode on January 1, 2022, so it’s unsurprising that this development should happen. Users get better functionality by using the built-in information protection features in the subscription versions of Office, so there’s no real need to keep the unified labeling client around – apart from migrating users, that is.
The Microsoft Graph PowerShell SDK includes two cmdlets to revoke access for Azure AD accounts. As it turns out, Microsoft would prefer if developers use the Revoke-MgUserSignInSession cmdlet instead of Invoke-MgInvalidateUserRefreshToken, but who would have known if we hadn’t asked the question?
Following the removal of Remote PowerShell connections for Exchange Online, Microsoft is removing Remote PowerShell for the compliance endpoint. The change to REST-based cmdlets is expected to deliver better performance and reliability. The changes are implemented in V3.2 of the Exchange Online management module, which should be available on May 1.
Microsoft has decided to push the final deprecation of client access rules to September 2024. However, only rules that can’t be migrated can be used until then. All other client access rules will stop working in September 2023. Microsoft isn’t clear about what technical limitations might allow rules to work for the extra year, nor do they say how tenants can check except by “opening a support ticket.” Although it’s good to move to conditional access policies, Microsoft really could communicate better.
Microsoft 365 tenants can select any of the verified domains for the tenant to send Microsoft 365 service messages instead of using the default domains. The update also allows tenants to choose a routable recipient (username) instead of the traditional “no-reply” address. Overall, this seems like a very easy change to implement that shouldn’t cause any problems.
Teams meeting participants can now choose from 24 Snapchat Lenses as effects to apply to their video feed. It’s unclear how advantageous these lenses are to the efficient running of Teams meetings, but beauty is very much in the eye of the individual meeting participant. Some will find the Snapchat Lenses create a compelling effect. Others will be less positive. But across the 280 million monthly active Teams users, there’s bound to be some who absolutely love these effects.
A Teams profanity filter is available to detect offensive and profane words used in Teams meetings and captured in live captions. The effectiveness of the filter and its ability to mask bad words depends on many factors, including microphone quality. I can see the Teams profanity filter being popular in education settings, but maybe less so in the more red-blooded corporate world. It’s a personal choice!
The Get-ReviewItems cmdlet (in the Exchange Online management module) is available to export details about disposition review items in either a pending or disposed state. It’s possible that you don’t care very much about records management, retention labels, or disposition processing, but if you do, you’ll be glad that the new cmdlet exists.
Outlook sensitivity labels can protect messages with rights management encryption. But looking at items in the Sent Items folder you might see different results. Some messages have sensitivity labels but don’t appear to be encrypted while others have both labels and encryption. Why should different Outlook clients produce such varying results. It’s all to do with the code built into the clients.