The only always up-to-date book about the cloud Office system in Microsoft 365 covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more
Office 365 for IT Pros, the only constantly-updated eBook covering Microsoft’s cloud productivity suite, has just released its eighth (2022) edition. The book is available from Gumroad.com. Completely revised after an end-to-end review, the new edition will receive monthly updates over the coming year to keep subscribers fully abreast of new developments within Office 365 and the wider Microsoft 365 ecosystem.
Because it sits on top of so many Microsoft 365 components, Teams is easily the hardest Office 365 workload to backup. You can try to backup Teams by copying its compliance records stored in Exchange Online, but that’s only a partial (and bad) solution that utterly fails to take the full spectrum of Teams data into account.
The August 2021 update is now available for the Office 365 for IT Pros (2022 edition) eBook. Subscribers for the EPUB/PDF version can download books from Gumroad.com while Kindle purchasers can ask Amazon support for access to the updated files. Like every monthly update, August 2021 features a wide range of changes to different chapters across the book. Being able to issue monthly updates is a luxury afforded by the ePublishing model that makes sure that Office 365 for IT Pros is always up to date and current.
The Safe Links capability in Microsoft Defender for Office 365 is now generally available to protect Teams messages in chats and channel conversations, and even in web site links pinned as a channel tab. Most bad links flowing into an Office 365 tenant will continue to arrive by email, but this new capability closes off a gap where users are tempted to make a poor decision to share a malicious link through Teams.
Exchange Online already imposes limits on the number of messages a mailbox can receive per hour. New limits will restrict the number of messages individual senders can send to a third of the overall limit. The restriction doesn’t apply to senders with an Exchange Online mailbox in the same tenant. And if a mailbox runs into a limit, it features on the splendidly named Hot Recipients report. What’s not to like about that.
Microsoft claims that Teams has “nearly” 250 million monthly active users, which is quite a jump for the 145 million reported in April. We take a closer look at the numbers to try and figure out how Microsoft arrived at such a number. It seems like they can get there by lumping the numbers for commercial, education, and personal users together, but that’s not the same as reporting a nice simple number for commercial usage.
The message center in the Microsoft 365 admin center will soon use a new data privacy tag to highlight specific service updates to tenant administrators. No messages with the new tag have yet appeared, so it’s hard to know how Microsoft plans to use the new tag or what kind of attachments it will make available to administrators to help understand the sensitive data involved in data privacy. While we’re waiting, we took at look at the tags in use today and wrote some PowerShell to report which tag is most popular.
Many PowerShell scripts which access Office 365 data could do with a speed boost. Replacing cmdlets with Microsoft Graph API calls is one way to get extra speed. In this article, we take a PowerShell script to report the memberships users have of Microsoft 365 groups and replace some important cmdlets with Graph API calls. The result is a big speed increase.
Project Moca is no longer a separate OWA component. Boards created in Moca are now available through the OWA calendar, just like other boards created there. The question is how Microsoft will bring the board view to Outlook desktop. I figure it’s a candidate for OCX and WebView2, just like the Room Finder. Time will tell.
If their developers allow, Office 365 tenants can customize the properties of Teams apps to add their own icons, text, and links. In this article, we show how by customizing the Yammer Communities app to add a most remarkable photo taken at an Ignite event, a snazzier title (that no one can see), and some modified text. Is this enough to make the exercise worthwhile? that all depends on how you feel about corporate branding!
The preview of a new app governance add-on for Microsoft Client App Security gives Office 365 administrators insight into Graph-based apps. The add-on depends on information gathered from Azure AD and MCAS to generate insights about apps and their usage, including highlighting apps which are overprivileged or highly privileged. Although you can do some of the auditing yourself, the add-on makes it easier. It’s a preview, so some glitches are present.
Office 365 tenants users will soon be able to execute self-service purchase Windows 365 licenses. That is, unless you stop them by running some PowerShell commands to disable the capability. In this article, we explain the Windows 365 options available for self-service purchase and the PowerShell commands necessary to disable the option, if you think it’s a bad idea (as some do).
The Nostalgia set of Teams background images includes Office Clippy, the famous Bliss image used for the Windows XP desktop, and images of Paint and Solitaire. These are only part of the wide selection of suitable images to use as background effects in Teams meetings. And if you’ve got a great image to share, you can upload it to the Microsoft Gallery for others to use.
A new option in the Teams desktop and browser clients allows users to choose how they open Office documents. The choices are Teams (a viewer), browser (Office Online), and the desktop app. Being an old-time stuck-in-the-mud kind of person who’s used Office for 30-odd years, I naturally selected desktop apps. After all, who doesn’t like seeing Word spin up for the 99th time in an afternoon?
The latest version of the SharePoint Online PowerShell module reveals some new site properties to inform administrators if sites are connected to teams or even team channels (both private and shared). There’s also some changes coming to the SharePoint Online admin center, all of which are very useful in terms of tracking the sites used by Teams.
Office 365 tenants will soon be able to create adaptive scopes for retention policies. An adaptive scope is nothing more than a filter to select target mailboxes, sites, and Microsoft 365 groups based on some criteria. They’re adaptive because administrators don’t have to update policies as they add new objects. Like other Microsoft 365 Information Governance features which automate some aspect of operations, adaptive scopes are likely to demand Office 365 E5 or Microsoft 365 E5 Compliance licenses.
The thoughts of using Microsoft Graph API calls with PowerShell might seem to be too much trouble, but used correctly, Graph API calls help scripts speed up and get to some data that is not reachable through a cmdlet. I have a simple four-step approach that I use to figure out if I need to include some Graph API calls. The routine works for me. Feel free to disagree.
It is now possible to apply Microsoft 365 retention policies to Teams private channel messages. The messages are in user mailboxes and discoverable due to their properties. All the retention policy must do is find the messages and apply the policy settings, and if an item is expired, remove it from the mailbox. Easy… or is it?
Outlook and OWA users will soon see a banner notification to recommend the installation of an Edge extension. The extension logs into the user account to peek into the mailbox, calendar, tasks, and contacts. Tenant administrators have until July 30 to decide if they will block the display of the banners. This can be done using the Office Cloud Policy Service or a Group Policy Object.
New teams created using Teams clients are hidden from Exchange Online, but those created using administrative interfaces are not. The result is potential confusion. in this post, we describe a PowerShell script to find any team-enabled Microsoft 365 Groups which are visible to Exchange and hide them. It’s easy scripting, but you need to run the script periodically to update the settings for new teams.
Yammer compliance records are generated by the Microsoft 365 substrate and consumed by features such as communications compliance policies and eDiscovery. In this post, we consider where Yammer compliance records are stored and what they contain and how to use PowerShell to figure out the activity levels of Yammer communities.
Office 365 will see a batch of delayed features arrive during July 2021 along with two notable retirements and a new Personal Item Insights control. After going through the set of delayed features announced in the Microsoft 365 admin center, we share our list of the most important items here along with the two big retirements in the month and a new personal privacy control.
How do you create a report of all the Teams in a tenant and their SharePoint Online sites? As it turns out, a two-line script does the job. We make the script slightly prettier, but it’s still simple. And because it’s PowerShell, anyone can change the code to make it work the way they want it to.
A change to the Teams update policy allows tenants to connect Teams preview mode for the desktop client with Office Current Channel (Preview) for the Microsoft 365 apps for enterprise. When the change happens in late July, accounts configured to use Office Current Channel (preview) will automatically use Teams preview. It’s kind of logical because Teams is so closely connected to Office. In any case, settings are available in the Teams update policy if you want to move away from the enabled by default status favored by Microsoft.
A change being made to SharePoint Online in August will make the deletion process for files with retention labels consistent with OneDrive for Business. The intention is to achieve consistency across the two browser interfaces and to remove a little friction for users who might become confused when they SharePoint Online stops them deleting labeled files. Everything will happen in August. We wonder if anyone will notice?
After writing about auto-label policies for Teams meeting recordings, we were asked about how to track the creation of the recordings. The key to be able to report the data us events in the Office 365 audit log. Once you know where to look, it’s easy to find the audit records and extract data about the creation of Teams meeting recordings.
Microsoft is changing how the “Allow Guest Access in Teams” setting works (from the Microsoft 365 admin center). Because few tenants switch this setting on and off, the change might not be noticeable. However, it’s a good one because it might help change the way Teams deals with disabled accounts. And if you want to control guest access, you should really use an Azure AD B2B Collaboration policy instead of the on-off switch.
Windows 11 will include a consumer version of Teams, which looks as if it will be the first iteration of Teams 2.0, a new architecture which replaces Electron with Edge WebView2 as the basis for the Teams client. Microsoft predicts that the change will reduce the memory footprint by half and make it possible to introduce some new features. There’s no dependency between Windows 11 and Teams 2.0, but given the amount of work needed to make architectural transitions, it’s unlikely that we’ll see an enterprise Teams 2.0 client until sometime in 2022.
Auto-label policies are a good way to assign retention labels to important files stored in SharePoint Online and OneDrive for Business. The big problem is tracking the progress of auto-labeling. In this article, we explore how to use events logged in the Office 365 audit log to figure out what files are labeled and how long it takes the auto-label policies to process the files. The example explored here is an auto-label policy for Teams meeting recordings.
Teams meeting organizers will soon be able to configure an option to start recording when the meeting starts. The option must be set for each meeting and there doesn’t seem to be an available method to preconfigure recordings for all meetings through a policy or programmatically. The new option is useful, if you remember to set it.
Teams meeting recordings are now accumulating as MP4 files in OneDrive for Business and SharePoint Online. If you have Office 365 E5 licenses, you can use an auto-label policy to remove recordings after a set period. If you don’t have those licenses and need to remove recordings, you’ll have to come up with another plan, maybe after tracking the creation of recordings through the Office 365 audit log.
Microsoft is changing the SharePoint document library UI for sites used by Teams private channels to make sensitivity labels read-only and move a link into the command bar. That doesn’t sound so important, but it’s part of the preparation for the introduction of Teams Connect, aka Shared channels. It’s just a pity that the text of message center notification MC261534 was so confusing when it first appeared.
Chat bubbles in Teams meetings are another way to surface information. Using chat bubbles is a personal choice and it doesn’t replace the regular chat window. Microsoft says that chat bubbles make chat more central to a conversation, but it really depends on the type of meeting, the topic being discussed, and the number of participants. In any case, chat bubbles are there to be used if you want to.
The need to remove basic authentication from Exchange Online is underlined by a June 14 report from the Microsoft Threat Intelligence Center pointing to how attackers compromise mailboxes using antiquated protocols like POP3 and IMAP4 to connect to accounts which don’t use MFA. After accounts are penetrated, the attackers plant inbox rules to forward copies of interesting messages and use the information received to plan and execute business email compromise attacks. Tenant administrators still have some work to do to secure Exchange Online and Azure AD…
A preview Teams feature allows organizations to upload approved corporate images for people to use during Teams meetings. When generally available, this feature will need a Teams advanced communications license. An organization can distribute up to 50 images, which users see ahead of Microsoft curated images and their own custom images (if they’re allowed to upload these images). However, there’s no way for an organization to force people to select one of the corporate images.
Two Microsoft 365 message center notifications covering Progressive Web Apps (PWAs) for OneDrive and Lists are interesting, but the news of the arrival of the new Nucleus synchronization engine within the OneDrive sync client (for Windows) is even more interesting. Together, the combination of PWAs and Nucleus make OneDrive and SharePoint data more accessible to users.
A new feature allows Teams users to create tasks from personal chats and channel conversations. Tasks from chats are personal while those created from channel conversations can be personal or go into a Planner plan. Although you might like the tasks to be populated more fully, the overall implementation is a nice addition to the Microsoft 365 tasks system.
Now rolling out to Office 365 tenants, Teams meeting organizers can review the attendance data for meetings and webinars in a new dashboard. The same data can be downloaded to a CSV file for analysis. Teams stores the attendance report data in the Exchange Online mailbox of the meeting organizer. It’s a good example of the Microsoft 365 substrate in use.
A preview for Sensitivity Labels show how they can use Azure AD authentication contexts and conditional access policies to protect SharePoint Online sites. Although you can link conditional access policies to sites with PowerShell, it’s a lot easier to make the connection through sensitivity labels. Any SharePoint Online site which receives a label configured with an authentication context automatically invokes the associated conditional access policy to protect its contents.
Sometimes it’s wise to give PowerShell scripts a turbo boost. This is certainly true for the Groups and Teams Activity report script, where a large amount of PowerShell processing has been replaced with speedy Microsoft Graph API calls. The result is much faster processing, which means that the script is more useful in large tenants. I still wouldn’t try to run it against 100,000 groups, but anything smaller should be OK. I think!
New PowerShell commands for sensitivity labels can configure default sharing link settings for SharePoint Online sites. Any site assigned a label configured for default sharing links inherits those settings within 24 hours. The new settings are in public preview now with general availability expected later this year. They build on the existing set of controls for container management available for sensitivity labels and show how powerful it is for organizations to be able to deploy management policy settings via labels.