The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Entra ID, and more
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in action against user accounts. The new property is available through the Graph beta endpoint. Quite a difference can exist between the last successful sign in and the last sign in, as explored in this article.
Conditional access policies control access to Entra ID connections. Policies should have exclusions for breakglass accounts, but sometimes this doesn’t happen. This article explains how to use cmdlets from the Microsoft Graph PowerShell SDK to check conditional access policies and update policies with exclusions where necessary.
Cloudy attachments are links to files sent in messages. An auto-label policy can capture copies of cloudy attachments and make them available for eDiscovery. Sounds good, but you need Office 365 E5 or above licenses to use an auto-label policy and Purview eDiscovery (premium). Even so, it’s a nice example of applying technology to solve a problem, even if it does use up some valuable SharePoint Online storage quota.
Exchange Online keeps message trace data online for 10 days and that’s what’s normally used to check for unused distribution lists. Checking over 90 days is obviously much better, and we can do this by checking against historic message trace data. All explained here with a script to do the job.
SharePoint Embedded is a new Microsoft offering for application developers. The big upside is that apps can take advantage of the Microsoft 365 ecosystem. Cost is the potential downside. Microsoft will charge using a pay-as-you-go model, but estimating the likely cost could be difficult until more experience about how apps use SharePoint Embedded emerges.
The December 2023 update (monthly update #102) for the Office 365 for IT Pros eBook is now available for subscribers to download. While Microsoft has become obsessed with AI and Copilots, we’ve stayed focused on getting real work done with the tools available to most Microsoft 365 tenants. That seems like a more intelligent way for us to work than becoming fixated on technology that only some tenants can aspire to use.
A new setting in OWA options allows users to choose to preserve declined meetings. Keeping details of declined meetings can help users to find information included in meeting details of data created during meetings like chats and meeting summaries, or forward the meeting to someone else if needed.
Now available for OWA and the Monarch client, Outlook voice dictation allows users to compose the body text of messages with speech-to-text transcription. A limited set of languages are available for now, but more to come. Learning how to compose email with speech is an acquired art and might required some AI help to produce acceptable results.
Not everyone likes to respond to email with an emoji, which is why the options to disallow Outlook reactions through clients or mail flow rules exist. Everything revolves around the x-ms-reactions message header, which is what Exchange Online uses to understand if people can respond to email with emojis.
The European SharePoint, Office 365, and Azure Conference (ESPC 2023) starts in Amsterdam on Monday, November 27. There’s lots of Copilot and Viva content at the event, but a disappointing lack of coverage of Exchange Online and Entra ID, both of which are essential to any Microsoft 365 deployment. Oh well… you can’t have everything and ESPC 2023 will be a great event.
Teams background blur now comes in two flavors. The standard blur is what we’ve had since 2018. The new portrait blur applies a more subtle level of blurring and doesn’t obscure background details as much as the standard blur option. It’s a small but interesting addition to the range of video effects people can use during Teams meetings.
A year ago, I wrote about the ability to pause membership processing for dynamic Entra ID groups. Now we return to consider the reasons for pausing processing. Mostly suitable circumstances occur when the directory is in a state of flux, often caused by corporate restructuring or similar scenarios. When this happens, you can pause processing for all dynamic groups and restart once the directory stabilizes.
A reader asked how to report user and group assignments for enterprise apps. As it turns out, this isn’t particularly difficult, if you know where to look. Our script uses the Graph SDK to check service principals, filters out the apps to check, and extracts the user and group assignments before reporting what it finds.
Exchange mailbox statistics reports are usually produced using PowerShell cmdlets. However, using Graph usage data is a faster way to process mailboxes because it avoids the need to fetch mailbox statistics by running a cmdlet for each mailbox. This article describes how to speed things up in a way that will probably benefit larger organizations most, but every Exchange Online tenant can probably benefit.
Entra ID administrative units are supported for granular access to the Microsoft 365 audit log. Exchange Online manages the audit log so it’s core to the support. This article reviews how to restrict access to the audit log using compliance roles and RBAC and how administrative unit data is stamped onto audit events during ingestion to support restricted searches based on administrative units.
On November 15, Microsoft announced Microsoft 365 Backup would enter a public paid preview in December 2023, Paid preview means that tenants must link a valid Azure subscription to Syntex pay-as-you-go to pay the $0.15 fee per GB per month for protected content. We’ll know more once the preview begins and we get the chance to see just how fast backup and restore is.
This article explains how to use PowerShell to report the email proxy addresses assigned to Exchange Online mail-enabled objects. Creating the list is straightforward, but figuring out how to use the list afterwards might need more creativity. To get things going, we show how to load the list into a hash table to resolve email addresses into display names.
This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account properties shown by the Microsoft 365 user profile card. Previously this was possible using a Graph API request to the beta endpoint. Now everything is in production and Graph SDK cmdlets are available to make customization a tad easier.
A Nov 9 article published by a German website expressed concern about the way that the new Outlook synchronizes user email data to Azure. There’s nothing to worry about. Outlook synchronizes email data to be able to process the data to support features that the user’s email server might not. It’s what the Outlook mobile client has done for years.
On November 6, Microsoft announced that they will deploy Microsoft-managed conditional access policies to eligible tenants. A conditional access policy controls the connections users want to make to apps or data by setting conditions. In this case, the Microsoft policies will require MFA before access is granted to apps like administrative portals.
Message center notification MC687849 announces the retirement of the Teams Who bot. This was one of the original apps developed to show the potential of Teams. In truth, the bot was never very useful. Microsoft says that its functionality will be replaced with Copilot. You’ll be able to query for the answers the Who bot provided for a small extra investment.
Microsoft has described the compliance support from Purview solutions for data generated by Microsoft 365 Copilot prompts and responses. There’s nothing earthshattering in terms of what Microsoft is doing, but it’s good that audit events and compliance records will be gathered and that sensitivity labels will block Copilot access to confidential data.
When Microsoft put the Loop app into preview, they didn’t impose any restrictions in terms of licensing or workspace storage. MC678308 announces that Loop workspace storage will count against the tenant SharePoint Online storage quota. This article explains how to use the Get-SPOContainer cmdlet to fetch information about Loop workspaces and the storage they consume.
From mid-November 2023, users have the chance to forward Teams chat messages. The feature works for 1:1, group, and meeting chats. The lack of a forward option in the Teams desktop and browser clients is a little surprising because the mobile client has been able to do this for some time.
The Exchange Online developers issued three recommendations to improve performance and reduce memory consumption for Exchange Online PowerShell sessions, specifically those used by automated scripts that don’t involve human interaction. I think two of the recommendations are very practical and worth implementing by everyone, even if you think everything is good with PowerShell.
Following new support of Loop components for Teams channel conversations, it’s sad to discover that Loop component eDiscovery remains challenging two years after the first appearance of component technology in a Microsoft 365 application. eDiscovery can certainly find Loop components, but creating a seamless picture about their usage is harder than it should be.
Loop components have been available for Teams chat for nearly two years. Now they’re coming to channel conversations. The loop files generated for the components are stored in the channel folder of the SharePoint Online site belonging to the team. Once posted, every channel member can edit the Loop component.
The Office 365 for IT Pros eBook team is delighted to announce the release of the 101st monthly update (November 2023). Subscribers can download the updated files from Gumroad.com. The update covers many chapters and includes topics like the release of the new Teams client, which we learned on October 31 will become the only Teams client on March 31, 2024. Lots of ongoing change inside the Microsoft 365 ecosystem… Which is why a book like Office 365 for IT Pros is the only way to stay current!
A new Exchange Online organization setting postpones the implementation of roaming signatures for Outlook clients in a tenant. The setting only allows a postponement because Microsoft really wants all Outlook clients to use the signature data stored in user mailboxes. The extra time allows tenants that use PowerShell to manage OWA signatures to work as they did before roaming signatures came along and screwed things up.
An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In this article, we do the same with cmdlets from the Microsoft Graph PowerShell SDK. The results achieved with the Graph SDK aren’t as good as those gained with PnP.PowerShell. Some of the SDK cmdlets don’t function as expected and the resulting list is not as functional as the one generated by PnP. Oh well…
The MFCMAPI utility is of great help to Microsoft 365 tenant administrators who want to understand the data apps store in Exchange Online mailboxes. An on-premises mailbox stores email data, but in the cloud, Microsoft 365 apps use Exchange Online as a convenient place to store data that needs to be accessible to services like Search and eDiscovery.
In Microsoft’s FY24 Q1 results, they disclosed that the Teams number of users had reached 320 million monthly active users. That’s 80% of the overall number for Office 365 monthly active users. The two sets of numbers might not overlap precisely, but one thing’s for certain – Teams is driving a lot of growth and revenue for Microsoft.
The new Teams client applies AI to the creation of custom announcement images by invoking Designer to generate images either from scratch or based on your input. The new mechanism generates some nice images that can be extensively customized with Designer. It’s more complex than the way the Teams classic client handled custom announcement images, but the output is nicer.
This article explains how to create SharePoint lists using cmdlets from the PnP.PowerShell module. The original data comes from a script to create a Teams Directory in HTML and CSV format files. The CSV data is imported into SharePoint to populate a list in a communications site. Everything works very smoothly, which begs the question why this kind of import isn’t done more often. Perhaps it’s because people don’t know that it’s possible. They do now.
A setting in the Teams meeting policy controls whether users can access the meeting chat in meetings hosted by non-trusted external tenants. By default, the setting is On, meaning that users can participate in chat for any meeting they join in any tenant. If you have concerns about this aspect of meetings, turn the setting Off and define trusted tenants.
After updating a bunch of PowerShell modules, I was dismayed to find a PowerShell module clash caused by a dependency on the Microsoft.Identity.Client DLL. The Exchange Online management module wanted a higher version of the DLL than the one loaded by the Teams module, so the Connect-ExchangeOnline cmdlet barfed. It’s easy to understand the logic behind the problem, but it’s hard to understand why Microsoft let it happen.
An interesting discussion in the Microsoft Technical Community about limiting the teams privacy mode to private for new teams caused me to try out the principles. The idea works, with caveats, and I wonder if anyone will use it in production. It’s an interesting technique for using container management sensitivity labels that I’d never thought about before, so here it is.
Microsoft suggests that allowing every user to create new Microsoft 365 groups. That’s mad. Controlling group creation through policy settings is the only way to go. It will avoid group sprawl (or team sprawl) and avoid a lot of administrative effort that will otherwise be devoted to cleaning up the mess of unused and unwanted groups. This article explains how to update policy settings to control group creation using cmdlets from the Microsoft Graph PowerShell SDK.
Like any mail-enabled object managed by Exchange Online, distribution list proxy addresses determine if Exchange can deliver messages to an object. Sometimes the proxy addresses aren’t correct or need adjustment, such as in the case when an organization wants to make sure that all distribution lists have primary SMTP addresses from a specific domain. This article explains how to use PowerShell to adjust the primary SMTP address when necessary.
Microsoft 365 group display names longer than 120 characters will cause problems for Graph API requests attempting to fetch the groups. A workaround exists, which is to make the request an advanced query rather than a regular one. But the question really should be “who needs group display names that are longer than 120 characters?”