The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more
A reader asked how they could create dynamic administrative units for every department in their directory. A PowerShell script does the job, even if some constraints in how Entra ID processes membership rules means that the rules can’t be quite as precise as I would like them to be.
At a September 21 event in NYC, Microsoft announced that the Microsoft 365 Copilot digital assistant will be generally available to enterprise customers on November 1. Quite how many customers will be willing to cough up for license upgrades and $30/month Copilot subscriptions will soon be seen. The advent of the Copilot Lab to help users come to grips with building good prompts to drive Copilot is an excellent idea, but the focus on Monarch as the sole Outlook client might become a blocking factor for some.
It’s possible to use PowerShell to create a report detailing the SharePoint Online site URLs used with Teams. My first attempt used the Exchange Online module, but is the Graph any faster? As it turns out, not really. At least, not for interactive sessions using the Microsoft Graph PowerShell SDK (things are different when running SDK code using a registered app). I tried several approaches, but Graph permissions got in the way every time.
On September 19, 2023 Microsoft announced their intention to retire the Exchange Web Services API on 1 October 2026. The suggested replacement is the Microsoft Graph API. Microsoft acknowledges that some gaps exist that they need to close before EWS retirement happens, but one big issue they didn’t discuss is what happens to the backup products that currently use EWS to backup Exchange Online.
Soon after they launched Outlook Reactions in 2022, Microsoft received requests to disable the feature. Now you can by adding SMTP headers to messages. Outlook clients will be able to add the header to stop recipients reacting and organizations will be able to create mail flow rules to add the header to selected messages. It’s nice to have a way to disable reactions.
Entra ID includes a registration campaign feature to help organizations move users to stronger authentication methods like the Authenticator app. Running campaigns is a good thing, unless you decide to do it when the administrators are away from the office (like me) or users are unprepared. But it is time to get rid of SMS and voice responses to MFA challenges, so maybe you should schedule a campaign soon?
A Teams unified picker for fun content is now available in the Teams 2.1 client. The new picker replaces the existing options to add GIFs and stickers. I’m sure this update will be important to some people, but I’m more impressed by the change to improve the performance and reliability of synchronizing calendar updates between Outlook (Exchange Online) and Teams. All available soon.
For whatever reason, SharePoint Online doesn’t allow administrators to control the settings of document libraries. In particular, default sensitivity labels. It seems crazy that other Microsoft 365 workloads allow administrators to manage the settings of things like mailboxes, groups, plans, and teams, but SharePoint Online holds steadfast to not allowing administrators go deeper than a site. It would be nice to see consistency around administrator access across all workloads.
Microsoft announced three changes to Entra ID cross-tenant access settings that will improve how the settings work for large enterprise tenants in particular. One of the changes improves the blocking of Entra ID B2B Collaboration invitations extended to allow guest users access resources in a tenant. When Entra ID evaluates whether it should issue an invitation, it now takes the blocklist (if set) in the B2B collaboration policy and cross-tenant access settings into account. It’s the way things should have worked from the start.
Technical web sites are 10 a penny these days, and the content published on many is worth the same. Good sites dedicate resources to copy and technical editing, and that’s what makes a real difference in terms of article quality. If you’re in Atlanta for the TEC 2023 conference, come talk to us about writing for Practical365.com.
Recent details released about the Storm-0558 attack on sensitive U.S. agencies revealed the importance of the MailItemsAccessed event for forensic investigations. Luckily, after Microsoft was a tad embarrassed by the recent Storm-0558 attack, tenants with Office 365 E3 or Microsoft 365 E3 licenses can capture the MailItemsAccessed event for mailboxes without having to pay for Microsoft Purview Audit Premium. But you might have to do a little work to ensure that the right audit configuration is used for all mailboxes.
Teams channel meetings belong to a channel, but who receives the invitations for these meetings? The answer is “it depends” – on group settings and options. The underlying Microsoft 365 group might have a subscriber list of users who want to receive email for new events like meetings or the user might choose to send invitations to everyone. We discuss the mechanics and explore a way to schedule meetings in shared and private channels too.
The SharePoint News in Outlook feature allows users to email news items to recipients within the same tenant. It’s like the Teams Share to Outlook feature and is just about as exciting. Some new templates allows users to post and email news items by displaying a screen to collect email properties. Interestingly, the feature supports multi-tenant organizations, but I suspect that this is an error.
A new setting for SharePoint Online sites turns them into “restricted sites,” meaning that only site members noted in assigned groups can access site content. I thought that’s the way sites connected to Microsoft 365 groups work, but this is the “to be sure, to be sure” lockdown features. You can also restrict sites that aren’t connected to Microsoft 365 Groups. Add some sensitivity labels and the block download policy, and sites can be pretty secure.
A recent update for the Loop app allows users to create and collaborate on code blocks. The editor is very simple and doesn’t check syntax, but it could be a way for people (within a tenant) to collaborate and sketch out potential code solutions to problems. You can create Loop components from code blocks and use those components with Teams chat and Outlook messages, if you remember to stay within your tenant.
Microsoft has moved to resolve anti-competitive problems around bundling of Teams in Office 365 and Microsoft 365 by introducing new Microsoft 365 and Office 365 EEA licenses that don’t include Teams. Existing customers aren’t affected and can continue to use Microsoft 365 and Office 365 licenses that include Teams. At the same time, Microsoft promises to make it easier for third parties to integrate apps with Teams and the Microsoft 365 apps. We’ll see how that turns out in the future.
The September 2023 update for the Office 365 for IT Pros eBook (monthly update #99) is available for subscribers to download. Details of the update are available in our change log. However, sometimes the change log doesn’t tell the full story about the updates we make to content. A chapter author might forget about a change they make, or maybe we rewrite something and don’t mention it. The point is that the book is in a state of constant change to keep up with the updates Microsoft ships across the Microsoft 365/Office 365 ecosystem.
Microsoft has decided to remove the Reuse Files feature from Word. They haven’t said why this is happening, but 8t might be linked to the launch Copilot for Microsoft 365. “AI-Lite” features like Reuse Files don’t add a huge amount of value and possibly cloud the message about AI in Microsoft 365. The truth is that we don’t know why Microsoft is removing Reuse Files from Word. Will they do the same in Outlook and PowerPoint?
Delayed until October 2023, the Teams Meet app will appear in the Teams 2.1 client to help users manage meetings more effectively. At least, that’s the plan. The app works well for internal meetings but its review capabilities are limited when you attend meetings hosted in another tenant. The Meet app will be beneficial in large organizations where people attend lots of meetings, but will might be less effective in smaller organizations. It’s worth looking at to decide if the Teams Meet app works for you.
Teams Premium Trial licenses are to be offered to end users in commercial tenants worldwide for self-service purchases from September 2023. I quite like some of the functionality available in Teams Premium, but I think organizations are better off using the “regular” Teams Premium trial licenses to run a test involving up to 25 users for 30 days. The results are probably going to be more indicative of the worth of Teams Premium than any individual test can be.
Microsoft announced on August 17 that they are not proceeding with the implementation of dark mode support in the Teams Admin center. The news came as a surprise, but it’s an indication of the lack of user interface consistency across the different Microsoft 365 administrative consoles. Token handling is another example. I can live without dark mode, but being forced to sign out by the Teams admin center is a pain.
A Microsoft 365 Copilot session for partners didn’t reveal much new about the technology, but it did emphasize software, prompts, and content as core areas for implementation projects. Building good queries is difficult enough for normal searches, so how will people cope with Copilot prompts. And are the data stored in Microsoft 365 ready for Copilot? There’s lots to consider for organizations before they can embrace Microsoft’s digital office assistant.
The EntraExporter toolis a PowerShell module that generates details of objects in an Entra ID tenant configuration (like groups, policies, and users) and creates JSON files. It’s a great way to capture point-in-time information about Entra ID (Azure AD) configuration. Although you can’t replay the captured data to recreate objects, having all the information available is a great start if you need to restore or replay anything.
This article describes how to use PowerShell to extract and analyze Exchange Online message trace data to figure out the volume of traffic to outbound domains and from inbound domains. You might think that this is the same information as available in the Exchange admin center mail flow report, but it’s not. Once again, the value of PowerShell in retrieving and using data is evident.
A question about how to report specific changes to Teams memberships gave another excuse to use PowerShell with the unified audit log to deliver a solution. The idea is that you can check audit log entries to see when specific user accounts join the membership of Teams. Once you’ve found that data, it’s a simple matter of creating email to share the results. All done with a few lines of PowerShell…
A question about finding out which sensitivity label policy makes a label available to a user requires some PowerShell to figure out the answer with some human-friendly results. The outcome is a script that analyzes sensitivity label policies to find where a user gets their labels from. It’s another example of how useful PowerShell can be.
For years, I have scanned the audit log to find FileDeleted events to report deletions of SharePoint and OneDrive documents. Now, FileRecycled audit events are used instead. This wouldn’t be a problem if Microsoft had told customers, but not a trace can be found to let organizations know that the audit data they use for compliance operations has changed. I don’t know if this is the only activity name change, but given that one update has happened (and for a relatively important audit event), it’s likely that others lurk in the undergrowth.
You can now define Entra ID guest account sponsors using the Entra ID admin center or PowerShell. A sponsor is an account or group that knows why a guest account exists. During operations like account reviews of the membership of a Microsoft 365 group, sponsors can help group owners decide if guest accounts should continue as members or should be removed. I’m sure others will come up with ideas for using guest account sponsors, but that’s what we have for now.
Entra ID risky users are accounts that Entra ID Identity Protection detects as exhibiting signs of suspicious activity that might mean the accounts are compromised. In this article, we consider the value of Entra ID risky accounts and how they can be used in conditional access policies. And a look at the Microsoft Graph PowerShell SDK cmdlets that are available to risky users too!
Some wonder why Microsoft never developed a Planner desktop app. It’s probably due to a lack of engineering and support resources. But a good workaround exists because you can create a desktop app from the tasks.microsoft.com web site. For guest access to Planner in another tenant, a desktop shortcut might work. And there’s always the Tasks by Planner app in Teams. So maybe a Planner desktop app isn’t needed.
Microsoft has announced that they are replacing the user data search tool with Purview eDiscovery standard. The change will happen on 30 August 2023 and active user data search cases will be transferred automatically to eDiscovery standard at that point. The change makes sense because the user data search tool hasn’t been enhanced much since its inception. Anyway, user data search cases were simply a special form of eDiscovery case, and now they’re all the same.
Two message center updates from August 1 cover OWA search refiners and a revamped search box (appearance only). One wonders why the two aren’t covered by one notification and one Microsoft 365 roadmap item. Two notifications result in not a lot of change. The search refiners might please some users and be useful at times. but I wonder if the new font and borders for the search box will be noticed by the average user!
A new preview capability supports filtering against the Azure AD employee hire date property (Entra ID). Two different filter types are available to support the PowerShell ge and le operators. One filter checks against a set date, the other uses a calculated date. Both work well, and hopefully this development means that the Entra ID developers will enable the same capability for the Get-MgUser cmdlet.
The Microsoft 365 admin center contains a new option to enable the Loop app for everyone in a tenant. The setting overrides a previous cloud policy used to control access to the Loop app. It’s the kind of change you’d expect to see as an app makes it way through preview to the point when it becomes generally available. In other Loop news, the Loop app is available as a PWA through the Microsoft Store.
A Twitter discussion about how to audit user account changes revealed that Entra ID does not capture details of changes to the usage location for an account. The possibility existed that the data might be present in the information ingested from Entra ID into the unified audit log, but that turned out not to be the case. Even if some properties are missing, a PowerShell script demonstrates the principle of how to report user account changes (old and new properties). But it would be nice if Entra ID captured details about changes to the UsageLocation property.
A reader asked why some deleted Microsoft 365 user accounts appear to have assigned licenses. That seemed strange because licenses are freed up for reuse when accounts are deleted, so we took a look behind the scenes to find out why some deleted user accounts keep license information in their properties and some do not.
Microsoft 365 apps now boast a simplified sharing experience. In other words, Microsoft has overhauled and revamped the dialogs used to create and manage sharing links. This is the first real change in the area since 2020-21. It’s a good time to make sharing easier for people because the introduction of Microsoft 365 Copilot means that overshared files and folders will be exposed.
Exchange retention tags can be assigned to mailbox folders. In this article, we explain how to retrieve details of folder and personal tags assigned to folders plus the default archive and delete tags defined in the mailbox retention policy. We also explore if it’s possible to report retention tags assigned to individual messages and conclude that it’s not worthwhile.
On July 31, Microsoft announced that Clipchamp for Work will roll out to targeted release Microsoft 365 commercial tenants in the next few weeks. Although it’s good that Microsoft 365 tenants will get a very capable video editor, the goodness of the announcement is reduced by the fact that Microsoft is not making Clipchamp for Work available for Office 365 enterprise SKUs. That seems like a great pity, but it’s all part of Microsoft’s plan to nudge customers toward Microsoft 365.
Monthly update #98 is available for the Office 365 for IT Pros eBook. Subscribers can download the updated files from Gumroad.com (PDF/EPUB) or Amazon (Kindle). Lots happened during July, some of which like Microsoft 365 Copilot and the Microsoft 365 Archive and Backup products, can’t be covered in the book until the software appears in public preview. But that’s the great thing about a book like Office 365 for IT Pros. Because we update the entire book every month, we can track and report on new solutions as they appear and we gain experience with them.