December 2023 Update for Office 365 for IT Pros eBook is Available

The December 2023 update (monthly update #102) for the Office 365 for IT Pros eBook is now available for subscribers to download. While Microsoft has become obsessed with AI and Copilots, we’ve stayed focused on getting real work done with the tools available to most Microsoft 365 tenants. That seems like a more intelligent way for us to work than becoming fixated on technology that only some tenants can aspire to use.

Declined Meetings Show Up in OWA and Monarch

A new setting in OWA options allows users to choose to preserve declined meetings. Keeping details of declined meetings can help users to find information included in meeting details of data created during meetings like chats and meeting summaries, or forward the meeting to someone else if needed.

Use Dictation to Compose Outlook Messages

Now available for OWA and the Monarch client, Outlook voice dictation allows users to compose the body text of messages with speech-to-text transcription. A limited set of languages are available for now, but more to come. Learning how to compose email with speech is an acquired art and might required some AI help to produce acceptable results.

How to Disallow Outlook Reactions

Not everyone likes to respond to email with an emoji, which is why the options to disallow Outlook reactions through clients or mail flow rules exist. Everything revolves around the x-ms-reactions message header, which is what Exchange Online uses to understand if people can respond to email with emojis.

Off to Amsterdam for the European SharePoint Conference 2023

The European SharePoint, Office 365, and Azure Conference (ESPC 2023) starts in Amsterdam on Monday, November 27. There’s lots of Copilot and Viva content at the event, but a disappointing lack of coverage of Exchange Online and Entra ID, both of which are essential to any Microsoft 365 deployment. Oh well… you can’t have everything and ESPC 2023 will be a great event.

Teams Background Blur Evolves

Teams background blur now comes in two flavors. The standard blur is what we’ve had since 2018. The new portrait blur applies a more subtle level of blurring and doesn’t obscure background details as much as the standard blur option. It’s a small but interesting addition to the range of video effects people can use during Teams meetings.

Reasons to Pause Membership Processing for Entra ID Dynamic Groups

A year ago, I wrote about the ability to pause membership processing for dynamic Entra ID groups. Now we return to consider the reasons for pausing processing. Mostly suitable circumstances occur when the directory is in a state of flux, often caused by corporate restructuring or similar scenarios. When this happens, you can pause processing for all dynamic groups and restart once the directory stabilizes.

Reporting User and Group Assignments for Enterprise Applications

A reader asked how to report user and group assignments for enterprise apps. As it turns out, this isn’t particularly difficult, if you know where to look. Our script uses the Graph SDK to check service principals, filters out the apps to check, and extracts the user and group assignments before reporting what it finds.

A New Approach to Reporting Exchange Mailbox Statistics

Exchange mailbox statistics reports are usually produced using PowerShell cmdlets. However, using Graph usage data is a faster way to process mailboxes because it avoids the need to fetch mailbox statistics by running a cmdlet for each mailbox. This article describes how to speed things up in a way that will probably benefit larger organizations most, but every Exchange Online tenant can probably benefit.

How Exchange Online Supports Granular Access to the Microsoft 365 Audit Log

Entra ID administrative units are supported for granular access to the Microsoft 365 audit log. Exchange Online manages the audit log so it’s core to the support. This article reviews how to restrict access to the audit log using compliance roles and RBAC and how administrative unit data is stamped onto audit events during ingestion to support restricted searches based on administrative units.

Microsoft 365 Backup Heading for Public Preview in December

On November 15, Microsoft announced Microsoft 365 Backup would enter a public paid preview in December 2023, Paid preview means that tenants must link a valid Azure subscription to Syntex pay-as-you-go to pay the $0.15 fee per GB per month for protected content. We’ll know more once the preview begins and we get the chance to see just how fast backup and restore is.

Report Email Proxy Addresses for Exchange Online Mail-Enabled Objects

This article explains how to use PowerShell to report the email proxy addresses assigned to Exchange Online mail-enabled objects. Creating the list is straightforward, but figuring out how to use the list afterwards might need more creativity. To get things going, we show how to load the list into a hash table to resolve email addresses into display names.

Customizing the Microsoft 365 User Profile Card with the Microsoft Graph PowerShell SDK

This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account properties shown by the Microsoft 365 user profile card. Previously this was possible using a Graph API request to the beta endpoint. Now everything is in production and Graph SDK cmdlets are available to make customization a tad easier.

Shock and Horror About How the New Outlook Synchronizes User Data

A Nov 9 article published by a German website expressed concern about the way that the new Outlook synchronizes user email data to Azure. There’s nothing to worry about. Outlook synchronizes email data to be able to process the data to support features that the user’s email server might not. It’s what the Outlook mobile client has done for years.

Microsoft-Managed Conditional Access Policies Coming to Eligible Tenants

On November 6, Microsoft announced that they will deploy Microsoft-managed conditional access policies to eligible tenants. A conditional access policy controls the connections users want to make to apps or data by setting conditions. In this case, the Microsoft policies will require MFA before access is granted to apps like administrative portals.

Microsoft Cancels the Teams Who Bot

Message center notification MC687849 announces the retirement of the Teams Who bot. This was one of the original apps developed to show the potential of Teams. In truth, the bot was never very useful. Microsoft says that its functionality will be replaced with Copilot. You’ll be able to query for the answers the Who bot provided for a small extra investment.

Microsoft Details Compliance Support for Microsoft 365 Copilot

Microsoft has described the compliance support from Purview solutions for data generated by Microsoft 365 Copilot prompts and responses. There’s nothing earthshattering in terms of what Microsoft is doing, but it’s good that audit events and compliance records will be gathered and that sensitivity labels will block Copilot access to confidential data.

Reporting the Storage Used by Loop Workspaces

When Microsoft put the Loop app into preview, they didn’t impose any restrictions in terms of licensing or workspace storage. MC678308 announces that Loop workspace storage will count against the tenant SharePoint Online storage quota. This article explains how to use the Get-SPOContainer cmdlet to fetch information about Loop workspaces and the storage they consume.

Reducing the Memory Footprint of Exchange Online PowerShell

The Exchange Online developers issued three recommendations to improve performance and reduce memory consumption for Exchange Online PowerShell sessions, specifically those used by automated scripts that don’t involve human interaction. I think two of the recommendations are very practical and worth implementing by everyone, even if you think everything is good with PowerShell.

eDiscovery Still Doesn’t Handle Loop Components Seamlessly

Following new support of Loop components for Teams channel conversations, it’s sad to discover that Loop component eDiscovery remains challenging two years after the first appearance of component technology in a Microsoft 365 application. eDiscovery can certainly find Loop components, but creating a seamless picture about their usage is harder than it should be.

Using Loop Components in Teams Channels

Loop components have been available for Teams chat for nearly two years. Now they’re coming to channel conversations. The loop files generated for the components are stored in the channel folder of the SharePoint Online site belonging to the team. Once posted, every channel member can edit the Loop component.

Office 365 for IT Pros November 2023 Update Available

The Office 365 for IT Pros eBook team is delighted to announce the release of the 101st monthly update (November 2023). Subscribers can download the updated files from The update covers many chapters and includes topics like the release of the new Teams client, which we learned on October 31 will become the only Teams client on March 31, 2024. Lots of ongoing change inside the Microsoft 365 ecosystem… Which is why a book like Office 365 for IT Pros is the only way to stay current!

Exchange Online Tenants can Postpone Roaming Signatures

A new Exchange Online organization setting postpones the implementation of roaming signatures for Outlook clients in a tenant. The setting only allows a postponement because Microsoft really wants all Outlook clients to use the signature data stored in user mailboxes. The extra time allows tenants that use PowerShell to manage OWA signatures to work as they did before roaming signatures came along and screwed things up.

Using Microsoft Graph SDK Cmdlets to Create a SharePoint Online List

An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In this article, we do the same with cmdlets from the Microsoft Graph PowerShell SDK. The results achieved with the Graph SDK aren’t as good as those gained with PnP.PowerShell. Some of the SDK cmdlets don’t function as expected and the resulting list is not as functional as the one generated by PnP. Oh well…

Primer: Using the MFCMAPI Utility to See Inside Exchange Online Mailboxes

The MFCMAPI utility is of great help to Microsoft 365 tenant administrators who want to understand the data apps store in Exchange Online mailboxes. An on-premises mailbox stores email data, but in the cloud, Microsoft 365 apps use Exchange Online as a convenient place to store data that needs to be accessible to services like Search and eDiscovery.

Teams Grows to 320 Million Monthly Active Users

In Microsoft’s FY24 Q1 results, they disclosed that the Teams number of users had reached 320 million monthly active users. That’s 80% of the overall number for Office 365 monthly active users. The two sets of numbers might not overlap precisely, but one thing’s for certain – Teams is driving a lot of growth and revenue for Microsoft.

Creating Custom Images for Channel Announcement Posts in the New Teams

The new Teams client applies AI to the creation of custom announcement images by invoking Designer to generate images either from scratch or based on your input. The new mechanism generates some nice images that can be extensively customized with Designer. It’s more complex than the way the Teams classic client handled custom announcement images, but the output is nicer.

Creating a Teams Directory in a SharePoint Online List

This article explains how to create SharePoint lists using cmdlets from the PnP.PowerShell module. The original data comes from a script to create a Teams Directory in HTML and CSV format files. The CSV data is imported into SharePoint to populate a list in a communications site. Everything works very smoothly, which begs the question why this kind of import isn’t done more often. Perhaps it’s because people don’t know that it’s possible. They do now.

Blocking Access to Teams Meeting Chat in External Tenants

A setting in the Teams meeting policy controls whether users can access the meeting chat in meetings hosted by non-trusted external tenants. By default, the setting is On, meaning that users can participate in chat for any meeting they join in any tenant. If you have concerns about this aspect of meetings, turn the setting Off and define trusted tenants.

Teams and Microsoft Exchange PowerShell Modules Clash Over Required DLL

After updating a bunch of PowerShell modules, I was dismayed to find a PowerShell module clash caused by a dependency on the Microsoft.Identity.Client DLL. The Exchange Online management module wanted a higher version of the DLL than the one loaded by the Teams module, so the Connect-ExchangeOnline cmdlet barfed. It’s easy to understand the logic behind the problem, but it’s hard to understand why Microsoft let it happen.

How to Limit the Creation of New Teams to Private Access

An interesting discussion in the Microsoft Technical Community about limiting the teams privacy mode to private for new teams caused me to try out the principles. The idea works, with caveats, and I wonder if anyone will use it in production. It’s an interesting technique for using container management sensitivity labels that I’d never thought about before, so here it is.

How to Control the Creation of Microsoft 365 Groups with the Microsoft Graph PowerShell SDK

Microsoft suggests that allowing every user to create new Microsoft 365 groups. That’s mad. Controlling group creation through policy settings is the only way to go. It will avoid group sprawl (or team sprawl) and avoid a lot of administrative effort that will otherwise be devoted to cleaning up the mess of unused and unwanted groups. This article explains how to update policy settings to control group creation using cmdlets from the Microsoft Graph PowerShell SDK.

How to Execute Bulk Updates of Primary SMTP Address for Distribution Lists

Like any mail-enabled object managed by Exchange Online, distribution list proxy addresses determine if Exchange can deliver messages to an object. Sometimes the proxy addresses aren’t correct or need adjustment, such as in the case when an organization wants to make sure that all distribution lists have primary SMTP addresses from a specific domain. This article explains how to use PowerShell to adjust the primary SMTP address when necessary.

Microsoft 365 Groups with Long Names Cause Graph Errors

Microsoft 365 group display names longer than 120 characters will cause problems for Graph API requests attempting to fetch the groups. A workaround exists, which is to make the request an advanced query rather than a regular one. But the question really should be “who needs group display names that are longer than 120 characters?”

Teams Displays Too Many Irritating Popup Messages

Everyone likes a bit of help from time to time, but the number and persistence of irritating Teams pop-ups has become a real pain in the rear end. Worst of all, there’s no way for administrators or end users to suppress Teams pop-ups, which keep on coming in an effort to bore end users to death. On a positive note, the new Teams client includes settings to allow users to choose the classic theme and revert to having channel posts display at the bottom of the screen instead of the top.

How to Block User Access to Microsoft 365 PowerShell Modules

The question of how best to block PowerShell access for Microsoft 365 user accounts deserved some consideration. The answer lies in service principals for the enterprise accounts created by Microsoft to allow PowerShell modules to authenticate with Entra ID. By restricting access to an assigned security group, you effectively block access to anyone outside that group.

How to Remove Licenses From Disabled Accounts with PowerShell

This article explains how to use PowerShell to remove licenses from disabled accounts, including some caveats such as not removing Exchange Online licenses. Organizations might want to do this to save money on Microsoft 365 license fees while an account is temporarily unused. Removal of Exchange Online licenses can result in the loss of a mailbox, and you don’t want that to happen if you’re disabling accounts just because someone is on a long-term sabbatical or other leave of absence.

How to Create Dynamic Microsoft 365 Groups (and Teams) for Departments

This article explains how to use PowerShell to create dynamic Microsoft 365 groups (and teams) based on the departments assigned to Entra ID user accounts. Creating a new group is easy. The trick in team-enablement is to wait for the synchronization between Entra ID and Teams to finish before you go ahead. After that, it’s plain sailing.

Microsoft Removes Exchange Online User Photo Cmdlets

Microsoft announced that they will deprecate the user photo cmdlets from Exchange Online from November 30, 2023. Microsoft Graph PowerShell SDK cmdlets replace the EXO cmdlets because user photo data is stored in Entra ID. Although inconvenient for those who need to update scripts, this is part of an effort to rationalize how Microsoft 365 handles user profile information.