Delete Azure AD User Accounts and Restore Them Afterwards with the Microsoft Graph PowerShell SDK

Microsoft has announced that it will be possible to recover a deleted service principal by the end of May. This is good news because it means that an accidental deletion can’t wreak the kind of havoc it can today. Microsoft hasn’t updated the APIs to manage soft-deleted service principals yet, but we can get an insight into what’s likely to happen by investigating how to manage deleted Azure AD accounts using cmdlets from the Microsoft Graph PowerShell SDK.

Microsoft Launches Preview of Idle Session Timeout for Web Apps

Microsoft has released the preview of an idle session timeout policy to control the automatic sign-out of Microsoft 365 web apps. Not every web app is covered, but those that are will be signed out automatically when one of the covered apps becomes inactive for a stated period in a browser session. At that point, Microsoft 365 signs out all the web apps and forces the user to sign in again. Sounds like a reasonable idea, and it replaces existing mechanisms available for OWA and SharePoint Online.

Microsoft Gives Tenants Opt-Out for Exchange Online Plus Addressing

Microsoft intends to make the Exchange Online plus addressing feature available by default to all Microsoft 365 tenants after April 17, 2022. If you don’t want this to happen, you need to update the Exchange Online organization configuration to update the DisablePlusAddressInRecipients setting to True. After the opt-out 30-day period finishes, Microsoft will proceed with the deployment, so don’t say you weren’t warned!

Why It’s Difficult to Transfer Membership Rules from Exchange Online to Azure AD

It seems like it should be possible to transfer a membership rule from an Exchange dynamic distribution list to a dynamic Microsoft 365 group/team, but it’s not. Different directories, schemas, properties. and syntax conspire to stop easy conversion. It’s a pity, but that’s the way life and technology sometimes go…

Microsoft Sets New Deprecation Schedule for Azure AD PowerShell

Lots of news has emerged from Microsoft recently regarding the deprecation of the Azure AD PowerShell module and the older MSOL module. Although dates have slipped from the original June 30, 2022 deadline, the signs are that Microsoft will retire the modules in early 2023. However, the Azure AD and MSOL license management cmdlets will stop working on August 26, 2022, so that’s the immediate priority for script upgrades.

How to Create a Report About Teams Tags

Teams tags appeared in early 2020 as a method to address subsets of a team membership in channel conversations. Microsoft doesn’t provide a method to report what teams use tags and what those tags are, but we can find out using the Graph APIs. In this article, we show how to use the Microsoft Graph PowerShell SDK to create a report of all teams which use tags, the names of the tags, and the team members assigned the tags.

Converting Dynamic Distribution Lists to Microsoft 365 Groups and Teams

This article explains how to create a new Microsoft 365 group and team using the membership and properties of an Exchange Online dynamic distribution list. The process is reasonably straightforward, but as always with PowerShell, there are some interesting turns and twists that must be navigated en route.

All About the Microsoft 365 Groups and Teams Activity Report

The Microsoft 365 Groups and Teams Activity report is a PowerShell script which tries to work out if groups and teams are inactive by checking various usage indicators. Because it’s written in PowerShell, tenants can change the script as they like, perhaps even adding some extra turbocharging to the ideas we’ve incorporated into the code.

Contemplating the Oddities of Planner Limits

Microsoft’s documentation for Planner limits raises more questions than it answers. Some of the documented limits are straightforward and easily understood. Others are just plain odd and bear no resemblance to what people see when they use the app. Microsoft’s writers have some work to do…

Whiteboard Nears End of Transition to OneDrive

The transition of Whiteboard storage from Azure to OneDrive for Business is approaching its end. A set of updated clients delivered at the end of March 2022 should do the trick. However, storing newly-created boards in OneDrive is one thing. Migrating old boards and updating components like the Whiteboard Admin PowerShell app are another. We don’t know what’s happening there and Microsoft hasn’t published any guidance.

Remote Connectivity Analyzer Diagnoses Teams Connections to Exchange Hybrid

Microsoft’s Remote Connectivity Analyzer (MRCA) utility is now able to run diagnostics to check connectivity between Teams and an Exchange hybrid organization. MRCA was in the doldrums for several years because no one inside Microsoft had any interest in providing funding for its development and support. Now the utility is roaring back with a set of new tests covering different aspects of Microsoft 365. Recommended!

New OneDrive Shortcut Move Feature Rolling Out

OneDrive for Business

Microsoft is rolling out a new feature to allow users to move OneDrive shortcuts to shared or private folders. Although a nice upgrade, being able to move shortcuts is not the biggest OneDrive issue. What stops me using shortcuts is the clash between them and the OneDrive sync client. It seems like it should be an easy fix for Microsoft to apply, and when they do, I’ll happily move OneDrive shortcuts around.

New Account Switcher Coming for Microsoft 365 Web Apps

In a March 4 update, Microsoft announced that Microsoft 365 web apps will get a new account switcher to allow users to run multiple signed-in sessions and switch between the accounts seamlessly. Not every Microsoft 365 web app supports the new feature, with Teams being a notable miss, but there’s enough there to make this a very useful feature.

Microsoft Delays Outlook Roaming Signatures Until July 2022

Outlook logo

Microsoft’s latest update for the roadmap item for Outlook roaming signatures puts general availability in July 2022, some two years after the original announcement. It’s a strange delay, even by the standards of the Outlook desktop development cycle. ISVs who make signature management software have used the delay to good effect to improve their products, so it remains to be seen what effect Outlook roaming signatures will have on that market.

Creating an Authentication Method Report for Azure AD Accounts

With the upcoming deprecation of the Azure AD and Microsoft Online Services (MSOL) PowerShell modules, it’s time to upgrade scripts which depend on the cmdlets from these modules. In this example, we use the Microsoft Graph SDK for PowerShell to create a report for Azure AD accounts showing the authentication methods each account uses. The idea is to highlight accounts not protected by strong authentication so that administrators can help users to upgrade their protection against attack.

How to Control the Display of People Insights in Microsoft 365

People insights is one of the three types of insights derived by the Microsoft Graph from signals gathered from user activity in Microsoft 365 apps. Some organizations don’t like to show people insights in the user profile card, and now you can update an organization setting to remove people insights from the card for all or just some users.

March Update Available for Office 365 for IT Pros (2022 Edition)

The March 2022 update for the Office 365 for IT Pros (2022 edition) eBook is now available for download by subscribers. Lots of things changed during February and are covered in this update. We expect more to come in March, including Teams shared channels. And by the way, seeing it’s March 1, new prices are now in force for Office 365 and Microsoft 365 licenses, so it’s a good idea to check what you use.

Working Around the Teams Meeting Co-Organizer Role Limitations

The Teams meeting co-organizer role helps to run smooth meetings, but co-organizers can’t do everything an organizer can. How to get around the limitations? Well, one way is to use an old technique to schedule important meetings using a special account. There might be others, but that’s the one described here.

Teams Shared Channels Bring Their Own Challenges

Teams Shared Channels will be available in public preview in March. Exciting as it is to get new functionality, shared channels come with their own challenges. For example, how do organizations deal with the fact that compliance processing occurs on the tenant which owns a shared channel? Backup is another challenge. Teams has always been complex to backup, but how will backup vendors handle the new channels?

Microsoft 365 Data Loss Prevention and Encrypted Message Type Exceptions

Microsoft 365 Data Loss Prevention (DLP) policies have wide-ranging capabilities when it comes to rules and exceptions. One exception covers the various types of encrypted email that can pass through the Exchange Online transport pipeline. As it happens, three message types are supported, but who could have guessed that permission controlled means rights management?

Understanding How App Certification for Microsoft 365 Apps Works

By now, Microsoft 365 tenant administrators realize the need to understand how apps use consent to access Microsoft 365 data. App certification helps by reassuring tenant administrators that third-party apps meet certain criteria set by Microsoft. Achieving Microsoft 365 certification is the highest bar in the program. It’s just a pity that many of the apps now appearing in the ecosystem don’t achieve this level of app certification.

Keeping Confidential Outlook Email Private

Outlook logo

Delegates often process Outlook email for others. It’s a feature that works well. That is, until protected email arrives. Delegates shouldn’t be able to read protected email in other peoples’ mailboxes. But some versions of Outlook allow this to happen. If you want to be sure that delegates can’t access protected email, maybe you should consider using a dual-mailbox approach.

How Microsoft Teams Displays Local Time in User Profile Cards

A new Microsoft Teams feature means that local time zone information appears on user profile cards. While it seem simple, the feature is very useful when arranging meetings because you know up-front about the working hours of your colleagues. It’s a detail that makes sense!

Why Exchange Online Mailboxes have SharePoint Online Proxy Addresses

A post by the Exchange development group tried to explain why mailboxes have SharePoint Online proxy addresses. It’s all down to the Microsoft 365 substrate, which needs the proxy addresses to ingest digital twins from SharePoint Online into Exchange Online for use by shared services like Microsoft Search. The upshot is that you can’t remove a mailbox permanently without some background processes kicking in to make sure that SharePoint is taken care of.

Understanding What’s in an Azure AD Access Token

Access tokens are an important part of accessing data using modern authentication through APIs like the Microsoft Graph. But what’s in an access token and how is the information in the access token used by PowerShell when the time comes to run some Graph queries in a script? In this article, we look behind the scenes to find out what’s in the JSON-structured web tokens issued by Azure AD.

Fluent Emojis Arrive in Microsoft Teams

Microsoft has released a new set of over 1,800 fluent Teams emojis for use in chats and channel conversations. Soon you’ll be able to use Teams emojis as reactions in chats. Teams emojis are different from Windows emojis, but you can use the Windows emojis in channel names to highlight and emphasize the reason why the channel exists. All in all, the new emojis are a good thing and will be popular with many users.

Microsoft 365 Search Experiences Upgraded to Include Teams and Outlook Messages

An update to Microsoft Search means that search results available in SharePoint Online and Office.com now include Outlook and Teams messages. Microsoft has also updated Microsoft Search in Bing to include Outlook messages. All in all, these changes make Microsoft Search the go-to location when you need to find mailbox and Teams messages.

Managing Azure AD’s Keep Me Signed In (KMSI) Feature

The Azure AD Keep Me Signed In (KMSI) feature uses a persistent cookie to allow users close and reopen browser sessions without sign-ins. If you don’t want to use KMSI, you can update Azure AD company branding to remove the option. Users will then have to reauthenticate each time they start a browser session. The decision to disable or keep KMSI is highly tenant-specific and depends on how authentication happens.

Microsoft Viva One Year On: Ten Million Users and Counting

Microsoft says that its Microsoft Viva platform has ten million users after one year. That’s good, but does it mean success when measured against the user numbers for Office 365 and Teams? And how has the technology evolved during the year. All explained here.

KQL Editor Makes Content Search Queries Easier to Compose

The KQL editor is a relatively new feature in Microsoft 365 that makes it easier to compose queries to find email and documents in content searches, core eDiscovery, and advanced eDiscovery. Although it’s not perfect, the KQL editor helps compliance managers to perfect queries and resolve syntax errors. Human intelligence is still needed to make sure that everything works!

How to Report Groups Under the Control of the Microsoft 365 Groups Expiration Policy

The Microsoft 365 group expiration policy can remove inactive groups after a set period. This helps clean up Azure AD, but the removal of a group might come as a surprise. To help remind administrators when groups will expire, we can use PowerShell to create a report of groups within the cope of the expiration policy and their next renewal dates. And to speed things up, we can turbo-charge matters with a Graph query.

Microsoft Launches Azure AD Cross-Tenant Access Policies

On February 7, Microsoft announced the preview of Azure AD cross-tenant access, a new capability to allow users obtain credentials in their home tenant and use these credentials to access resources in other Microsoft 365 organizations. Microsoft Teams Connect (aka shared channels) is likely the first app to use cross-tenant access, with public preview of that feature expected in March 2022.

How to Block Planner Users from Removing Tasks Created by Others

Administrators can set a block policy on users to stop them deleting Planner tasks that they didn’t create. The feature isn’t well known, but might be useful in situations where plan owners want tight control over task deletion. Unfortunately, the implementation isn’t well finished and client user experiences are not what you’d like.

Why Cleaning Out the Teams Cache Sometimes Helps to Fix Clients

Microsoft Teams has a poor reputation for performance. People often suggest clearing the Teams cache is a good way to fix a variety of problems. That might be the case because hard experience proves that clearing the cache often helps. Microsoft says that signing out is enough to clear the cache, but others recommend removing local files from the workstation. Maybe no clear answer will emerge until we have a Teams 2.0 client, and that’s likely to come with its own oddities.

How to Exploit Azure AD Sign-in Data to Detect Problem Service Principals

Service principal sign-in data from Azure AD is now accessible through a Microsoft Graph API. This means that you can analyze sign-in data to locate problem apps and remove old or unwanted service principals from your Microsoft 365 tenant. It’s time for spring cleaning!

Microsoft Lists Available as Preview for Consumer Accounts

Microsoft Lists is now available in a preview for users with Microsoft Service Accounts (MSA). The preview is tagged as a lightweight version of the enterprise capabilities available in SharePoint Online. When generally available, we might see this as a premium consumer offering. In other news, an opinion says that Lists should replace Planner. I disagree, and say why.

Time to Download the February 2022 Update for Office 365 for IT Pros

The February 2022 update for Office 365 for IT Pros (2022 edition) is now available for subscribers to download. This is the 80th monthly update for the book, so you can say that we have accumulated some practice in producing monthly updates. Every month, we meet some surprises as we develop new content, amend existing text, or remove old material. It’s part of the joy of working on a book which evolves all the time, We’d appreciate if subscribers download the February update at their convenience… why use old text when an updated version is available?

Microsoft Teams Chat Gets Compact or Comfy Spacing

Users can configure Teams chat to use a comfy (default) or compact spacing. The new density setting works on desktop and browser clients. The idea is to help users make better use of screen space. I quite like the compact setting. For now, the new setting is available to preview users and will no doubt reach general availability in a matter of weeks.

How Default Sensitivity Labels Work with SharePoint Online Document Libraries

SharePoint Online and OneDrive for Business will soon gain the ability to apply default sensitivity labels to document libraries. The feature is currently in preview and requires some complicated PowerShell to configure, but Microsoft is working on the GUI and expects to make the capability generally available later this year.

Why Microsoft Reannounced the Send from Email Aliases Feature

Microsoft announced the preview of the Send from Email Aliases feature on January 25. The only problem is that the same feature was released in April 2021. And OWA gained full support for it in October 2021. So why would Microsoft reissue an existing feature? They’re not saying, but I suspect it’s down to fixing some issues in the Exchange Online transport service to make sure that messages sent from an email alias work properly in every circumstance.