The question of how best to block PowerShell access for Microsoft 365 user accounts deserved some consideration. The answer lies in service principals for the enterprise accounts created by Microsoft to allow PowerShell modules to authenticate with Entra ID. By restricting access to an assigned security group, you effectively block access to anyone outside that group.
This article explains how to use PowerShell to remove licenses from disabled accounts, including some caveats such as not removing Exchange Online licenses. Organizations might want to do this to save money on Microsoft 365 license fees while an account is temporarily unused. Removal of Exchange Online licenses can result in the loss of a mailbox, and you don’t want that to happen if you’re disabling accounts just because someone is on a long-term sabbatical or other leave of absence.
This article explains how to use PowerShell to create dynamic Microsoft 365 groups (and teams) based on the departments assigned to Entra ID user accounts. Creating a new group is easy. The trick in team-enablement is to wait for the synchronization between Entra ID and Teams to finish before you go ahead. After that, it’s plain sailing.
Microsoft announced that they will deprecate the user photo cmdlets from Exchange Online from November 30, 2023. Microsoft Graph PowerShell SDK cmdlets replace the EXO cmdlets because user photo data is stored in Entra ID. Although inconvenient for those who need to update scripts, this is part of an effort to rationalize how Microsoft 365 handles user profile information.
Teams town halls are a new event type designed to host large audiences. Town halls will replace Live Events, which Microsoft will remove on September 30, 2024. If you’ve ever created a Teams webinar event, running a town hall will seem very similar. That’s because the two event types follow similar methods to set up and manage events. Microsoft still has some features to build into Town Hall to make it functionally equivalent to Live Events. These features will come in time.
Microsoft 365 tenants with eligible licenses can use Bing Chat Enterprise (BCE). It’s a great way for users to become accustomed to dealing with AI prompts and generated results. First, users can discover how well-structured prompts generate better results. Second, they can see how a lack of care in reviewing results might get them into trouble because of AI-generated errors.
The Teams 2.1 client uses a different folder and naming convention for custom background images. People who switch must move their images, so here’s a script to do the job by resizing images to meet Teams requirements, renaming the files to comply with the new naming scheme, and copying the files from the old to the new folder, It’s PowerShell, so you can change the code as you like.
An old script created to report quotas for user mailboxes provided the basis for email-based reporting of shared mailbox quotas. The old script used just Exchange Online PowerShell. This versions mixes Exchange Online and the Graph SDK and throws in some certificate-based authentication to boot to allow the script to send email from something other than the signed-in account.. It all comes together, using chunks of code from other scripts to speed up writing. It’s the PowerShell way…
The 100th update for the Office 365 for IT Pros eBook is available for subscribers to download. Like any Office 365 for IT Pros update, #100 is packed full of new information, insights, and ideas drawn from across the Microsoft 365 ecosystem. Things have changed enormously since the book first appeared in May 2015, but now we’re looking forward to the next 100 updates!
Outlook keeps on evolving. Two recent changes are the addition of a Find Related search option in the desktop client and a reminders pop-out window for the Monarch (preview) client. Find related is a nice way to accelerate searches for all items for a conversation or from a sender. The reminders pop-out window seems to be an idea borrowed from the Outlook classic client, but maybe it’s so much better when implemented for a browser client.
Microsoft announced that the Loop app will be licensed for four Microsoft 365 product SKUs (two for SME, two for enterprise). Preview users that don’t have one of the chosen licenses are unaffected, at least for now. The licensing decision doesn’t affect the use of Loop components in applications like Outlook and Teams chat, but it is part of a trend to license new functionality in Microsoft 365 rather than the older Office 365 products.
I was asked how easy it would be to write a PowerShell script to monitor new teams members and reject any additions that met specific criteria. Easy, we said, so we set to creating a script to interrogate the unified audit log to find new member events. Once that was done, it’s a matter of analyzing the events to find if we should reject the addition of any of the added members.
After writing a previous article about using PowerShell to analyze message trace data, I was asked about analyzing user (or mailbox) sending patterns to discover who’s sending email and where they’re sending messages to. As in many similar situations, PowerShell is a great tool to use because of its flexibility. This article explains how to generate a per-mailbox report of how many messages are sent and the percentage of internal versus external, plus the external domains the email goes to.
A reader asked how they could create dynamic administrative units for every department in their directory. A PowerShell script does the job, even if some constraints in how Entra ID processes membership rules means that the rules can’t be quite as precise as I would like them to be.
At a September 21 event in NYC, Microsoft announced that the Microsoft 365 Copilot digital assistant will be generally available to enterprise customers on November 1. Quite how many customers will be willing to cough up for license upgrades and $30/month Copilot subscriptions will soon be seen. The advent of the Copilot Lab to help users come to grips with building good prompts to drive Copilot is an excellent idea, but the focus on Monarch as the sole Outlook client might become a blocking factor for some.
It’s possible to use PowerShell to create a report detailing the SharePoint Online site URLs used with Teams. My first attempt used the Exchange Online module, but is the Graph any faster? As it turns out, not really. At least, not for interactive sessions using the Microsoft Graph PowerShell SDK (things are different when running SDK code using a registered app). I tried several approaches, but Graph permissions got in the way every time.
On September 19, 2023 Microsoft announced their intention to retire the Exchange Web Services API on 1 October 2026. The suggested replacement is the Microsoft Graph API. Microsoft acknowledges that some gaps exist that they need to close before EWS retirement happens, but one big issue they didn’t discuss is what happens to the backup products that currently use EWS to backup Exchange Online.
Soon after they launched Outlook Reactions in 2022, Microsoft received requests to disable the feature. Now you can by adding SMTP headers to messages. Outlook clients will be able to add the header to stop recipients reacting and organizations will be able to create mail flow rules to add the header to selected messages. It’s nice to have a way to disable reactions.
Entra ID includes a registration campaign feature to help organizations move users to stronger authentication methods like the Authenticator app. Running campaigns is a good thing, unless you decide to do it when the administrators are away from the office (like me) or users are unprepared. But it is time to get rid of SMS and voice responses to MFA challenges, so maybe you should schedule a campaign soon?
A Teams unified picker for fun content is now available in the Teams 2.1 client. The new picker replaces the existing options to add GIFs and stickers. I’m sure this update will be important to some people, but I’m more impressed by the change to improve the performance and reliability of synchronizing calendar updates between Outlook (Exchange Online) and Teams. All available soon.
For whatever reason, SharePoint Online doesn’t allow administrators to control the settings of document libraries. In particular, default sensitivity labels. It seems crazy that other Microsoft 365 workloads allow administrators to manage the settings of things like mailboxes, groups, plans, and teams, but SharePoint Online holds steadfast to not allowing administrators go deeper than a site. It would be nice to see consistency around administrator access across all workloads.
Microsoft announced three changes to Entra ID cross-tenant access settings that will improve how the settings work for large enterprise tenants in particular. One of the changes improves the blocking of Entra ID B2B Collaboration invitations extended to allow guest users access resources in a tenant. When Entra ID evaluates whether it should issue an invitation, it now takes the blocklist (if set) in the B2B collaboration policy and cross-tenant access settings into account. It’s the way things should have worked from the start.
Technical web sites are 10 a penny these days, and the content published on many is worth the same. Good sites dedicate resources to copy and technical editing, and that’s what makes a real difference in terms of article quality. If you’re in Atlanta for the TEC 2023 conference, come talk to us about writing for Practical365.com.
Recent details released about the Storm-0558 attack on sensitive U.S. agencies revealed the importance of the MailItemsAccessed event for forensic investigations. Luckily, after Microsoft was a tad embarrassed by the recent Storm-0558 attack, tenants with Office 365 E3 or Microsoft 365 E3 licenses can capture the MailItemsAccessed event for mailboxes without having to pay for Microsoft Purview Audit Premium. But you might have to do a little work to ensure that the right audit configuration is used for all mailboxes.
Teams channel meetings belong to a channel, but who receives the invitations for these meetings? The answer is “it depends” – on group settings and options. The underlying Microsoft 365 group might have a subscriber list of users who want to receive email for new events like meetings or the user might choose to send invitations to everyone. We discuss the mechanics and explore a way to schedule meetings in shared and private channels too.
The SharePoint News in Outlook feature allows users to email news items to recipients within the same tenant. It’s like the Teams Share to Outlook feature and is just about as exciting. Some new templates allows users to post and email news items by displaying a screen to collect email properties. Interestingly, the feature supports multi-tenant organizations, but I suspect that this is an error.
A new setting for SharePoint Online sites turns them into “restricted sites,” meaning that only site members noted in assigned groups can access site content. I thought that’s the way sites connected to Microsoft 365 groups work, but this is the “to be sure, to be sure” lockdown features. You can also restrict sites that aren’t connected to Microsoft 365 Groups. Add some sensitivity labels and the block download policy, and sites can be pretty secure.
A recent update for the Loop app allows users to create and collaborate on code blocks. The editor is very simple and doesn’t check syntax, but it could be a way for people (within a tenant) to collaborate and sketch out potential code solutions to problems. You can create Loop components from code blocks and use those components with Teams chat and Outlook messages, if you remember to stay within your tenant.
Microsoft has moved to resolve anti-competitive problems around bundling of Teams in Office 365 and Microsoft 365 by introducing new Microsoft 365 and Office 365 EEA licenses that don’t include Teams. Existing customers aren’t affected and can continue to use Microsoft 365 and Office 365 licenses that include Teams. At the same time, Microsoft promises to make it easier for third parties to integrate apps with Teams and the Microsoft 365 apps. We’ll see how that turns out in the future.
The September 2023 update for the Office 365 for IT Pros eBook (monthly update #99) is available for subscribers to download. Details of the update are available in our change log. However, sometimes the change log doesn’t tell the full story about the updates we make to content. A chapter author might forget about a change they make, or maybe we rewrite something and don’t mention it. The point is that the book is in a state of constant change to keep up with the updates Microsoft ships across the Microsoft 365/Office 365 ecosystem.
Microsoft has decided to remove the Reuse Files feature from Word. They haven’t said why this is happening, but 8t might be linked to the launch Copilot for Microsoft 365. “AI-Lite” features like Reuse Files don’t add a huge amount of value and possibly cloud the message about AI in Microsoft 365. The truth is that we don’t know why Microsoft is removing Reuse Files from Word. Will they do the same in Outlook and PowerPoint?
Delayed until October 2023, the Teams Meet app will appear in the Teams 2.1 client to help users manage meetings more effectively. At least, that’s the plan. The app works well for internal meetings but its review capabilities are limited when you attend meetings hosted in another tenant. The Meet app will be beneficial in large organizations where people attend lots of meetings, but will might be less effective in smaller organizations. It’s worth looking at to decide if the Teams Meet app works for you.
Teams Premium Trial licenses are to be offered to end users in commercial tenants worldwide for self-service purchases from September 2023. I quite like some of the functionality available in Teams Premium, but I think organizations are better off using the “regular” Teams Premium trial licenses to run a test involving up to 25 users for 30 days. The results are probably going to be more indicative of the worth of Teams Premium than any individual test can be.
Microsoft announced on August 17 that they are not proceeding with the implementation of dark mode support in the Teams Admin center. The news came as a surprise, but it’s an indication of the lack of user interface consistency across the different Microsoft 365 administrative consoles. Token handling is another example. I can live without dark mode, but being forced to sign out by the Teams admin center is a pain.
A Microsoft 365 Copilot session for partners didn’t reveal much new about the technology, but it did emphasize software, prompts, and content as core areas for implementation projects. Building good queries is difficult enough for normal searches, so how will people cope with Copilot prompts. And are the data stored in Microsoft 365 ready for Copilot? There’s lots to consider for organizations before they can embrace Microsoft’s digital office assistant.
The EntraExporter toolis a PowerShell module that generates details of objects in an Entra ID tenant configuration (like groups, policies, and users) and creates JSON files. It’s a great way to capture point-in-time information about Entra ID (Azure AD) configuration. Although you can’t replay the captured data to recreate objects, having all the information available is a great start if you need to restore or replay anything.
This article describes how to use PowerShell to extract and analyze Exchange Online message trace data to figure out the volume of traffic to outbound domains and from inbound domains. You might think that this is the same information as available in the Exchange admin center mail flow report, but it’s not. Once again, the value of PowerShell in retrieving and using data is evident.
A question about how to report specific changes to Teams memberships gave another excuse to use PowerShell with the unified audit log to deliver a solution. The idea is that you can check audit log entries to see when specific user accounts join the membership of Teams. Once you’ve found that data, it’s a simple matter of creating email to share the results. All done with a few lines of PowerShell…
A question about finding out which sensitivity label policy makes a label available to a user requires some PowerShell to figure out the answer with some human-friendly results. The outcome is a script that analyzes sensitivity label policies to find where a user gets their labels from. It’s another example of how useful PowerShell can be.
For years, I have scanned the audit log to find FileDeleted events to report deletions of SharePoint and OneDrive documents. Now, FileRecycled audit events are used instead. This wouldn’t be a problem if Microsoft had told customers, but not a trace can be found to let organizations know that the audit data they use for compliance operations has changed. I don’t know if this is the only activity name change, but given that one update has happened (and for a relatively important audit event), it’s likely that others lurk in the undergrowth.