SharePoint Online Drops One Time Passcodes for External AccessMarch 6, 2026 7:59 am-From July 2026. SharePoint Online and OneDrive for Business will use Entra B2B Collaboration (guest accounts) to control external access to shared files. This change has been coming since 2021, but it takes time for organizations to get their heads around changing the way to grant external access. It’s time to embrace guest accounts, and that means doing some work to manage guest accounts on an ongoing basis.
Measuring KPIs like Response Times for Shared MailboxesMarch 5, 2026 7:00 am-Shared mailboxes are not CRM systems. However, many Microsoft 365 tenants use shared mailboxes to handle customer queries and then want to measure KPIs such as agent responsiveness to customer queries or the number of queries handled per agent in a month. As explored in this article, it’s possible to use the Microsoft Graph to extract some KPI-like data from shared mailboxes.
How to Test a File Against DLP Sensitive Information TypesMarch 4, 2026 7:00 am-Sensitive Information types (SITs) are definitions of data like credit card numbers used by DLP rules to detect potential external sharing violations. Knowing what SIT to use in a DLP rule is often difficult, which is why the Purview developers have added a test option to allow tenants to test files against individual SITs or all SITs to see what happens.
Microsoft Celebrates SharePoint 25th Anniversary with AnnouncementsMarch 3, 2026 7:00 am-Microsoft celebrated the 25th anniversary of SharePoint with a batch of announcements, including AI in SharePoint, intended to help administrators to manage all aspects of SharePoint Online through natural language. Other interesting announcements included department-level payments for Microsoft 365 Backup and the renaming of the Connections app in Teams as the SharePoint app. Well, the last wasn't that interesting...
March 2026 Update for Office 365 for IT ProsMarch 2, 2026 7:00 am-We've released monthly update #129 for the Office 365 for IT Pros eBook. Current subscribers can download the EPUB and PDF files from gumroad.com. This month we reflect on the 25th anniversary of the release of SharePoint Portal Server 2001 and the 30th anniversary of Exchange Server V4.0. Both servers have experienced great success online and on-premises. Long may they continue!
Planner’s Newly Redesigned InterfaceFebruary 27, 2026 7:00 am-Microsoft has launched a redesigned user interface for the Planner app. The big news is the inclusion of task chat. Goals are also available, but only to people with a Microsoft 365 Copilot or Planner Premium licenses. Task Chat is a nice feature, and I am sure that it will be popular. UX redesigns often disappoint. At least this one offers new features.
Extending Protection for Confidential SharePoint Online FilesFebruary 26, 2026 7:00 am-Sensitivity labels offer great protection against unauthorized access, but sometimes files that aren't encrypted escape from a document library. SharePoint Online can now use sensitivity labels configured with user defined permissions (UDP) to extend protection to downloaded files. The magic works by configuring permissions on download based on the membership of the user who downloads a file.
How to Use Scoped Graph Permissions with SharePoint ListsFebruary 25, 2026 7:00 am-This article explains how to use scoped Graph permissions to restrict app access to lists and list items in SharePoint Online and OneDrive for Business sites. It's a follow-up to other articles covering how to restrict app access to SharePoint Online sites and files. Scoping app access to specific objects is important because otherwise apps can access everything in SharePoint Online, and that isn't good.
Microsoft Extends DLP Policy for Copilot Protection to All Storage LocationsFebruary 24, 2026 7:00 am-Microsoft has enhanced the DLP policy for Copilot to cover Office files held in any storage location instead of only Microsoft 365 locations like SharePoint Online and OneDrive for Business. The change is made in the Office augmentation loop, a little-known internal component that coordinates use of connected experiences by apps. Extending the DLP policy to cover all locations makes perfect sense.
Update #21 for Automating Microsoft 365 with PowerShellFebruary 23, 2026 7:00 am-Update #21 for the Automating Microsoft 365 with PowerShell eBook is now available for current subscribers to download from Gumroad.com. Refreshed PDF and EPUB files are available and the paperback version available from Amazon.com is also updated. Automating Microsoft 365 with PowerShell is packed with practical ready-to-use examples of working with apps, sites, mailboxes, teams, plans, and other data. Every Microsoft 365 administrator should have this book!
Microsoft Takes Aim at ChatGPTFebruary 20, 2026 7:00 am-Microsoft would very much like Microsoft 365 tenants to use Copilot instead of ChatGPT. A recent comparison between Copilot and ChatGPT outlines some areas that Microsoft thinks are important when deciding which AI tool to use. Microsoft has a point because Copilot is embedded into Microsoft 365 whereas ChatGPT is more of an add-on. The competition for hearts and minds is very intense in the AI space.
Using Dev Proxy with the Microsoft Graph PowerShell SDKFebruary 19, 2026 7:00 am-Dev Proxy is a Microsoft tool built to help developers figure out the most effective way of using Microsoft Graph API requests. On the surface, Dev Proxy doesn’t seem like a tool that would interest people who use the Microsoft Graph PowerShell SDK to write scripts for Microsoft 365. But all tools have some use, and Dev Proxy can help.
How to Use Scoped Graph Permissions to Access SharePoint FilesFebruary 18, 2026 7:00 am-Scoped permissions grant apps granular access to files and folders in SharePoint Online and OneDrive for Business sites using the Files.SelectedOperations.Selected Graph permission. The permission allows apps to access specific files or all the files in a folder. It’s a great way to make sure that apps don’t have unfettered access to confidential documents. Not that any app would try to have that kind of access…
Primer: Use RBAC for Applications to Control App Use of the Mail.Send PermissionFebruary 17, 2026 7:00 am-The temptation to use the Mail.Send application permission in scripts can lead PowerShell developers into trouble because the permission allows access to all mailboxes, including sensitive executive and financial mailboxes. Fortunately, RBAC for Applications allows tenants to control the access that apps have to mailboxes and other Exchange content. All explained here with an example script to test RBAC of Applications.
Exchange Online PowerShell Dumps the Credential ParameterFebruary 16, 2026 7:00 am-On February 12, Microsoft announced the deprecation of the Credential parameter for the Connect-ExchangeOnline cmdlet in the Exchange Online PowerShell module. The deprecation won’t affect interactive sessions (which should all be protected by MFA), but it might stop some background jobs running when Microsoft retires the server components that currently support the ROPC authentication flow. Time to check scripts!
Code Error Allowed Copilot Chat to Expose Confidential InformationFebruary 13, 2026 7:00 am-A code error allowed Copilot Chat to expose confidential email. Microsoft is fixing the problem, but it’s a reminder of how AI can expose information of Microsoft 365 tenants don’t use available features to restrict AI access. Those features need to be configured and deployed, but that doesn’t take much effort. It’s better than users complaining when Copilot exposes their most secret thoughts.
New Outlook Gets Smarter DLPFebruary 12, 2026 7:00 am-The news that the new Outlook client will support custom oversharing dialogs for DLP policies might not seem very interesting, but it provoked me to look more closely into how to build and deploy custom oversharing dialogs. All it takes is some well-structured JSON and an update to DLP rules, and the classic and Monarch Outlook clients should display custom tenant instructions to anyone who violates DLP rules.
Deactivating an Entra ID ApplicationFebruary 11, 2026 7:00 am-This article explores how to deactivate applications (aka disable apps) in Entra ID. Everything is done through PowerShell and the Microsoft Graph PowerShell SDK because the feature isn’t currently available in the Entra admin center. We’ve even included a fully functional example script to show you how the process works. Feel free to fix or enhance our code in GitHub!
Maester and UTCM Are Complementary Tools for Microsoft 365 Tenant ManagementFebruary 10, 2026 7:00 am-Since the release of the preview version of the UTCM solution, some have asked if UTCM will replace the Maester tool. The answer is no. The tools are complementary and both are very useful to Microsoft 365 tenant management. Maester is a community-driven reporting tool that highlights inconsistencies between external and Microsoft baselines. UTCM focuses on setting drift that can occur in workload configurations. Both have their own niche.
How to Report Adaptive Scope MembershipFebruary 9, 2026 7:00 am-The Get-AdaptiveScopeMembers cmdlet reveals details of adaptive scope membership to make it possible to report this information programmatically. The task is not as simple as you might imagine. Summary records must be separated from member records, which can reflect add or remove operations. And there’s the question of pagination for large adaptive scope. All explained here with a PowerShell script to help.
The Final Countdown to Remove EWS from Exchange Online BeginsFebruary 6, 2026 7:00 am-Microsoft announced the dates leading to the final retirement of Exchange Web Services from Exchange Online. If all goes well, the EWS retirement in the cloud will happen by May 2027. Challenges still exist. Microsoft must remove EWS from its own apps, including Outlook, and help tenants and ISVs make the leap to Graph APIs. Plans are in place and progress is being made, but will everyone be ready when Microsoft removes EWS permanently from Exchange Online in April 2027?
Microsoft Previews userConfiguration Graph APIFebruary 5, 2026 7:00 am-A new userConfiguration API is available to retrieve data from Folder Associated Items (FAIs) in Exchange mailboxes. The new Graph API is part of the EWS migration project and is intended to allow application developers to migrate EWS code that updates FAIs with Graph equivalents. Most Microsoft 365 tenants will never use this API, but it's nice to know how things work.
PAYG Services Like Purview DSI Can Rack Up Large ChargesFebruary 4, 2026 7:00 am-Microsoft offers several PAYG services to Microsoft 365 tenants. Data Security Investigations (DSI) is the newest. These services can rack up compute charges to perform processing (in the case of DSI, AI processing of items found in Microsoft 365 sources). If tenants don’t take care, they might end up with big Azure bills. Be aware, prepare, measure, and minimize processing to avoid large charges.
Microsoft Unified Tenant Configuration ManagementFebruary 3, 2026 7:00 am-Unified Tenant Configuration Management (UTCM) is a new tenant configuration management solution that can monitor changes to over 300 resource types found within Microsoft 365 tenants. Currently accessible via Microsoft Graph beta APIs to all tenants, UTCM offers an alternative to Microsoft DSC and third-party configuration management products. No details are available yet about an admin UX, licensing, or availability.
February 2026 Update for Office 365 for IT ProsFebruary 2, 2026 7:00 am-The February 2026 (update #128) files for the Office 365 for IT Pros (2026 edition) eBook are available for current subscribers to download from Gumroad.com. The Automating Microsoft 365 for PowerShell eBook has also been updated. Like any month, the updates applied to Office 365 for IT Pros make sure that the book stays refreshed and up-to-date with the changing world of Microsoft 365.
Microsoft 365 Exceeds 450 Million Commercial Paid SeatsJanuary 30, 2026 7:00 am-Microsoft FY26 Q2 results included a new figure for Microsoft 365 commercial paid seats: "over 450 million." Seats are growing at a consistent 6% year-over-year rate, and the June 2026 increases will mean an extra $10 billion or so revenue. In other news, we learned that Microsoft 365 Copilot has 15 million paid seats, or roughly 3.33% of the Microsoft 365 installed base.
Microsoft Delays Retirement of Basic Authentication for SMTP AUTHJanuary 29, 2026 7:00 am-Microsoft has delayed the retirement of basic authentication for the SMTP AUTH client submissions protocol to 2027 or beyond. New tenants will be the first to be blocked and Microsoft will disable basic authentication for SMTP AUTH in a way that existing tenants can reenable the protocol. Eventually, we’ll get a date for final retirement sometime in 2027. These things take time!
How to Control Access to Entra Multi-Tenant AppsJanuary 28, 2026 7:00 am-Entra multi-tenant applications can be used by any tenant - unless you restrict sign-in audiences to permit only specific tenants to use the application. In this article, we explain the preview feature and use the Microsoft Graph PowerShell SDK to restrict sign-in audiences by defining a list of permitted tenant identifiers in the properties of multi-tenant applications.
Using the Exchange Online Message Trace APIJanuary 27, 2026 7:00 am-January 22 saw the announcement of the beta version of an Exchange Online Graph-based message trace API. The API can retrieve message trace records and their details and offers equivalent functionality to the message trace cmdlets in the Exchange Online management PowerShell module. However, sometimes applications simply want to access data without going through a module, and that’s what this API delivers.
Teams Revamps Premium LicensingJanuary 26, 2026 7:00 am-Microsoft announced a set of Teams licensing changes to take effect in April 2026. The changes affect devices, Microsoft Places, and Teams events. Webinars and Teams town halls will be easier to manage without Teams Premium licenses, and organizations will be able to buy capacity packs to host events for up to 100,000 participants. The changes will leave some Microsoft 365 tenants cold while others will be delighted.
Teams Integrates Viva Engage CommunitiesJanuary 23, 2026 7:00 am-A new integration with Viva Engage is available for Teams. The integration adds communities to the Teams navigation bar. It’s kind of odd when a separate highly functional Communities app exists. It’s unclear who is demanding another point of integration between Viva Engage and Teams. The suspicion is that this work is due to internal politics rather than to facilitate better collaboration.
Automating Microsoft 365 with PowerShell Update 20January 22, 2026 7:00 am-Monthly update #20 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download the updated EPUB and PDF files. Like any monthly update, #20 includes a mixture of new information, revisions, and even some bug fixes (changes to text or examples). Meantime, assembly clashes continue to be a bugbear for Microsoft 365 PowerShell modules. Microsoft should fix this problem!
Generate a Weekly Report of Role AssignmentsJanuary 21, 2026 7:00 am-This article explores how to use Entra ID audit records to create a weekly report about role assignment additions and deletions. After deciphering the information contained in the audit records, it’s easy to generate a report showing who made the assignments and if any critical role assignments are in the mix. We can then email the report to interested parties, all with some relatively simple PowerShell.
Synchronizing Security and Microsoft 365 Group MembershipsJanuary 20, 2026 7:00 am-An article from 2018 uses the AzureAD and Exchange PowerShell modules to synchronize membership between a security and a Microsoft 365 group. The idea is to enable collaboration for the members of the security group. This version does the work with the Microsoft Graph PowerShell SDK. The code is better and it will work as an Azure Automation runbook, which is always nice.
How to Create SharePoint Sites with the Graph APIJanuary 19, 2026 7:00 am-Microsoft released the beta version of the SharePoint Online create Site API for the Microsoft Graph in late November 2025. Since then, Microsoft has dropped one of the three site templates. Playing with the API, we’ve discovered that the API can certainly create sites but that the SharePoint Graph API misses a heap of features, like adding members to the new site. Oh well, one step forward…
Some Microsoft Graph PowerShell SDK Cmdlets Lose Body ParametersJanuary 16, 2026 7:00 am-A change made for some Directory Graph APIs has flowed through to the Microsoft Graph PowerShell SDK and affected how the associated cmdlets work, including the beta cmdlet to restore a deleted user account and while replacing the user principal name. Fortunately, the workaround is easy, but it is upsetting when something that worked suddenly doesn’t, even if it is a beta cmdlet.
Purview eDiscovery Simplifies Content Searches in February 2026January 15, 2026 7:00 am-As part of the modernization of the Purview eDiscovery solution, Microsoft will simplify the content searches UX in February 2026 to remove features that are inappropriate for the way that content searches are intended to be used. The change is logical and reasonable because you should use a full eDiscovery case to access all the eDiscovery functionality.
Teams External Collaboration Administrator Role ArrivesJanuary 14, 2026 7:00 am-A new Entra ID role is coming. The Teams External Collaboration administrator role allows users to manage external collaboration settings. Quite how often Microsoft 365 tenants need to manage these settings is unknown, but it’s a useful prompt to review the current set of roles used and users who are members of those roles. Time for an annual clean-up.
SharePoint Online Site Administrators Can Now Control Restricted Content DiscoveryJanuary 13, 2026 7:02 am-Restricted Content Discovery (RCD) is a feature that blocks access by Microsoft 365 Copilot and agents to the files stored in a SharePoint Online site. Instead of relying on tenant administrators, site administrators can now enable or disable RCD. It’s a natural evolution of what is an essential feature to keep sensitive and confidential information being leaked inadvertently by AI.
The Channel Agent Brings AI Interactions to Teams ChannelsJanuary 12, 2026 7:00 am-Chat and meetings have their agents, and now the Teams channel agent is available to help members understand what happens inside channels. Like any AI agent given limited sets of data to reason over, the channel agent does a good job of finding nuggets hidden in conversations. The issue is that the channel agent doesn’t currently work for channels that have external members, like guest accounts. That’s a big downside.
Entra ID Rationalizes Session Revocation for User AccountsJanuary 9, 2026 7:00 am-Microsoft is rationalizing the options to revoke sessions for a user account in the Entra admin center by removing an old revoke MFA sessions button. That seems like a perfectly reasonable thing to do. When administrators want to revoke sessions for an account, the best way is to create a PowerShell script to perform the necessary steps. That way you don’t need to worry about buttons.
Microsoft Cancels Exchange Mailbox External Recipient Rate LimitJanuary 8, 2026 7:00 am-After considering customer feedback, Microsoft cancelled the mailbox external recipient rate limit for Exchange Online. The idea behind the new limit was simple – it makes life more difficult for spammers to use Exchange Online as a platform. Unhappily, customers didn’t like losing the ability to send relatively small amounts of external email for different reasons. C'est la vie.
Teams Delivers a Slack Migration ToolJanuary 7, 2026 7:00 am-Microsoft announced the availability of a Slack to Teams migration tool in the Microsoft 365 admin center. The new tool exists to assist the 79 million monthly active users of Slack who might want to move to Teams and don’t know how to get there. ISVs have been helping people move from Slack to Teams for years, so other migration options exist.
A Quick Look at Purview Data Security InvestigationsJanuary 6, 2026 7:00 am-During the quiet holiday period, I tested the new Purview Data Security Investigations (DSI) solution, which seems to be put together from bits of Microsoft 365 together with Security Copilot and some generative AI. Assembling new solutions from existing components makes sense because it reduces engineering effort. Without real data, it's hard to know how effective DSI is, but the cost of an investigation came as a real surprise.
SharePoint Online Dumps Legacy Compliance FeaturesJanuary 5, 2026 7:00 am-MC1211579 (3 January 2026) announces the retirement of four legacy SharePoint compliance features in favor of Purview Data Lifecycle management and Records management. It’s always unsurprising when Microsoft chooses to remove old features developed for on-premises and replaces them with better online options, which is exactly what’s happening here. Some tenants might face additional licensing requirements for Purview.
Teams Admin Center Simplifies External CollaborationJanuary 2, 2026 7:00 am-Microsoft is rolling out a UX update for the Teams admin center to make it easier to manage external collaboration settings. The new UX doesn’t introduce any new features. Instead, its goal is to hide some of the policies and settings complexity that sometimes afflicts the Teams application. It’s a good change, even if it probably won’t make much difference.
January 2026 Update for Office 365 for IT ProsJanuary 1, 2026 7:00 am-Monthly Update #127 for the Office 365 for IT Pros eBook (2026 edition) is now available for current subscribers to download from Gumroad.com. In this note, we explore some of the options the writing team is considering for the next edition of the book. Microsoft 365 doesn’t stop changing, so it makes sense for the best Microsoft 365 book available today to change to reflect new developments.
Training People to Use Microsoft 365 Copilot EffectivelyDecember 31, 2025 7:00 am-A LinkedIn post explained how the UK Revenue and Customs authority train 30,000 people to use Microsoft 365 Copilot effectively. It’s a reminder that introducing complex software to a user community takes careful planning and support, including the provision of well-planned training to help people exploit the new software as quickly as possible. Otherwise, some of those expensive licenses might be wasted.
The Exchange EnforcedTimestamps Mailbox PropertyDecember 30, 2025 7:00 am-While examining mailbox properties, I noticed that the EnforcedTimeStamps property held some information that I just couldn't explain. Google search was no help, but Microsoft Copilot told me that the information related to the management of compliance holds. Basically, the data are guardrails to help the Managed Folder Assistant do the right thing, which is nice, even if no documentation exists.
How to Report DLP AlertsDecember 29, 2025 7:00 am-MC1169572 announces that administrators can add classifications to DLP alerts to help with reporting. But how do you report DLP alerts? As it turns out, it’s relatively easy to retrieve DLP alerts via the Microsoft Graph Security API. Using the Get-MgSecurityAlertV2 cmdlet from the Microsoft Graph PowerShell SDK makes it even easier to find and report the data.
Microsoft Graph PowerShell SDK V2.34 Makes WAM the DefaultDecember 23, 2025 7:00 am-The Web Account Manager (WAM) authentication broker becomes the default method for handling interactive Microsoft Graph PowerShell SDK connections from V2.34 onwards. The rapid release of a new version (V2.33 appeared 12 days beforehand) is usually a sign of a big problem, but in this case the reason is more likely to be a security vulnerability that’s just come to light. We’ll find out after the holidays.
Automating Microsoft 365 with PowerShell Update 19December 22, 2025 7:00 am-Update #19 of the Automating Microsoft 365 with PowerShell eBook is now available. Subscribers can download the updated PDF and EPUB files from Gumroad.com. A paperback version is also available, but we can’t update the print characters. In any case, a new SharePoint create Site API is in beta, and a new version of the Microsoft Graph PowerShell SDK is available. Both have their moments, as we discuss here.
Microsoft Tenant-to-Tenant Migration OrchestratorDecember 19, 2025 7:00 am-Microsoft has launched a tenant-to-tenant migration orchestrator solution in public preview to migrate mailboxes, OneDrive accounts, and Teams chat between tenants. ISVs have been active in the T2T space for a long time. They probably won’t welcome the new Microsoft offering, but at least the migration orchestrator legitimizes the concept of tenant-to-tenant migration.
Removing Retention Holds from Exchange MailboxesDecember 18, 2025 7:00 am-A new Exchange Online feature allows administrators to remove multiple types of holds from mailboxes (usually inactive mailboxes). It’s a great way to release holds that might be keeping inactive mailboxes lingering in a tenant. The feature doesn’t remove holds used to retain items required for eDiscovery or other compliance purposes. Even so, this is definitely a feature that needs to be carefully tested.
SharePoint Online Expands Version Expiration for Audio and Video FilesDecember 17, 2025 7:00 am-Microsoft is launching version expiration policies in SharePoint Online for audio and video files. The approach is the same as used for intelligent versioning of Office files stored in SharePoint Online and OneDrive for Business and can be configured at the tenant, site, and document library level. If your tenant uses Clipchamp, this could be a way to save expensive SharePoint storage.
Old Versions of Exchange ActiveSync Clients Get the BulletDecember 16, 2025 7:00 am-Exchange Online will require email clients to use Exchange ActiveSync (EAS) V16.1 to connect from March 1, 2026. Email clients that use older versions of EAS won’t be able to synchronize with Exchange Online to upload outbound messages or download messages, attachments, and calendar items. There should be relatively few clients using an old version of EAS, but it’s wise to check.
Microsoft Baseline Security Mode Rolls OutDecember 15, 2025 7:00 am-Microsoft has released a set of security benchmark recommendations for Microsoft 365 tenants that it calls baseline security mode. The recommendations cover authentication, file access, and Teams and the idea is that these are settings that Microsoft believes have proven their value over the years. The only criticism that you might have is about the potential clash for conditional access policies, but that’s not serious.
Microsoft to Enable Anthrophic Models by DefaultDecember 12, 2025 7:00 am-After the fuss around the initial introduction of the Anthrophic models into Microsoft 365 in September, we learn that Microsoft will enable access for all in January 2026. It would have been so much better had Microsoft said that they were working on the data protection arrangements with Anthrophic, but that didn’t happen. Is all well now? We’ll see in January…
Testing the MCP Server for EnterpriseDecember 11, 2025 7:00 am-The MCP Server for Enterprise is one of a set of preview servers released by Microsoft to show how MCP servers can help Microsoft 365 tenants get real work done. I’m sure things will improve, but the current state of the preview is that it can do a splendid job to answer simple questions, but once things get more complex, don’t depend on any of the PowerShell code the server generates.
Teams Messaging Gets AutocorrectDecember 10, 2025 7:00 am-The addition of Autocorrect for messaging is a small but important change for Teams messaging brings Teams up to speed with the other Office applications. It’s taken Teams a little longer than it perhaps should have to support Autocorrect and the implementation is not as functional as it is in Outlook, but that’s not a reason to overlook the update.
Checking Where Tenant Users Go as GuestsDecember 9, 2025 7:00 am-After all the fuss about Teams users inviting people to chat via email, tenant administrators realize that knowing where users are active as guest accounts is not as easy as it might seem. Part of the problem is that data about user activity is mostly controlled by host rather than home tenants. However, it’s possible to extract some information from audit sign-in logs to figure out where tenant users go as guests.
Microsoft Increases Office 365 and Microsoft 365 License PricesDecember 8, 2025 7:00 am-Customers will see their bills increase from July 1, 2026, when Microsoft 365 pricing increases go into effect, adding up to $3/month for licenses. This is the first increase since March 2022, and it moves the baseline Office 365 E3 license to $26/month and Microsoft 365 E5 to $60/month. Microsoft justifies the increases based on the functionality and apps it delivers. Time for a licensing review!
Microsoft Blocks EWS Access for Kiosk UsersDecember 5, 2025 7:00 am-A December 2 announcement says that Exchange Online will block access to Exchange Web Services for users with kiosk or frontline worker licenses from June 2026. In fact, the Exchange Online service description has always excluded EWS access for these licenses, but the necessary code to enforce the exclusion was never implemented. It will be in March. Time to check licenses...
Journey to Passwordless Authentication Might Include Some BumpsDecember 4, 2025 7:00 am-Microsoft recommends passwordless authentication to help secure Microsoft 365 tenants. The latest is synced passkeys, something that apparently leads to “syncability,” whatever that might mean. In any case, after some struggles, I managed to enable synched passkeys for my iPhone and then started to consider how to remediate user accounts that are flagged with a high-risk (compromised) status when they can’t simply update their password.
Talking Microsoft 365 Compliance at the European SharePoint ConferenceDecember 3, 2025 7:00 am-Paul Robichaux and I led a session about Microsoft 365 Compliance at the European SharePoint Conference in Dublin on December 2, 2025. During the session, we discussed how intelligent versioning works and its value in saving storage, priority cleanup and its ability to delete files even if the files are under retention hold, and the recent revamp of the Purview eDiscovery solution. We were thrilled at the attendance. Here’s what happened.
App-Only Authentication for SharePoint Online PowerShellDecember 2, 2025 7:00 am-The latest versions of the SharePoint Online PowerShell module support app-only authentication (certificate-based authentication) for the Connect-SPOService cmdlet. In other words, applications can now connect to SharePoint Online to run administrative cmdlets by presenting a registered Entra ID app and an X.509 certificate instead of the credentials for a human SharePoint administrator. It’s a good change, even if I still prefer using the Graph APIs for SharePoint automation.
Office 365 for IT Pros December 2025 UpdateDecember 1, 2025 7:00 am-The Office 3675 for IT Pros team is happy to announce that the files for update #126 are available for subscribers to download from Gumroad.com. The paperback edition of the PowerShell book has also been refreshed. Updated PDF and EPUB files are available for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks. Happy reading!
Checking the Effectiveness of a Transport Rule to Block Spammy EmailNovember 26, 2025 7:00 am-Some weeks ago, I wrote about using a transport rule to suppress spammy email by sending the messages to the quarantine. But what’s the best way to check the rule's effect? One method is to use the transport rule report PowerShell cmdlet to check for the actions you expect the rule to perform. Once information is found, it’s a matter of slicing and dicing the data.
How to Check if Shared Mailboxes Need MDO LicensesNovember 25, 2025 7:00 am-Shared mailboxes might need Microsoft Defender for Office 365 licenses, but how do you identify how many licenses? We use PowerShell to do the job by analyzing external email sent to shared mailboxes. If a mailbox receives external email, then by definition the mailbox receives benefit from MDO, and that’s the test for requiring a license.
Teams Messaging Gains New ProtectionsNovember 24, 2025 7:00 am-Teams now includes weaponized file protection and malicious URL protection to make sure that people don't share bad files or URLs in chats or channel conversations. Given that a user can post a message to up to 50 channels at one time, it obviously makes a heap of sense to check that any files or URLs that people share in chat or channel conversations are safe and not malicious.
Automating Microsoft 365 with PowerShell December 2025 UpdateNovember 21, 2025 7:00 am-The December 2025 update (version 18) of the Automating Microsoft 365 with PowerShell eBook is now available to download. Current subscribers can fetch the updated EPUB and PDF files from Gumroad.com using the link in their account (or receipt), but we can’t do much for the paperback edition except consider using scissors, paste, and Tippex, just like the old days.
Purview Launches New DLP Policy to Control Copilot PromptsNovember 20, 2025 7:00 am-A new DLP policy for Copilot prompts monitors blocked sensitive information types like credit card numbers to stop their use in Copilot prompts. The new policy can’t be combined with the existing DLP policy for Copilot, which checks for files with specific sensitivity labels to prevent Copilot from using their content in its responses. But that’s OK because the two policies do very different work.
Microsoft 365 Announcements at Ignite 2025November 19, 2025 7:00 am-The Ignite 2025 keynote was a marathon 150-minute event, but some interesting Microsoft 365 announcements emerged, mostly centered on AI. Microsoft is obviously focused on making AI and agents a very real part of tenant activities, so there’s new agent management and a repository among other things that will roll out in the year ahead.
Microsoft Launches Preview of Exchange Admin APINovember 18, 2025 7:00 am-Microsoft launched the preview of the Exchange Admin API on November 17. The new API is intended to close known feature gaps that exist in the Graph APIs and allow developers to migrate from EWS before Microsoft retires EWS in October 2026. Think of the Exchange Admin API as a discardable time-limited API that allows clients to submit cmdlets for processing. It’s certainly one way to approach the EWS problem!
Removing Inactive Entra ID User Accounts with PowerShellNovember 17, 2025 7:00 am-The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts. Sounds good, but the same can be done with PowerShell if you want to avoid the cost of Entra ID Governance licenses or want to create a bespoke workflow that’s better suited to the business needs of the organization. Azure Automation would be a good way to process this workflow.
Copilot’s Temporary ChatNovember 14, 2025 7:00 am-A temporary chat with Microsoft 365 Copilot is one that forgets everything discussed in the conversation once the chat is over. The idea is that by leaving no trace, Copilot won’t recycle the ideas discussed in the chat later. Copilot absolutely discards the chat thread, but those pesky compliance records remain behind, ready for eDiscovery and other compliance investigations.
Microsoft Makes Another Change to Teams Channel Email Storage LocationNovember 13, 2025 7:00 am-In January 2025, Microsoft changed the SharePoint folder location to store copies of the email sent to Teams channels. Apparently, this update improved security, but it’s unclear exactly how the improvement comes about unless through obscurity. In any case, we missed this change completely and are publishing this note to remind everyone else of the importance of reading message center posts.
Auditing Claude Usage with the Copilot Researcher AgentNovember 12, 2025 7:02 am-The question was asked if it was possible to identify use of the Claude LLM by the Copilot Researcher Agent. Audit records often help, so that's the natural location to check. As it turns out, some information is captured when the Researcher agent is used, but figuring out if the agent uses the default ChatGPT-5 or Claude LLMs is a matter of intuition (or guesswork).
A Brief History of Soft-Deleted Entra ID GroupsNovember 11, 2025 7:00 am-Entra ID has long supported soft-deleted Microsoft 365 Groups. Now support is available to list and restore soft-deleted security groups in both the Entra admin center and cmdlets from the Microsoft Graph PowerShell SDK. The update is very welcome as it fixes a big recovery gap in the Entra ID story. Too many important security groups have been deleted in error, much to the chagrin of administrators.
Teams Gains Ability to Start Chat with Email AddressNovember 10, 2025 7:00 am-A new Teams feature allows users to initiate chats with any email address. This caused some commotion in the security community, but it's not that bad. In fact, it’s an extension of existing functionality that allows Teams users to chat with guest accounts. All that’s happening is that initiating a chat causes a new guest account to be created in the tenant, and there’s lots of controls to make sure that guests are controlled.
Reporting the Use of Emojis in Teams ReactionsNovember 7, 2025 7:00 am-This article explains how to use PowerShell to extract audit data to analyze the use of emojis as Teams reactions to chat and channel messages. This is not an exercise that leads to any great business value, but it’s a good way to show the sometimes surprising data that can be extracted from audit records.
Version 1.5 of the Microsoft 365 User Password and Authentication ReportNovember 6, 2025 7:00 am-The Microsoft 365 User Passwords and Authentication report now includes the last used date for authentication methods (when available). The new data is available through the Graph beta API for listing authentication methods and the equivalent Graph PowerShell SDK cmdlet. Another change that might break scripts is a new way to expose the created date for authentication methods. The changing sands of Graph programming...
Microsoft 365 Companion Apps Fail to ImpressNovember 5, 2025 7:00 am-Microsoft 365 Companion Apps are being deployed to Windows 11 PCs now. The apps don't seem to add much if any value over standard Microsoft 365 apps like Outlook and OneDrive. With that thought in mind, we move to unclutter PCs by either blocking the installation of the companion apps or stopping the apps starting up to take over valuable toolbar space.
Microsoft Won’t Dump Outlook for a New AI ClientNovember 4, 2025 7:00 am-A recent report says that new Microsoft leadership wants to reimagine Outlook with lots of many AI features to make the client much more of an effective assistant. While this might be true, it doesn't mean that New Outlook is dead. However, there’s a bunch of uninformed commentary out there alleging that Microsoft will change course dramatically. I think there is little chance that this will happen.
Office 365 for IT Pros November 2025 UpdateNovember 3, 2025 7:00 am-The Office 365 for IT Pros Team is happy to announce the availability of the November 2025 update. Subscribers can download the PDF and EPUB files for update #125 from Gumroad.com. In other news, we consider the lack of information provided at the Microsoft FY26 Q1 results and the quality of some reports that find their way onto the internet.
Microsoft Issues Updated Guidance for Defender for Office 365 LicensingOctober 31, 2025 7:00 am-Some inconsistencies in the MDO P2 service description and licensing terms exposed a need for tenants to license every user and shared mailboxes. Microsoft has changed the service description and licensing terms to make them simpler. Mailboxes still need MDO licenses, but only if they benefit from MDO protection, including MDO P2 if that’s what they use. Tenant admins have some extra work to do to deploy policies. All explained here.
Using the SharePoint Site Attestation PolicyOctober 30, 2025 7:00 am-The site attestation policy is designed to require site owners to make a positive statement that the settings of their site, including its current membership, are accurate. The idea is that requiring site owners to attest that their site is still needed will force people to decide whether sites are still in active use and should be kept online. If not, the policy can move the sites into Microsoft 365 Archive.
Modernizing Sensitivity Label Grouping for App DisplayOctober 29, 2025 7:00 am-Microsoft announced the modernization of grouping for sensitivity labels to a new "dynamic architecture." It doesn't take much to be more dynamic than the previous parent-child arrangement. Even if the announcement is a tad overhyped, it’s still goodness because administrators can now move labels between label groups in a way that wasn’t possible before. The new way of displaying labels should be everywhere in December 2025.
Auto-Updating Teams Work Location is Not Employee MonitoringOctober 28, 2025 7:00 am-As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about the prospect that managers would keep an eye on employees based on their location. Of course, this is all rubbish. The update automates an existing feature that no sane manager would use to monitor employees.
Stealing Access Token Secrets from Teams is Hard Unless a Workstation is CompromisedOctober 27, 2025 7:00 am-Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use those tokens with the Graph API. Is this important? It could be if attackers manage to gain access to a workstation, but at that point you’ve got other problems, and maybe using code to decrypt some tokens is the least of your troubles.
Allowing Users to Add Enterprise Apps to Entra ID is a Bad IdeaOctober 24, 2025 7:00 am-Enterprise apps can come from a variety of sources. Most are Microsoft 1st party apps, and the rest are ISV apps. It's easy to add an app without really intending to, which is a good reason to force users through the Entra ID app consent workflow when they want to add an app. Unhappily, I failed the test and added an app in a moment of weakness. Here’s what happened.
Updating the Entra ID Password Protection Policy with the Microsoft Graph PowerShell SDKOctober 23, 2025 7:00 am-The Entra ID password protection policy contains settings that affect how tenants deal with passwords. Entra ID includes a default policy that doesn’t require additional licenses. Creating a custom password protection policy requires tenant users to have Entra P1 licenses. As explained in this article, once the licensing issue is solved, it’s easy to update the policy settings with PowerShell.
Important Change Coming for Entra ID Passkeys in November 2025October 22, 2025 7:00 am-Entra ID is about to introduce passkey profiles, a more granular approach to passkey settings. The change is good, but you might like to check the current passkey settings to make sure that the values inherited by the new default passkey profile behave the way that you want. In particular, check attestation enforcement to make sure that the right kind of passkeys are used.
Automating Microsoft 365 with PowerShell November 2025 UpdateOctober 21, 2025 7:00 am-The November 2025 update for the Automating Microsoft 365 with PowerShell eBook is available online. Subscribers can download the new PDF and EPUB files from their Gumroad account. As always, the update features a mixture of new and updated information, some corrections, and removal of obsolete information. Look no further for guidance about using PowerShell with the Graph APIs to interact with Microsoft 365 data!
New Audio-Only Recording Option for Teams MeetingsOctober 20, 2025 7:00 am-A new audio-only recording option for Teams meeting suppresses the video feed from meeting participants when generating the MP4 file for the meeting recording. The idea is to better preserve user privacy during recording playbacks. Few will miss the video stream because the audio is usually more important. The audio is also the basis for the meeting transcript, and that leads to AI-generated outputs like meetings summaries and action items.
Outlook Gets AI Drafting of Meeting AgendasOctober 17, 2025 7:00 am-Agenda auto-draft is a new feature for OWA and the new Outlook to help meeting organizers create a draft meeting agenda using AI. The Copilot-generated draft agenda contains an introduction and some bullet points created from the meeting subject. It’s not a make or break feature for Microsoft 365 Copilot. Some will like it, if they discover how to use agenda auto-draft.
Using the Secret Management PowerShell Module with Azure Key Vault and Azure AutomationOctober 16, 2025 7:00 am-If you can't use managed identities, credential resources are a way to manage username and password credentials for Azure Automation runbooks. The Secret Management module is an alternative, and it’s a good option to manage credentials that are shared between interactive scripts and automation runbooks. This article describes how to use the Secret Management PowerShell module to fetch credentials stored in Azure Key Vault for use in an automation runbook.
The My Sign-Ins Portal, Applications, and Conditional AccessOctober 15, 2025 7:00 am-A recent change has exposed the applications used by the My Sign-ins portal for use in conditional access policies. This article discusses the app-centric nature of Microsoft 365 and Entra ID and why it’s important that the newly-revealed set of applications are available for conditional access processing, just in case the Entra ID agents planned by Microsoft can't optimize your policies.
Changing the Offline Access Period for Sensitivity LabelsOctober 14, 2025 7:00 am-One of the settings for sensitivity labels governs how long items protected by a label remain accessible (including offline access) before reauthentication. The default is 30 days, which is a good balance between security and avoiding users having to constantly reauthenticate to open protected messages and files. If necessary, tenant administrators can change the validity period to be anything from 0 to 65535 days.
ChatGPT Enterprise Connects to SharePoint OnlineOctober 13, 2025 7:00 am-OpenAI has launched a ChatGPT enterprise SharePoint Connector that allows organizations to synchronize files from SharePoint Online to ChatGPT. I could never understand why Microsoft 365 tenants allowed users to upload individual files from SharePoint or OneDrive to ChatGPT for processing. Using a connector to synchronize entire sites to ChatGPT makes even less sense, especially from a compliance perspective. I must be missing something!
SharePoint Online Drops One Time Passcodes for External Access March 6, 2026 7:59 am - From July 2026. SharePoint Online and OneDrive for Business will use Entra B2B Collaboration (guest accounts) to control external access to shared files. This change has been coming since 2021, but it takes time for organizations to get their heads around changing the way to grant external access. It’s time to embrace guest accounts, and that means doing some work to manage guest accounts on an ongoing basis.
Measuring KPIs like Response Times for Shared Mailboxes March 5, 2026 7:00 am - Shared mailboxes are not CRM systems. However, many Microsoft 365 tenants use shared mailboxes to handle customer queries and then want to measure KPIs such as agent responsiveness to customer queries or the number of queries handled per agent in a month. As explored in this article, it’s possible to use the Microsoft Graph to extract some KPI-like data from shared mailboxes. 
How to Test a File Against DLP Sensitive Information Types March 4, 2026 7:00 am - Sensitive Information types (SITs) are definitions of data like credit card numbers used by DLP rules to detect potential external sharing violations. Knowing what SIT to use in a DLP rule is often difficult, which is why the Purview developers have added a test option to allow tenants to test files against individual SITs or all SITs to see what happens.
Microsoft Celebrates SharePoint 25th Anniversary with Announcements March 3, 2026 7:00 am - Microsoft celebrated the 25th anniversary of SharePoint with a batch of announcements, including AI in SharePoint, intended to help administrators to manage all aspects of SharePoint Online through natural language. Other interesting announcements included department-level payments for Microsoft 365 Backup and the renaming of the Connections app in Teams as the SharePoint app. Well, the last wasn't that interesting...
March 2026 Update for Office 365 for IT Pros March 2, 2026 7:00 am - We've released monthly update #129 for the Office 365 for IT Pros eBook. Current subscribers can download the EPUB and PDF files from gumroad.com. This month we reflect on the 25th anniversary of the release of SharePoint Portal Server 2001 and the 30th anniversary of Exchange Server V4.0. Both servers have experienced great success online and on-premises. Long may they continue!
Planner’s Newly Redesigned Interface February 27, 2026 7:00 am - Microsoft has launched a redesigned user interface for the Planner app. The big news is the inclusion of task chat. Goals are also available, but only to people with a Microsoft 365 Copilot or Planner Premium licenses. Task Chat is a nice feature, and I am sure that it will be popular. UX redesigns often disappoint. At least this one offers new features.
Extending Protection for Confidential SharePoint Online Files February 26, 2026 7:00 am - Sensitivity labels offer great protection against unauthorized access, but sometimes files that aren't encrypted escape from a document library. SharePoint Online can now use sensitivity labels configured with user defined permissions (UDP) to extend protection to downloaded files. The magic works by configuring permissions on download based on the membership of the user who downloads a file.
How to Use Scoped Graph Permissions with SharePoint Lists February 25, 2026 7:00 am - This article explains how to use scoped Graph permissions to restrict app access to lists and list items in SharePoint Online and OneDrive for Business sites. It's a follow-up to other articles covering how to restrict app access to SharePoint Online sites and files. Scoping app access to specific objects is important because otherwise apps can access everything in SharePoint Online, and that isn't good.
Microsoft Extends DLP Policy for Copilot Protection to All Storage Locations February 24, 2026 7:00 am - Microsoft has enhanced the DLP policy for Copilot to cover Office files held in any storage location instead of only Microsoft 365 locations like SharePoint Online and OneDrive for Business. The change is made in the Office augmentation loop, a little-known internal component that coordinates use of connected experiences by apps. Extending the DLP policy to cover all locations makes perfect sense.
Update #21 for Automating Microsoft 365 with PowerShell February 23, 2026 7:00 am - Update #21 for the Automating Microsoft 365 with PowerShell eBook is now available for current subscribers to download from Gumroad.com. Refreshed PDF and EPUB files are available and the paperback version available from Amazon.com is also updated. Automating Microsoft 365 with PowerShell is packed with practical ready-to-use examples of working with apps, sites, mailboxes, teams, plans, and other data. Every Microsoft 365 administrator should have this book!
Microsoft Takes Aim at ChatGPT February 20, 2026 7:00 am - Microsoft would very much like Microsoft 365 tenants to use Copilot instead of ChatGPT. A recent comparison between Copilot and ChatGPT outlines some areas that Microsoft thinks are important when deciding which AI tool to use. Microsoft has a point because Copilot is embedded into Microsoft 365 whereas ChatGPT is more of an add-on. The competition for hearts and minds is very intense in the AI space.
Using Dev Proxy with the Microsoft Graph PowerShell SDK February 19, 2026 7:00 am - Dev Proxy is a Microsoft tool built to help developers figure out the most effective way of using Microsoft Graph API requests. On the surface, Dev Proxy doesn’t seem like a tool that would interest people who use the Microsoft Graph PowerShell SDK to write scripts for Microsoft 365. But all tools have some use, and Dev Proxy can help.
How to Use Scoped Graph Permissions to Access SharePoint Files February 18, 2026 7:00 am - Scoped permissions grant apps granular access to files and folders in SharePoint Online and OneDrive for Business sites using the Files.SelectedOperations.Selected Graph permission. The permission allows apps to access specific files or all the files in a folder. It’s a great way to make sure that apps don’t have unfettered access to confidential documents. Not that any app would try to have that kind of access…
Primer: Use RBAC for Applications to Control App Use of the Mail.Send Permission February 17, 2026 7:00 am - The temptation to use the Mail.Send application permission in scripts can lead PowerShell developers into trouble because the permission allows access to all mailboxes, including sensitive executive and financial mailboxes. Fortunately, RBAC for Applications allows tenants to control the access that apps have to mailboxes and other Exchange content. All explained here with an example script to test RBAC of Applications.
Exchange Online PowerShell Dumps the Credential Parameter February 16, 2026 7:00 am - On February 12, Microsoft announced the deprecation of the Credential parameter for the Connect-ExchangeOnline cmdlet in the Exchange Online PowerShell module. The deprecation won’t affect interactive sessions (which should all be protected by MFA), but it might stop some background jobs running when Microsoft retires the server components that currently support the ROPC authentication flow. Time to check scripts!
Code Error Allowed Copilot Chat to Expose Confidential Information February 13, 2026 7:00 am - A code error allowed Copilot Chat to expose confidential email. Microsoft is fixing the problem, but it’s a reminder of how AI can expose information of Microsoft 365 tenants don’t use available features to restrict AI access. Those features need to be configured and deployed, but that doesn’t take much effort. It’s better than users complaining when Copilot exposes their most secret thoughts.
New Outlook Gets Smarter DLP February 12, 2026 7:00 am - The news that the new Outlook client will support custom oversharing dialogs for DLP policies might not seem very interesting, but it provoked me to look more closely into how to build and deploy custom oversharing dialogs. All it takes is some well-structured JSON and an update to DLP rules, and the classic and Monarch Outlook clients should display custom tenant instructions to anyone who violates DLP rules.
Deactivating an Entra ID Application February 11, 2026 7:00 am - This article explores how to deactivate applications (aka disable apps) in Entra ID. Everything is done through PowerShell and the Microsoft Graph PowerShell SDK because the feature isn’t currently available in the Entra admin center. We’ve even included a fully functional example script to show you how the process works. Feel free to fix or enhance our code in GitHub!
Maester and UTCM Are Complementary Tools for Microsoft 365 Tenant Management February 10, 2026 7:00 am - Since the release of the preview version of the UTCM solution, some have asked if UTCM will replace the Maester tool. The answer is no. The tools are complementary and both are very useful to Microsoft 365 tenant management. Maester is a community-driven reporting tool that highlights inconsistencies between external and Microsoft baselines. UTCM focuses on setting drift that can occur in workload configurations. Both have their own niche.
How to Report Adaptive Scope Membership February 9, 2026 7:00 am - The Get-AdaptiveScopeMembers cmdlet reveals details of adaptive scope membership to make it possible to report this information programmatically. The task is not as simple as you might imagine. Summary records must be separated from member records, which can reflect add or remove operations. And there’s the question of pagination for large adaptive scope. All explained here with a PowerShell script to help.
The Final Countdown to Remove EWS from Exchange Online Begins February 6, 2026 7:00 am - Microsoft announced the dates leading to the final retirement of Exchange Web Services from Exchange Online. If all goes well, the EWS retirement in the cloud will happen by May 2027. Challenges still exist. Microsoft must remove EWS from its own apps, including Outlook, and help tenants and ISVs make the leap to Graph APIs. Plans are in place and progress is being made, but will everyone be ready when Microsoft removes EWS permanently from Exchange Online in April 2027?
Microsoft Previews userConfiguration Graph API February 5, 2026 7:00 am - A new userConfiguration API is available to retrieve data from Folder Associated Items (FAIs) in Exchange mailboxes. The new Graph API is part of the EWS migration project and is intended to allow application developers to migrate EWS code that updates FAIs with Graph equivalents. Most Microsoft 365 tenants will never use this API, but it's nice to know how things work.
PAYG Services Like Purview DSI Can Rack Up Large Charges February 4, 2026 7:00 am - Microsoft offers several PAYG services to Microsoft 365 tenants. Data Security Investigations (DSI) is the newest. These services can rack up compute charges to perform processing (in the case of DSI, AI processing of items found in Microsoft 365 sources). If tenants don’t take care, they might end up with big Azure bills. Be aware, prepare, measure, and minimize processing to avoid large charges.
Microsoft Unified Tenant Configuration Management February 3, 2026 7:00 am - Unified Tenant Configuration Management (UTCM) is a new tenant configuration management solution that can monitor changes to over 300 resource types found within Microsoft 365 tenants. Currently accessible via Microsoft Graph beta APIs to all tenants, UTCM offers an alternative to Microsoft DSC and third-party configuration management products. No details are available yet about an admin UX, licensing, or availability.
February 2026 Update for Office 365 for IT Pros February 2, 2026 7:00 am - The February 2026 (update #128) files for the Office 365 for IT Pros (2026 edition) eBook are available for current subscribers to download from Gumroad.com. The Automating Microsoft 365 for PowerShell eBook has also been updated. Like any month, the updates applied to Office 365 for IT Pros make sure that the book stays refreshed and up-to-date with the changing world of Microsoft 365.
Microsoft 365 Exceeds 450 Million Commercial Paid Seats January 30, 2026 7:00 am - Microsoft FY26 Q2 results included a new figure for Microsoft 365 commercial paid seats: "over 450 million." Seats are growing at a consistent 6% year-over-year rate, and the June 2026 increases will mean an extra $10 billion or so revenue. In other news, we learned that Microsoft 365 Copilot has 15 million paid seats, or roughly 3.33% of the Microsoft 365 installed base.
Microsoft Delays Retirement of Basic Authentication for SMTP AUTH January 29, 2026 7:00 am - Microsoft has delayed the retirement of basic authentication for the SMTP AUTH client submissions protocol to 2027 or beyond. New tenants will be the first to be blocked and Microsoft will disable basic authentication for SMTP AUTH in a way that existing tenants can reenable the protocol. Eventually, we’ll get a date for final retirement sometime in 2027. These things take time!
How to Control Access to Entra Multi-Tenant Apps January 28, 2026 7:00 am - Entra multi-tenant applications can be used by any tenant - unless you restrict sign-in audiences to permit only specific tenants to use the application. In this article, we explain the preview feature and use the Microsoft Graph PowerShell SDK to restrict sign-in audiences by defining a list of permitted tenant identifiers in the properties of multi-tenant applications.
Using the Exchange Online Message Trace API January 27, 2026 7:00 am - January 22 saw the announcement of the beta version of an Exchange Online Graph-based message trace API. The API can retrieve message trace records and their details and offers equivalent functionality to the message trace cmdlets in the Exchange Online management PowerShell module. However, sometimes applications simply want to access data without going through a module, and that’s what this API delivers.
Teams Revamps Premium Licensing January 26, 2026 7:00 am - Microsoft announced a set of Teams licensing changes to take effect in April 2026. The changes affect devices, Microsoft Places, and Teams events. Webinars and Teams town halls will be easier to manage without Teams Premium licenses, and organizations will be able to buy capacity packs to host events for up to 100,000 participants. The changes will leave some Microsoft 365 tenants cold while others will be delighted.
Teams Integrates Viva Engage Communities January 23, 2026 7:00 am - A new integration with Viva Engage is available for Teams. The integration adds communities to the Teams navigation bar. It’s kind of odd when a separate highly functional Communities app exists. It’s unclear who is demanding another point of integration between Viva Engage and Teams. The suspicion is that this work is due to internal politics rather than to facilitate better collaboration.
Automating Microsoft 365 with PowerShell Update 20 January 22, 2026 7:00 am - Monthly update #20 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download the updated EPUB and PDF files. Like any monthly update, #20 includes a mixture of new information, revisions, and even some bug fixes (changes to text or examples). Meantime, assembly clashes continue to be a bugbear for Microsoft 365 PowerShell modules. Microsoft should fix this problem!
Generate a Weekly Report of Role Assignments January 21, 2026 7:00 am - This article explores how to use Entra ID audit records to create a weekly report about role assignment additions and deletions. After deciphering the information contained in the audit records, it’s easy to generate a report showing who made the assignments and if any critical role assignments are in the mix. We can then email the report to interested parties, all with some relatively simple PowerShell.
Synchronizing Security and Microsoft 365 Group Memberships January 20, 2026 7:00 am - An article from 2018 uses the AzureAD and Exchange PowerShell modules to synchronize membership between a security and a Microsoft 365 group. The idea is to enable collaboration for the members of the security group. This version does the work with the Microsoft Graph PowerShell SDK. The code is better and it will work as an Azure Automation runbook, which is always nice.
How to Create SharePoint Sites with the Graph API January 19, 2026 7:00 am - Microsoft released the beta version of the SharePoint Online create Site API for the Microsoft Graph in late November 2025. Since then, Microsoft has dropped one of the three site templates. Playing with the API, we’ve discovered that the API can certainly create sites but that the SharePoint Graph API misses a heap of features, like adding members to the new site. Oh well, one step forward…
Some Microsoft Graph PowerShell SDK Cmdlets Lose Body Parameters January 16, 2026 7:00 am - A change made for some Directory Graph APIs has flowed through to the Microsoft Graph PowerShell SDK and affected how the associated cmdlets work, including the beta cmdlet to restore a deleted user account and while replacing the user principal name. Fortunately, the workaround is easy, but it is upsetting when something that worked suddenly doesn’t, even if it is a beta cmdlet.
Purview eDiscovery Simplifies Content Searches in February 2026 January 15, 2026 7:00 am - As part of the modernization of the Purview eDiscovery solution, Microsoft will simplify the content searches UX in February 2026 to remove features that are inappropriate for the way that content searches are intended to be used. The change is logical and reasonable because you should use a full eDiscovery case to access all the eDiscovery functionality.
Teams External Collaboration Administrator Role Arrives January 14, 2026 7:00 am - A new Entra ID role is coming. The Teams External Collaboration administrator role allows users to manage external collaboration settings. Quite how often Microsoft 365 tenants need to manage these settings is unknown, but it’s a useful prompt to review the current set of roles used and users who are members of those roles. Time for an annual clean-up.
SharePoint Online Site Administrators Can Now Control Restricted Content Discovery January 13, 2026 7:02 am - Restricted Content Discovery (RCD) is a feature that blocks access by Microsoft 365 Copilot and agents to the files stored in a SharePoint Online site. Instead of relying on tenant administrators, site administrators can now enable or disable RCD. It’s a natural evolution of what is an essential feature to keep sensitive and confidential information being leaked inadvertently by AI.
The Channel Agent Brings AI Interactions to Teams Channels January 12, 2026 7:00 am - Chat and meetings have their agents, and now the Teams channel agent is available to help members understand what happens inside channels. Like any AI agent given limited sets of data to reason over, the channel agent does a good job of finding nuggets hidden in conversations. The issue is that the channel agent doesn’t currently work for channels that have external members, like guest accounts. That’s a big downside.
Entra ID Rationalizes Session Revocation for User Accounts January 9, 2026 7:00 am - Microsoft is rationalizing the options to revoke sessions for a user account in the Entra admin center by removing an old revoke MFA sessions button. That seems like a perfectly reasonable thing to do. When administrators want to revoke sessions for an account, the best way is to create a PowerShell script to perform the necessary steps. That way you don’t need to worry about buttons.
Microsoft Cancels Exchange Mailbox External Recipient Rate Limit January 8, 2026 7:00 am - After considering customer feedback, Microsoft cancelled the mailbox external recipient rate limit for Exchange Online. The idea behind the new limit was simple – it makes life more difficult for spammers to use Exchange Online as a platform. Unhappily, customers didn’t like losing the ability to send relatively small amounts of external email for different reasons. C'est la vie.
Teams Delivers a Slack Migration Tool January 7, 2026 7:00 am - Microsoft announced the availability of a Slack to Teams migration tool in the Microsoft 365 admin center. The new tool exists to assist the 79 million monthly active users of Slack who might want to move to Teams and don’t know how to get there. ISVs have been helping people move from Slack to Teams for years, so other migration options exist.
A Quick Look at Purview Data Security Investigations January 6, 2026 7:00 am - During the quiet holiday period, I tested the new Purview Data Security Investigations (DSI) solution, which seems to be put together from bits of Microsoft 365 together with Security Copilot and some generative AI. Assembling new solutions from existing components makes sense because it reduces engineering effort. Without real data, it's hard to know how effective DSI is, but the cost of an investigation came as a real surprise.
SharePoint Online Dumps Legacy Compliance Features January 5, 2026 7:00 am - MC1211579 (3 January 2026) announces the retirement of four legacy SharePoint compliance features in favor of Purview Data Lifecycle management and Records management. It’s always unsurprising when Microsoft chooses to remove old features developed for on-premises and replaces them with better online options, which is exactly what’s happening here. Some tenants might face additional licensing requirements for Purview.
Teams Admin Center Simplifies External Collaboration January 2, 2026 7:00 am - Microsoft is rolling out a UX update for the Teams admin center to make it easier to manage external collaboration settings. The new UX doesn’t introduce any new features. Instead, its goal is to hide some of the policies and settings complexity that sometimes afflicts the Teams application. It’s a good change, even if it probably won’t make much difference.
January 2026 Update for Office 365 for IT Pros January 1, 2026 7:00 am - Monthly Update #127 for the Office 365 for IT Pros eBook (2026 edition) is now available for current subscribers to download from Gumroad.com. In this note, we explore some of the options the writing team is considering for the next edition of the book. Microsoft 365 doesn’t stop changing, so it makes sense for the best Microsoft 365 book available today to change to reflect new developments.
Training People to Use Microsoft 365 Copilot Effectively December 31, 2025 7:00 am - A LinkedIn post explained how the UK Revenue and Customs authority train 30,000 people to use Microsoft 365 Copilot effectively. It’s a reminder that introducing complex software to a user community takes careful planning and support, including the provision of well-planned training to help people exploit the new software as quickly as possible. Otherwise, some of those expensive licenses might be wasted.
The Exchange EnforcedTimestamps Mailbox Property December 30, 2025 7:00 am - While examining mailbox properties, I noticed that the EnforcedTimeStamps property held some information that I just couldn't explain. Google search was no help, but Microsoft Copilot told me that the information related to the management of compliance holds. Basically, the data are guardrails to help the Managed Folder Assistant do the right thing, which is nice, even if no documentation exists.
How to Report DLP Alerts December 29, 2025 7:00 am - MC1169572 announces that administrators can add classifications to DLP alerts to help with reporting. But how do you report DLP alerts? As it turns out, it’s relatively easy to retrieve DLP alerts via the Microsoft Graph Security API. Using the Get-MgSecurityAlertV2 cmdlet from the Microsoft Graph PowerShell SDK makes it even easier to find and report the data.
Microsoft Graph PowerShell SDK V2.34 Makes WAM the Default December 23, 2025 7:00 am - The Web Account Manager (WAM) authentication broker becomes the default method for handling interactive Microsoft Graph PowerShell SDK connections from V2.34 onwards. The rapid release of a new version (V2.33 appeared 12 days beforehand) is usually a sign of a big problem, but in this case the reason is more likely to be a security vulnerability that’s just come to light. We’ll find out after the holidays.
Automating Microsoft 365 with PowerShell Update 19 December 22, 2025 7:00 am - Update #19 of the Automating Microsoft 365 with PowerShell eBook is now available. Subscribers can download the updated PDF and EPUB files from Gumroad.com. A paperback version is also available, but we can’t update the print characters. In any case, a new SharePoint create Site API is in beta, and a new version of the Microsoft Graph PowerShell SDK is available. Both have their moments, as we discuss here.
Microsoft Tenant-to-Tenant Migration Orchestrator December 19, 2025 7:00 am - Microsoft has launched a tenant-to-tenant migration orchestrator solution in public preview to migrate mailboxes, OneDrive accounts, and Teams chat between tenants. ISVs have been active in the T2T space for a long time. They probably won’t welcome the new Microsoft offering, but at least the migration orchestrator legitimizes the concept of tenant-to-tenant migration.
Removing Retention Holds from Exchange Mailboxes December 18, 2025 7:00 am - A new Exchange Online feature allows administrators to remove multiple types of holds from mailboxes (usually inactive mailboxes). It’s a great way to release holds that might be keeping inactive mailboxes lingering in a tenant. The feature doesn’t remove holds used to retain items required for eDiscovery or other compliance purposes. Even so, this is definitely a feature that needs to be carefully tested.
SharePoint Online Expands Version Expiration for Audio and Video Files December 17, 2025 7:00 am - Microsoft is launching version expiration policies in SharePoint Online for audio and video files. The approach is the same as used for intelligent versioning of Office files stored in SharePoint Online and OneDrive for Business and can be configured at the tenant, site, and document library level. If your tenant uses Clipchamp, this could be a way to save expensive SharePoint storage.
Old Versions of Exchange ActiveSync Clients Get the Bullet December 16, 2025 7:00 am - Exchange Online will require email clients to use Exchange ActiveSync (EAS) V16.1 to connect from March 1, 2026. Email clients that use older versions of EAS won’t be able to synchronize with Exchange Online to upload outbound messages or download messages, attachments, and calendar items. There should be relatively few clients using an old version of EAS, but it’s wise to check.
Microsoft Baseline Security Mode Rolls Out December 15, 2025 7:00 am - Microsoft has released a set of security benchmark recommendations for Microsoft 365 tenants that it calls baseline security mode. The recommendations cover authentication, file access, and Teams and the idea is that these are settings that Microsoft believes have proven their value over the years. The only criticism that you might have is about the potential clash for conditional access policies, but that’s not serious.
Microsoft to Enable Anthrophic Models by Default December 12, 2025 7:00 am - After the fuss around the initial introduction of the Anthrophic models into Microsoft 365 in September, we learn that Microsoft will enable access for all in January 2026. It would have been so much better had Microsoft said that they were working on the data protection arrangements with Anthrophic, but that didn’t happen. Is all well now? We’ll see in January…
Testing the MCP Server for Enterprise December 11, 2025 7:00 am - The MCP Server for Enterprise is one of a set of preview servers released by Microsoft to show how MCP servers can help Microsoft 365 tenants get real work done. I’m sure things will improve, but the current state of the preview is that it can do a splendid job to answer simple questions, but once things get more complex, don’t depend on any of the PowerShell code the server generates.
Teams Messaging Gets Autocorrect December 10, 2025 7:00 am - The addition of Autocorrect for messaging is a small but important change for Teams messaging brings Teams up to speed with the other Office applications. It’s taken Teams a little longer than it perhaps should have to support Autocorrect and the implementation is not as functional as it is in Outlook, but that’s not a reason to overlook the update.
Checking Where Tenant Users Go as Guests December 9, 2025 7:00 am - After all the fuss about Teams users inviting people to chat via email, tenant administrators realize that knowing where users are active as guest accounts is not as easy as it might seem. Part of the problem is that data about user activity is mostly controlled by host rather than home tenants. However, it’s possible to extract some information from audit sign-in logs to figure out where tenant users go as guests.
Microsoft Increases Office 365 and Microsoft 365 License Prices December 8, 2025 7:00 am - Customers will see their bills increase from July 1, 2026, when Microsoft 365 pricing increases go into effect, adding up to $3/month for licenses. This is the first increase since March 2022, and it moves the baseline Office 365 E3 license to $26/month and Microsoft 365 E5 to $60/month. Microsoft justifies the increases based on the functionality and apps it delivers. Time for a licensing review! 
Microsoft Blocks EWS Access for Kiosk Users December 5, 2025 7:00 am - A December 2 announcement says that Exchange Online will block access to Exchange Web Services for users with kiosk or frontline worker licenses from June 2026. In fact, the Exchange Online service description has always excluded EWS access for these licenses, but the necessary code to enforce the exclusion was never implemented. It will be in March. Time to check licenses...
Journey to Passwordless Authentication Might Include Some Bumps December 4, 2025 7:00 am - Microsoft recommends passwordless authentication to help secure Microsoft 365 tenants. The latest is synced passkeys, something that apparently leads to “syncability,” whatever that might mean. In any case, after some struggles, I managed to enable synched passkeys for my iPhone and then started to consider how to remediate user accounts that are flagged with a high-risk (compromised) status when they can’t simply update their password.
Talking Microsoft 365 Compliance at the European SharePoint Conference December 3, 2025 7:00 am - Paul Robichaux and I led a session about Microsoft 365 Compliance at the European SharePoint Conference in Dublin on December 2, 2025. During the session, we discussed how intelligent versioning works and its value in saving storage, priority cleanup and its ability to delete files even if the files are under retention hold, and the recent revamp of the Purview eDiscovery solution. We were thrilled at the attendance. Here’s what happened.
App-Only Authentication for SharePoint Online PowerShell December 2, 2025 7:00 am - The latest versions of the SharePoint Online PowerShell module support app-only authentication (certificate-based authentication) for the Connect-SPOService cmdlet. In other words, applications can now connect to SharePoint Online to run administrative cmdlets by presenting a registered Entra ID app and an X.509 certificate instead of the credentials for a human SharePoint administrator. It’s a good change, even if I still prefer using the Graph APIs for SharePoint automation.
Office 365 for IT Pros December 2025 Update December 1, 2025 7:00 am - The Office 3675 for IT Pros team is happy to announce that the files for update #126 are available for subscribers to download from Gumroad.com. The paperback edition of the PowerShell book has also been refreshed. Updated PDF and EPUB files are available for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks. Happy reading!
Checking the Effectiveness of a Transport Rule to Block Spammy Email November 26, 2025 7:00 am - Some weeks ago, I wrote about using a transport rule to suppress spammy email by sending the messages to the quarantine. But what’s the best way to check the rule's effect? One method is to use the transport rule report PowerShell cmdlet to check for the actions you expect the rule to perform. Once information is found, it’s a matter of slicing and dicing the data.
How to Check if Shared Mailboxes Need MDO Licenses November 25, 2025 7:00 am - Shared mailboxes might need Microsoft Defender for Office 365 licenses, but how do you identify how many licenses? We use PowerShell to do the job by analyzing external email sent to shared mailboxes. If a mailbox receives external email, then by definition the mailbox receives benefit from MDO, and that’s the test for requiring a license.
Teams Messaging Gains New Protections November 24, 2025 7:00 am - Teams now includes weaponized file protection and malicious URL protection to make sure that people don't share bad files or URLs in chats or channel conversations. Given that a user can post a message to up to 50 channels at one time, it obviously makes a heap of sense to check that any files or URLs that people share in chat or channel conversations are safe and not malicious.
Automating Microsoft 365 with PowerShell December 2025 Update November 21, 2025 7:00 am - The December 2025 update (version 18) of the Automating Microsoft 365 with PowerShell eBook is now available to download. Current subscribers can fetch the updated EPUB and PDF files from Gumroad.com using the link in their account (or receipt), but we can’t do much for the paperback edition except consider using scissors, paste, and Tippex, just like the old days. 
Purview Launches New DLP Policy to Control Copilot Prompts November 20, 2025 7:00 am - A new DLP policy for Copilot prompts monitors blocked sensitive information types like credit card numbers to stop their use in Copilot prompts. The new policy can’t be combined with the existing DLP policy for Copilot, which checks for files with specific sensitivity labels to prevent Copilot from using their content in its responses. But that’s OK because the two policies do very different work.
Microsoft 365 Announcements at Ignite 2025 November 19, 2025 7:00 am - The Ignite 2025 keynote was a marathon 150-minute event, but some interesting Microsoft 365 announcements emerged, mostly centered on AI. Microsoft is obviously focused on making AI and agents a very real part of tenant activities, so there’s new agent management and a repository among other things that will roll out in the year ahead.
Microsoft Launches Preview of Exchange Admin API November 18, 2025 7:00 am - Microsoft launched the preview of the Exchange Admin API on November 17. The new API is intended to close known feature gaps that exist in the Graph APIs and allow developers to migrate from EWS before Microsoft retires EWS in October 2026. Think of the Exchange Admin API as a discardable time-limited API that allows clients to submit cmdlets for processing. It’s certainly one way to approach the EWS problem!
Removing Inactive Entra ID User Accounts with PowerShell November 17, 2025 7:00 am - The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts. Sounds good, but the same can be done with PowerShell if you want to avoid the cost of Entra ID Governance licenses or want to create a bespoke workflow that’s better suited to the business needs of the organization. Azure Automation would be a good way to process this workflow.
Copilot’s Temporary Chat November 14, 2025 7:00 am - A temporary chat with Microsoft 365 Copilot is one that forgets everything discussed in the conversation once the chat is over. The idea is that by leaving no trace, Copilot won’t recycle the ideas discussed in the chat later. Copilot absolutely discards the chat thread, but those pesky compliance records remain behind, ready for eDiscovery and other compliance investigations.
Microsoft Makes Another Change to Teams Channel Email Storage Location November 13, 2025 7:00 am - In January 2025, Microsoft changed the SharePoint folder location to store copies of the email sent to Teams channels. Apparently, this update improved security, but it’s unclear exactly how the improvement comes about unless through obscurity. In any case, we missed this change completely and are publishing this note to remind everyone else of the importance of reading message center posts.
Auditing Claude Usage with the Copilot Researcher Agent November 12, 2025 7:02 am - The question was asked if it was possible to identify use of the Claude LLM by the Copilot Researcher Agent. Audit records often help, so that's the natural location to check. As it turns out, some information is captured when the Researcher agent is used, but figuring out if the agent uses the default ChatGPT-5 or Claude LLMs is a matter of intuition (or guesswork).
A Brief History of Soft-Deleted Entra ID Groups November 11, 2025 7:00 am - Entra ID has long supported soft-deleted Microsoft 365 Groups. Now support is available to list and restore soft-deleted security groups in both the Entra admin center and cmdlets from the Microsoft Graph PowerShell SDK. The update is very welcome as it fixes a big recovery gap in the Entra ID story. Too many important security groups have been deleted in error, much to the chagrin of administrators.
Teams Gains Ability to Start Chat with Email Address November 10, 2025 7:00 am - A new Teams feature allows users to initiate chats with any email address. This caused some commotion in the security community, but it's not that bad. In fact, it’s an extension of existing functionality that allows Teams users to chat with guest accounts. All that’s happening is that initiating a chat causes a new guest account to be created in the tenant, and there’s lots of controls to make sure that guests are controlled.
Reporting the Use of Emojis in Teams Reactions November 7, 2025 7:00 am - This article explains how to use PowerShell to extract audit data to analyze the use of emojis as Teams reactions to chat and channel messages. This is not an exercise that leads to any great business value, but it’s a good way to show the sometimes surprising data that can be extracted from audit records.
Version 1.5 of the Microsoft 365 User Password and Authentication Report November 6, 2025 7:00 am - The Microsoft 365 User Passwords and Authentication report now includes the last used date for authentication methods (when available). The new data is available through the Graph beta API for listing authentication methods and the equivalent Graph PowerShell SDK cmdlet. Another change that might break scripts is a new way to expose the created date for authentication methods. The changing sands of Graph programming...
Microsoft 365 Companion Apps Fail to Impress November 5, 2025 7:00 am - Microsoft 365 Companion Apps are being deployed to Windows 11 PCs now. The apps don't seem to add much if any value over standard Microsoft 365 apps like Outlook and OneDrive. With that thought in mind, we move to unclutter PCs by either blocking the installation of the companion apps or stopping the apps starting up to take over valuable toolbar space.
Microsoft Won’t Dump Outlook for a New AI Client November 4, 2025 7:00 am - A recent report says that new Microsoft leadership wants to reimagine Outlook with lots of many AI features to make the client much more of an effective assistant. While this might be true, it doesn't mean that New Outlook is dead. However, there’s a bunch of uninformed commentary out there alleging that Microsoft will change course dramatically. I think there is little chance that this will happen.
Office 365 for IT Pros November 2025 Update November 3, 2025 7:00 am - The Office 365 for IT Pros Team is happy to announce the availability of the November 2025 update. Subscribers can download the PDF and EPUB files for update #125 from Gumroad.com. In other news, we consider the lack of information provided at the Microsoft FY26 Q1 results and the quality of some reports that find their way onto the internet.
Microsoft Issues Updated Guidance for Defender for Office 365 Licensing October 31, 2025 7:00 am - Some inconsistencies in the MDO P2 service description and licensing terms exposed a need for tenants to license every user and shared mailboxes. Microsoft has changed the service description and licensing terms to make them simpler. Mailboxes still need MDO licenses, but only if they benefit from MDO protection, including MDO P2 if that’s what they use. Tenant admins have some extra work to do to deploy policies. All explained here.
Using the SharePoint Site Attestation Policy October 30, 2025 7:00 am - The site attestation policy is designed to require site owners to make a positive statement that the settings of their site, including its current membership, are accurate. The idea is that requiring site owners to attest that their site is still needed will force people to decide whether sites are still in active use and should be kept online. If not, the policy can move the sites into Microsoft 365 Archive.
Modernizing Sensitivity Label Grouping for App Display October 29, 2025 7:00 am - Microsoft announced the modernization of grouping for sensitivity labels to a new "dynamic architecture." It doesn't take much to be more dynamic than the previous parent-child arrangement. Even if the announcement is a tad overhyped, it’s still goodness because administrators can now move labels between label groups in a way that wasn’t possible before. The new way of displaying labels should be everywhere in December 2025.
Auto-Updating Teams Work Location is Not Employee Monitoring October 28, 2025 7:00 am - As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about the prospect that managers would keep an eye on employees based on their location. Of course, this is all rubbish. The update automates an existing feature that no sane manager would use to monitor employees.
Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised October 27, 2025 7:00 am - Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use those tokens with the Graph API. Is this important? It could be if attackers manage to gain access to a workstation, but at that point you’ve got other problems, and maybe using code to decrypt some tokens is the least of your troubles.
Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea October 24, 2025 7:00 am - Enterprise apps can come from a variety of sources. Most are Microsoft 1st party apps, and the rest are ISV apps. It's easy to add an app without really intending to, which is a good reason to force users through the Entra ID app consent workflow when they want to add an app. Unhappily, I failed the test and added an app in a moment of weakness. Here’s what happened.
Updating the Entra ID Password Protection Policy with the Microsoft Graph PowerShell SDK October 23, 2025 7:00 am - The Entra ID password protection policy contains settings that affect how tenants deal with passwords. Entra ID includes a default policy that doesn’t require additional licenses. Creating a custom password protection policy requires tenant users to have Entra P1 licenses. As explained in this article, once the licensing issue is solved, it’s easy to update the policy settings with PowerShell. 
Important Change Coming for Entra ID Passkeys in November 2025 October 22, 2025 7:00 am - Entra ID is about to introduce passkey profiles, a more granular approach to passkey settings. The change is good, but you might like to check the current passkey settings to make sure that the values inherited by the new default passkey profile behave the way that you want. In particular, check attestation enforcement to make sure that the right kind of passkeys are used.
Automating Microsoft 365 with PowerShell November 2025 Update October 21, 2025 7:00 am - The November 2025 update for the Automating Microsoft 365 with PowerShell eBook is available online. Subscribers can download the new PDF and EPUB files from their Gumroad account. As always, the update features a mixture of new and updated information, some corrections, and removal of obsolete information. Look no further for guidance about using PowerShell with the Graph APIs to interact with Microsoft 365 data!
New Audio-Only Recording Option for Teams Meetings October 20, 2025 7:00 am - A new audio-only recording option for Teams meeting suppresses the video feed from meeting participants when generating the MP4 file for the meeting recording. The idea is to better preserve user privacy during recording playbacks. Few will miss the video stream because the audio is usually more important. The audio is also the basis for the meeting transcript, and that leads to AI-generated outputs like meetings summaries and action items.
Outlook Gets AI Drafting of Meeting Agendas October 17, 2025 7:00 am - Agenda auto-draft is a new feature for OWA and the new Outlook to help meeting organizers create a draft meeting agenda using AI. The Copilot-generated draft agenda contains an introduction and some bullet points created from the meeting subject. It’s not a make or break feature for Microsoft 365 Copilot. Some will like it, if they discover how to use agenda auto-draft.
Using the Secret Management PowerShell Module with Azure Key Vault and Azure Automation October 16, 2025 7:00 am - If you can't use managed identities, credential resources are a way to manage username and password credentials for Azure Automation runbooks. The Secret Management module is an alternative, and it’s a good option to manage credentials that are shared between interactive scripts and automation runbooks. This article describes how to use the Secret Management PowerShell module to fetch credentials stored in Azure Key Vault for use in an automation runbook.
The My Sign-Ins Portal, Applications, and Conditional Access October 15, 2025 7:00 am - A recent change has exposed the applications used by the My Sign-ins portal for use in conditional access policies. This article discusses the app-centric nature of Microsoft 365 and Entra ID and why it’s important that the newly-revealed set of applications are available for conditional access processing, just in case the Entra ID agents planned by Microsoft can't optimize your policies.
Changing the Offline Access Period for Sensitivity Labels October 14, 2025 7:00 am - One of the settings for sensitivity labels governs how long items protected by a label remain accessible (including offline access) before reauthentication. The default is 30 days, which is a good balance between security and avoiding users having to constantly reauthenticate to open protected messages and files. If necessary, tenant administrators can change the validity period to be anything from 0 to 65535 days.
ChatGPT Enterprise Connects to SharePoint Online October 13, 2025 7:00 am - OpenAI has launched a ChatGPT enterprise SharePoint Connector that allows organizations to synchronize files from SharePoint Online to ChatGPT. I could never understand why Microsoft 365 tenants allowed users to upload individual files from SharePoint or OneDrive to ChatGPT for processing. Using a connector to synchronize entire sites to ChatGPT makes even less sense, especially from a compliance perspective. I must be missing something!