How to Find a Microsoft 365 Tenant Identifier

Every Microsoft 365 tenant has a tenant identifier. Sometimes you need to know what the identifier is, so here are several options to find it from PowerShell to the Azure AD portal to an external service. Tenant identifiers are public and need to be, otherwise apps wouldn’t be able to find the data they want.

Using an Auto-Claim Policy for Automatic Assignment of Licenses to Teams Users

A new Microsoft 365 admin center feature allows tenants to create an auto-claim policy to assign licenses when users sign into Teams for the first time. It seems like a good idea, but it’s limited by the fact that only Teams supports the auto-claim policy. No scoping exists either, which will disappoint those who like to manage licenses on a granular level. There’s some work to do before these policies will be right for everyone.

How to Discover New Audit Events in the Office 365 Audit Log (Including App Consents)

The Office 365 audit log is packed full of information about what happens inside workloads. New events show up all the time. The question is how to understand what actions these events relate to. We outline a simple procedure to discover the presence of new audit events and dive into the investigation of an event called Consent to application, which is pretty important in the context of recent high-profile attacks.

Exchange Online Clamps Down on High-Volume Mailboxes

From April 2021, Exchange Online will apply hard limits for the number of messages a mailbox can receive per hour. The limit remains the same (3,600), but now Exchange will block the mailbox receiving any more email for an hour. The new version of the Exchange Admin Center (EAC) promises to highlight problem mailboxes so that admins can ask owners why their mailboxes receive so much email.

How to Report Audit Events Generated for Sensitivity Labels

Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.

How Edge Sleeping Tabs Affect SharePoint Online and Other Pages

Microsoft’s Edge browser recently introduced sleeping tabs to conserve resources. Although this is a good idea, putting SharePoint Online tabs to sleep stops them reconnecting. I suspect it is because a refresh token times out and isn’t renewed. The solution is to add SharePoint Online sites to the list of sites that don’t sleep. Always-on document management is the best approach.

How to Run a Trial of Viva Topics

Viva Topics is one of the four modules in the Microsoft Viva employee engagement platform. You can run a 25-user trial for 30 days to create some topics and see how things work. A trial should help an organization decide if they want to pay the $5/user/month Microsoft asks for Viva Topics licenses – and everyone needs a license to see topic cards, which is the point of Topics.

Exchange Online Adjusts Schedule for Removal of Basic Authentication

Microsoft wants to remove basic authentication from Exchange Online connection protocols. But pressures have forced Microsoft into a new strategy and away from the mid-2021 date for deprecation of basic authentication for five protocols. Instead, Microsoft will disable basic authentication for protocols where it’s not used, include four addition protocols in its target set, and pause action for tenants where basic authentication is in active use. When they restart, Microsoft will give tenants 12 months’ notice that basic authentication will be blocked for a protocol. You can argue that Microsoft should have pressed ahead with their original plan, but would widespread disruption of service be worth the benefit gained from blocking vulnerable protocols? Balancing risk versus reward is often not easy.

How to Retrieve Information About Microsoft 365 Service Incidents

All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.

Why Exchange Online Dehydrates an Organization Configuration

Exchange Online has the Enable-OrganizationCustomization cmdlet to “hydrate” the settings in an organization. Most Exchange Online organizations use common configurations, which saves the Office 365 infrastructure some directory space and CPU cycles to deal with custom settings. A hydrated organization has customized settings. The one-time cmdlet switches organizations from a dehydrated state to a hydrated state. Forcing administrators to run the cmdlet is just a little odd.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

Search the Office 365 Audit Log for Events Performed Against Objects

The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,

Debating the Need for Office 365 Backup

Following some recent criticisms of how some ISVs use FUD to convince Office 365 tenants that they need backup services, AvePoint asked Office 365 for IT Pros to debate the issues. We go toe-to-toe on Wednesday, October 7 at 10 AM EST in a free online debate. Come along and join the fun.

Why Microsoft Extends Office 365 Notification Dates For New Functionality

Microsoft publishes notifications about new Office 365 functionality in the Microsoft 365 message center. Sometimes the dates advertised for the delivery of the new software are pushed out when Microsoft updates the original notifications. All of which means that tenant administrators need to spend a little time tracking updates to make sure that they’re prepared when Microsoft eventually delivers.

Updated Version of the Graph User Statistics Script Available

Office 365 usage data for several workloads is available through the Microsoft Graph. A PowerShell script is available to grab Graph data and use it to figure out if accounts are in active use. V1.2 of GetGraphUserStatisticsReport.PS1 is available in GitHub and should be better performing when processing thousands of accounts.

When a Teams Retention Policy Goes Bad and Data Disappears

A change made to an Office 365 retention policy for Teams personal chats in the KPMG tenant removed data for 145,000 users. That’s unfortunate, and it underlines the need for admins to understand how retention policies work. Maybe the people involve did and it was a simple slip that could happen to anyone, but perhaps it will cause tenant admins to reflect on how they make changes to organization configurations.

Come in Internet Explorer – Your Time is Up

Office 365 Tenants need to stop people using Internet Explorer. On November 30, Teams stops support for IE11; nine months later, the rest of the Microsoft 365 apps cease support. According to Microsoft, the only browser in town is the new Edge (which has an IE mode), but most will keep on using Chrome, Firefox, Brave, or Safari as they do today.

Questioning Six Reasons Why Backing up Office 365 is Critical

The need (or not) for a backup solution for Office 365 data is hotly debated. Although good reasons can exist for buying a backup service, some of the reasons advanced by backup vendors are classic FUD (fear, uncertainty, and doubt). A recent report issued by a major backup vendor contains some points that deserve close examination. Here’s what we think.

Microsoft 365 Admin Center Manages Default Authentication Policy for Exchange Online

The Microsoft 365 admin center includes the ability to manage settings for the default Exchange Online authentication policy. You might have other policies to allow selective access with basic authentication to some protocols; these policies must be managed with PowerShell. Authentication policies are part of the journey to eliminate basic authentication from Exchange Online, now expected to happen in mid-2021.

How to Find and Reassign Orphaned OneDrive for Business Accounts

OneDrive for Business accounts belonging to ex-employees can be reassigned to others during the deletion workflow, but orphan accounts can accumulate over time. This post describes a PowerShell script to find orphan OneDrive accounts and add a user to the site so that anything there can be retrieved.

Office 365 Won’t Block Old Clients But End in Sight for Office 2013

Microsoft posted a reminder that connections from Office 2013 will no longer be supported for Office 365 service from October 13, 2020. Microsoft won’t take any action to block legacy clients, but the writing is on the wall. Office 365 tenants need to decide how to replace Office 2013 by either upgrading to Microsoft 365 apps for enterprise (click to run) or switching to browser clients like OWA.

How to Bulk Assign Policies to Teams Users in Batch Jobs

Teams supports the ability to assign policies to up to 5,000 users with background jobs. This makes it much easier to assign new policies to large groups of users. Unless you like writing your own PowerShell scripts to handle Teams policy assignment, this is definitely something that all Teams administrators need to know about.

How to Disable Chat in Microsoft Teams

You can disable Chat for Teams users, but is this a good idea? Chat is an integral part of Teams and disabling it seems like a bad idea for many reasons, not least being compliance as all you’ll do is drive users to find another way to communicate – like WhatsApp.

How to Find SharePoint Files with a Sensitivity Label

Sensitivity labels are spreading across Office 365. Now you can search SharePoint Online to find documents with a specific label. And if you make an extra tweak to the search schema, you can find labeled sites too. All of which seems boring and uninteresting until you actually need to do it.

How Stream Handles Deleted Users

Microsoft Stream administration include a Manage deleted users option. However, you can’t manage a deleted user until all trace of their account has been removed from Azure AD, which means that you usually must wait 30 days for an account to be hard-deleted. It’s logical, but not in a good way.

How to Make Sure That You Use the Latest Office 365 PowerShell Modules

Many PowerShell modules are available for Office 365 applications. Keeping them up to date can be a pain, so here’s a PowerShell script to automate the task. Using the latest modules means that you can access new and updated cmdlets, which might make all the difference to your scripts.

Updates for Groups Management in Microsoft 365 Admin Center

The Groups section of the Microsoft 365 admin center has been overhauled recently and several useful changes were made. Restore deleted groups is the headline act, but the other updates also deliver value. Collectively, they make Groups easier to manage.

How to Generate an Email Report About Deleted Stream Videos

Microsoft Stream doesn’t support Office 365 retention policies, so you can’t make sure that videos are kept for eDiscovery or compliance purposes. But a little lateral thinking and some PowerShell code quickly gives us a solution based on events from the Office 365 audit log, including emailing the report to someone designated to review videos before final deletion.

Teams is the Most Difficult Office 365 Application to Backup

Because it sits on top of so many Microsoft 365 components, Teams is easily the hardest Office 365 workload to backup. You can try to backup Teams by copying its compliance records stored in Exchange Online, but that’s only a partial (and bad) solution that utterly fails to take the full spectrum of Teams data into account.

Microsoft Automates Easing of EWS Throttling for Migrations

Many migration projects use Exchange Web Services (EWS) to move data to Exchange Online. EWS is using throttled to preserve resources. Here’s how to lift the restrictions for up to 90 days, all without going near a support call.

How to Configure OWA, Outlook Mac, and Outlook Mobile to Create Online Meetings by Default

Changes coming in May and June will allow organizations to make online meetings the norm when created by OWA or Outlook mobile clients. You can control the feature at the organization level and allow individual mailboxes to override the organization setting.

Use Office 365 Audit Data to Highlight Unused Permissions

I’ve written many articles to explain how to use the Office 365 audit log to report different aspects of the platform. But taking action is much better than just reporting. In this post, we explain how to take a report generated from the Office 365 audit log and use it to drive some actions. In this case, removing the SendAs permission from people who aren’t using it.

OneDrive for Business and its Unlimited Storage

Microsoft’s service description for OneDrive for Business promises “beyond 1 TB, to unlimited” storage. In reality, most enterprise Office 365 accounts have 5 TB storage and won’t need to go further. But you can… first to 25 TB and then even more in the form of SharePoint sites. You just have to talk nicely to Microsoft support.

Teams Improves Analytics in Desktop and Browser Clients

An item in the Teams release notes tells us that analytics are now available for channels. You can find out how many topics and replies are posted within a channel. You’ll probably know what channels are in heavy use anyway, but seeing how little traffic some channels get is a good way of knowing that maybe your teams don’t need those channels.

Use the Office 365 Audit Log to Find Who Updated a Document

Do you need to find out who updated a SharePoint Online or OneDrive for Business document? Use PowerShell to search the Office 365 audit log for document events and the complete history is available. Well, at least the last 90 days’ history – or 365 days if you have the necessary licenses.

Updated Usage Reports in the Microsoft 365 Admin Center

Several updates are available for the standard usage reports in the Microsoft 365 Admin Center. One helps Office 365 tenants understand the changed user activity profile due to remote working. Another gives views of user activity across the complete tenant. The updates are useful and interesting, but an ISV product will do a better job of analyzing and reporting the same data.

How to Manage the Set of Teams Apps Available to Users

The Teams Admin Center now includes a Manage Apps page to allow administrators to view the complete inventory of apps available to Teams. Administrators can decide if they want to make apps available to users via Teams app setup policies or block the installation of apps. Each app has a publisher and certification status, but not many apps have been through the full “Microsoft 365 certified” process, including many of Microsoft’s own apps.

Teams Updates Default Meeting Policy to Enforce External Lobby

Microsoft is updating the Teams default meeting policy to enforce lobby entry for external users. Sounds good, but what does this mean? This post explains what happens and how Microsoft is able to update the default meeting policy for many tenants while not affecting the tenants who have customized their default meeting policy.