How to Manage Anonymized User Data in Microsoft 365 Usage Reports

The usage reports available in the Microsoft 365 admin center, Teams admin center, and other places now include anonymized user information by default. The new default became active on September 1, 2021 and the organization setting applies to any usage data generated by the Microsoft Graph usage reports API, which means that some scripts might create reports less interesting and useful than before. It’s a good change for privacy, but will organizations persist with the new default?

Microsoft Applies the Viva Brand to MyAnalytics

Microsoft is applying their Viva brand to the features currently known as MyAnalytics. Viva Insights will span a monthly email digest, the Outlook insights add-on, and the Insights dashboard. If you don’t want users to access these features, you can disable the features individually or remove the service plan from user licenses. The rebranding is happening now and due to complete in November.

How to Access the TEC 2021 Session Videos

You can now access videos and slides for sessions given at The Experts Conference 2021. The sessions cover a wide range of technology from Azure AD to Microsoft 365 to infrastructure modernization. And you can now register for TEC 2022, which will run as an in-person event in Atlanta on September 20-21, 2022. It should be great fun!

How to Find Delve Accounts with Disabled Document Insights

Microsoft has replaced the controls which disabled document insights in Delve with new Graph-based settings. However, you might still have a bunch of users with the Delve settings who need to migrate to the Graph settings. In this article, we explore how the settings work and how to query the Graph to find the set of users who disabled the setting in Delve. We can then use PowerShell to add those accounts to the group of disabled insights users for the Graph-based settings.

Microsoft 365’s New Retention Assistant Processes Multiple Workloads

Microsoft has moved retention processing for SharePoint Online, OneDrive for Business, Teams, and Yammer from the Managed Folder Assistant to a new retention assistant. (background processing job). It’s part of an effort to use workload-agnostic processing whenever possible to perform retention actions across Microsoft 365.

How to Remove a Single Service Plan from Multiple Microsoft 365 Accounts with PowerShell

In this post, we describe how to use PowerShell to remove a single service plan from Microsoft 365 licenses using PowerShell. The script can remove any service plan from any SKU (license) in a tenant. You might want to do this to disable access to an obsolete feature (like Sway) or to prevent access to a new feature until the organization is ready to support user activity.

Updates to Group Creation Settings in Azure AD Admin Center

Microsoft has updated the creation settings for security groups and Microsoft 365 groups in the Azure AD admin center. The changes impose consistency over administrator creation of these groups and probably won’t affect tenants, but it’s good to check. The change makes us ponder why Microsoft doesn’t improve the GUI for other group controls, like those controlling who can create new Microsoft 365 Groups.

Whiteboard Moving Its Storage to OneDrive for Business

OneDrive for Business

Microsoft’s Whiteboard app is moving its storage off Azure to OneDrive for Business. The switchover will happen in October 2021, but tenants can opt-in to use OneDrive storage from the end of August. Some Whiteboard clients won’t be able to cope with OneDrive then, but Microsoft says that everything will be straightened out for the switchover in October. As we explain here, it’s a good idea (for many reasons) to move Whiteboard storage to OneDrive.

Microsoft Introduces Data Privacy Tag for Message Center Notifications

The message center in the Microsoft 365 admin center will soon use a new data privacy tag to highlight specific service updates to tenant administrators. No messages with the new tag have yet appeared, so it’s hard to know how Microsoft plans to use the new tag or what kind of attachments it will make available to administrators to help understand the sensitive data involved in data privacy. While we’re waiting, we took at look at the tags in use today and wrote some PowerShell to report which tag is most popular.

How to Block Self-Service Purchases of Windows 365 Licenses

Office 365 tenants users will soon be able to execute self-service purchase Windows 365 licenses. That is, unless you stop them by running some PowerShell commands to disable the capability. In this article, we explain the Windows 365 options available for self-service purchase and the PowerShell commands necessary to disable the option, if you think it’s a bad idea (as some do).

Why Humans Should Apply Their Knowledge of Office 365 When Reviewing OCAS Alerts

Office 365 Cloud App Security (OCAS) is very good at identifying potential problems for tenant administrators to investigate. But don’t think that it’s always right. Humans are often better at resolving issues than computers are, simply because we can use our wider knowledge of how applications work and the Office 365 datacenter network to understand what might be behind an alert. Humans might be slower than computers, but when it comes to resolving OCAS alerts, we’re always better.

Understand Licensing for Microsoft 365 Information Protection and Governance

Licensing is everyone’s favorite topic. Combine it with information protection and governance and peoples’ eyes glaze over. Even so, it’s important to know what information protection and compliance features need which licenses as you don’t want to get into a position where something stops working because Microsoft enables some code to enforce licensing requirements. This post covers the basics of licensing and how Microsoft differentiates between manual processing and automated processing when deciding if a feature needs a standard or premium license.

Microsoft 365 Compliance Center Gets New Content Search UI

The Microsoft 365 compliance center has a new content search UI. The new UI is prettier than before, but it’s also slower and more buggy. After several years of effort to develop content searches, you’d expect Microsoft to do better. A lot betterr. Unhappily, the beauty of the new interface seems to have distracted the engineers from the problems that become all too apparent when you try to use content searches to do real work. What, if any testing, was done to validate the new UI is unknown.

How to Report Membership of Microsoft 365 Compliance Role Groups

Compliance role groups control access to Microsoft 365 compliance functionality. A new permissions page makes it easier to manage these groups in the Microsoft 365 compliance center, where you can also manage the Azure AD roles used by Microsoft 365 compliance. If you want to generate a report about who holds what role, you’ve got to use PowerShell. The code is easy once you know which roles you want to report.

Microsoft Tightens Control Over eDiscovery Limits

Microsoft 365 eDiscovery features will respect documented limits from May 10. The changes are likely made to conserve resources consumed by searches against the massive amounts of data now found in Office 365 tenants. The changes probably won’t affect eDiscovery investigators except in reminding everyone that the items shown in search preview are only a representative sample of what can be found by a full search.

Microsoft Brings the Top Senders and Recipients Report Back from the Dead

For whatever reason, Microsoft decided to cancel plans to remove the Top Senders and Recipients report from the SCC, citing customer feedback as the reason. The thing is that the SCC report and its underlying cmdlet use an old data source. The Microsoft Graph Reports API is the modern approach and an adequate replacement usage reports is available in the Microsoft 365 admin center. I really can’t understand why anyone would want to keep the old report as it’s not very good at all.

How to Review and Clean Up Azure AD Integrated Apps

Over time, a Microsoft 365 tenant might accumulate many Azure AD integrated apps. Do you know what these apps do or who uses them? It’s good to do a regular audit and cleanout of unwanted apps left behind for tests, trials, or expired applications. We use a script published on Practical365.com to grab the data from Azure AD and then import it into Microsoft Lists. The results we got might surprise you.

Teams Usage Data is Finally Obfuscated in Reports in the Microsoft 365 Admin Center

The Teams usage data reported in the Microsoft 365 admin center can now be obfuscated. Teams is the last workload to support this facility. It’s all very well to anonymize, deidentify, or obfuscate user data to protect individual privacy and it’s appropriate to do so in the Microsoft 365 admin center where people with several roles can access the data, but having a single on/off switch for data obfuscation for the Microsoft Graph Reports API is a real pain.

How to Control Updates for User Photos in Microsoft 365 Apps

Organizations can choose to control updates of user photos by policy in their Office 365 tenants or allow users to go ahead and use any image they like. In this article, we explore the value of having a user photo for every Office 365 account (and Teams and Groups too) and the choices organizations must make when they decide whether to control user-driven updates.

How to Find a Microsoft 365 Tenant Identifier

Every Microsoft 365 tenant has a tenant identifier. Sometimes you need to know what the identifier is, so here are several options to find it from PowerShell to the Azure AD portal to an external service. Tenant identifiers are public and need to be, otherwise apps wouldn’t be able to find the data they want.

Using an Auto-Claim Policy for Automatic Assignment of Licenses to Teams Users

A new Microsoft 365 admin center feature allows tenants to create an auto-claim policy to assign licenses when users sign into Teams for the first time. It seems like a good idea, but it’s limited by the fact that only Teams supports the auto-claim policy. No scoping exists either, which will disappoint those who like to manage licenses on a granular level. There’s some work to do before these policies will be right for everyone.

How to Discover New Audit Events in the Office 365 Audit Log (Including App Consents)

The Office 365 audit log is packed full of information about what happens inside workloads. New events show up all the time. The question is how to understand what actions these events relate to. We outline a simple procedure to discover the presence of new audit events and dive into the investigation of an event called Consent to application, which is pretty important in the context of recent high-profile attacks.

Exchange Online Clamps Down on High-Volume Mailboxes

From April 2021, Exchange Online will apply hard limits for the number of messages a mailbox can receive per hour. The limit remains the same (3,600), but now Exchange will block the mailbox receiving any more email for an hour. The new version of the Exchange Admin Center (EAC) promises to highlight problem mailboxes so that admins can ask owners why their mailboxes receive so much email.

How to Report Audit Events Generated for Sensitivity Labels

Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.

How Edge Sleeping Tabs Affect SharePoint Online and Other Pages

Microsoft’s Edge browser recently introduced sleeping tabs to conserve resources. Although this is a good idea, putting SharePoint Online tabs to sleep stops them reconnecting. I suspect it is because a refresh token times out and isn’t renewed. The solution is to add SharePoint Online sites to the list of sites that don’t sleep. Always-on document management is the best approach.

How to Run a Trial of Viva Topics

Viva Topics is one of the four modules in the Microsoft Viva employee engagement platform. You can run a 25-user trial for 30 days to create some topics and see how things work. A trial should help an organization decide if they want to pay the $5/user/month Microsoft asks for Viva Topics licenses – and everyone needs a license to see topic cards, which is the point of Topics.

Exchange Online Adjusts Schedule for Removal of Basic Authentication

Microsoft wants to remove basic authentication from Exchange Online connection protocols. But pressures have forced Microsoft into a new strategy and away from the mid-2021 date for deprecation of basic authentication for five protocols. Instead, Microsoft will disable basic authentication for protocols where it’s not used, include four addition protocols in its target set, and pause action for tenants where basic authentication is in active use. When they restart, Microsoft will give tenants 12 months’ notice that basic authentication will be blocked for a protocol. You can argue that Microsoft should have pressed ahead with their original plan, but would widespread disruption of service be worth the benefit gained from blocking vulnerable protocols? Balancing risk versus reward is often not easy.

How to Retrieve Information About Microsoft 365 Service Incidents

All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.

Why Exchange Online Dehydrates an Organization Configuration

Exchange Online has the Enable-OrganizationCustomization cmdlet to “hydrate” the settings in an organization. Most Exchange Online organizations use common configurations, which saves the Office 365 infrastructure some directory space and CPU cycles to deal with custom settings. A hydrated organization has customized settings. The one-time cmdlet switches organizations from a dehydrated state to a hydrated state. Forcing administrators to run the cmdlet is just a little odd.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

Search the Office 365 Audit Log for Events Performed Against Objects

The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,

Debating the Need for Office 365 Backup

Following some recent criticisms of how some ISVs use FUD to convince Office 365 tenants that they need backup services, AvePoint asked Office 365 for IT Pros to debate the issues. We go toe-to-toe on Wednesday, October 7 at 10 AM EST in a free online debate. Come along and join the fun.

Why Microsoft Extends Office 365 Notification Dates For New Functionality

Microsoft publishes notifications about new Office 365 functionality in the Microsoft 365 message center. Sometimes the dates advertised for the delivery of the new software are pushed out when Microsoft updates the original notifications. All of which means that tenant administrators need to spend a little time tracking updates to make sure that they’re prepared when Microsoft eventually delivers.

Updated Version of the Graph User Statistics Script Available

Office 365 usage data for several workloads is available through the Microsoft Graph. A PowerShell script is available to grab Graph data and use it to figure out if accounts are in active use. V1.2 of GetGraphUserStatisticsReport.PS1 is available in GitHub and should be better performing when processing thousands of accounts.

When a Teams Retention Policy Goes Bad and Data Disappears

A change made to an Office 365 retention policy for Teams personal chats in the KPMG tenant removed data for 145,000 users. That’s unfortunate, and it underlines the need for admins to understand how retention policies work. Maybe the people involve did and it was a simple slip that could happen to anyone, but perhaps it will cause tenant admins to reflect on how they make changes to organization configurations.

Come in Internet Explorer – Your Time is Up

Office 365 Tenants need to stop people using Internet Explorer. On November 30, Teams stops support for IE11; nine months later, the rest of the Microsoft 365 apps cease support. According to Microsoft, the only browser in town is the new Edge (which has an IE mode), but most will keep on using Chrome, Firefox, Brave, or Safari as they do today.

Questioning Six Reasons Why Backing up Office 365 is Critical

The need (or not) for a backup solution for Office 365 data is hotly debated. Although good reasons can exist for buying a backup service, some of the reasons advanced by backup vendors are classic FUD (fear, uncertainty, and doubt). A recent report issued by a major backup vendor contains some points that deserve close examination. Here’s what we think.