Use Office 365 Audit Data to Highlight Unused Permissions

I’ve written many articles to explain how to use the Office 365 audit log to report different aspects of the platform. But taking action is much better than just reporting. In this post, we explain how to take a report generated from the Office 365 audit log and use it to drive some actions. In this case, removing the SendAs permission from people who aren’t using it.

Advertisements

OneDrive for Business and its Unlimited Storage

Microsoft’s service description for OneDrive for Business promises “beyond 1 TB, to unlimited” storage. In reality, most enterprise Office 365 accounts have 5 TB storage and won’t need to go further. But you can… first to 25 TB and then even more in the form of SharePoint sites. You just have to talk nicely to Microsoft support.

Teams Improves Analytics in Desktop and Browser Clients

An item in the Teams release notes tells us that analytics are now available for channels. You can find out how many topics and replies are posted within a channel. You’ll probably know what channels are in heavy use anyway, but seeing how little traffic some channels get is a good way of knowing that maybe your teams don’t need those channels.

Use the Office 365 Audit Log to Find Who Updated a Document

Do you need to find out who updated a SharePoint Online or OneDrive for Business document? Use PowerShell to search the Office 365 audit log for document events and the complete history is available. Well, at least the last 90 days’ history – or 365 days if you have the necessary licenses.

Updated Usage Reports in the Microsoft 365 Admin Center

Several updates are available for the standard usage reports in the Microsoft 365 Admin Center. One helps Office 365 tenants understand the changed user activity profile due to remote working. Another gives views of user activity across the complete tenant. The updates are useful and interesting, but an ISV product will do a better job of analyzing and reporting the same data.

Managing Teams Apps

The Teams Admin Center now includes a Manage Apps page to allow administrators to view the complete inventory of apps available to Teams. Administrators can decide if they want to make apps available to users via Teams app setup policies or block the installation of apps. Each app has a publisher and certification status, but not many apps have been through the full “Microsoft 365 certified” process, including many of Microsoft’s own apps.

Teams Updates Default Meeting Policy to Enforce External Lobby

Microsoft is updating the Teams default meeting policy to enforce lobby entry for external users. Sounds good, but what does this mean? This post explains what happens and how Microsoft is able to update the default meeting policy for many tenants while not affecting the tenants who have customized their default meeting policy.

Stopping Users Updating OWA Autosignatures

If an Office 365 tenant goes to the bother of creating nice OWA autosignatures for users, shouldn’t we also removed the ability to edit the signatures in OWA settings? RBAC seems like the right way to do the job, but in this case, the way RBAC restricts options by removing the right to run cmdlets or parameters means that the block affects other OWA settings. Fortunately, the Exchange developers thought of this and provide an option in OWA mailbox policies to save the day.

Faster PowerShell ForEach Loops to Process Office 365 Data

PowerShell is a great way to get work done with Office 365 data. The downside is that PowerShell can sometimes be slow, which is why we look for ways to speed things up, especially when dealing with some of the “heavier” cmdlets like Get-UnifiedGroup. The good news is that switching loops to use the ForEach method can speed things up. The bad is that you might only squeeze an extra 5% performance out of your code. Is that enough to bother? Your call…

Reporting Exchange Online Mailbox and SendAs/On Behalf Of Permissions

Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.