Stopping Users Updating OWA Autosignatures

If an Office 365 tenant goes to the bother of creating nice OWA autosignatures for users, shouldn’t we also removed the ability to edit the signatures in OWA settings? RBAC seems like the right way to do the job, but in this case, the way RBAC restricts options by removing the right to run cmdlets or parameters means that the block affects other OWA settings. Fortunately, the Exchange developers thought of this and provide an option in OWA mailbox policies to save the day.

Faster PowerShell ForEach Loops to Process Office 365 Data

PowerShell is a great way to get work done with Office 365 data. The downside is that PowerShell can sometimes be slow, which is why we look for ways to speed things up, especially when dealing with some of the “heavier” cmdlets like Get-UnifiedGroup. The good news is that switching loops to use the ForEach method can speed things up. The bad is that you might only squeeze an extra 5% performance out of your code. Is that enough to bother? Your call…

How to Report Who Uses SendAs Permission to Send from an Exchange Online Mailbox

Exchange Online mailboxes support SendAs, Send on Behalf Of, and FullAccess permissions. A previous script focused on the FullAccess permission. This version covers all three. It’s also a good example of how you need to pay attention to property sets when writing PowerShell code to use the new Exchange Online REST-based cmdlets.

How to Generate a SharePoint Online Site Usage Report with PowerShell

SharePoint Online comes with a reasonable amount of free storage, but it’s surprising how quickly that storage can be consumed, especially if you use Office 365 retention policies. With that thought in mind, it’s a good idea to check what sites are consuming your SharePoint storage. This post covers how to write a PowerShell script to report SharePoint Online site storage, complete with a couple of bells and whistles.

Quick and Easy Office 365 License Assignment Report

Office 365 licenses can seem complex, especially when you descend to the level of multi-product license plans. PowerShell makes it easy to generate a quick and simple report of who’s been assigned which license. And best of all, because the code is PowerShell, you can amend it to your heart’s content.

How to Create a Report About Exchange Online Mailbox Permissions

Exchange Online makes it easy to assign delegated permissions for user and shared mailboxes. But permissions assigned to people might not be still necessary, so it’s good to do a periodic check. In this post, we describe a script to scan for permissions on Exchange Online user and shared mailboxes and highlight non-standard permissions in a report generated as a CSV file.

Why Default Mailbox Auditing for Exchange Online Isn’t Quite as Good as It Seems

Exchange Online enables mailbox auditing by default, which should mean that audit events get to the Office 365 audit log for all E3 and E5 mailboxes. Well, that’s what you might thing but that’s not what happens. Mailbox events for E5 mailboxes arrive just fine, but you must reenable E3 mailboxes for auditing before their events flow. It’s a bizarre situation.

Azure Active Directory Sign-On Gets a New Look

Azure Active DIrectory is getting a slimmed-down background image to help with bandwidth-constrained locations. Office 365 tenants with custom backgrounds won’t see the change. Customizing the appearance of the sign-in screen is easy if you prepare. And to finish up, we have pointers to a set of videos about how Azure Active Directory authentication works.

Why Basic Authentication for Exchange Online is So Bad

Some doubt that Exchange Online will disable basic authentication for five email connection protocols in October 2020. The refrain is that it will be too hard for customers. Well, it might be hard to prepare to eliminate basic authentication, but if you don’t, your Office 365 tenant will be increasingly threatened by attacks that exploit known weaknesses.

Applying Holds to Teams Private Channel Messages

The Office 365 compliance framework can now to place holds on Teams compliance records created for conversations in private channels. You simply have to place holds on the mailboxes of members of the private channels and hope that no one removes the members from the tenant. If they do, the hold lapses, which seems like a pity.

Teams Adds Control Over User Pinning of Apps

Teams App Security policies now include an Allow user pinning setting, which controls the ability ot users to pin apps to the left-hand navigation rail. The setting is enabled by default and probably can stay that way in most circumstances. Guest users don’t get to pin anything because their accounts are not policy-controlled.

Microsoft 365 Compliance and Security Centers Rolling Out to Office 365 Tenants

The Microsoft 365 Compliance and Security centers are roling out to Office 365 tenants where they’ll replace the old Security and Compliance Center over time. The new centers look fresher than the SCC, but looks can deceive and it’s much more important that the functionality exposed in the new portals work reliably all the time.

Reporting Office 365 Group Deletions

Office 365 Groups (and their underlying teams and sites) can be removed by user action or automatically through the Groups expiration policy. By examining records in the Office 365 audit log, we can track exactly when groups are soft-deleted followed by permanent removal 30 days later. All done with a few lines of PowerShell and some parsing of the audit data held in the records.

Reporting Team Deletion Events to Office 365 Administrators

A question asked how to be notified when people delete Teams. The answer lies in the Office 365 audit log, and once we’ve found out when Teams are deleted are who deleted them, we can notifications to administrators via email or by posting to a Teams channel. The administrators can then decide if they should restore the deleted team or let it expire and be permanently deleted after 30 days.

Office 365 OK for Chrome 80 SameSite Update

Chrome 80 appears on February 4 complete with “SameSite” updates to close off the potential for cross-site request forgery attacks. Office 365 has many web interfaces, so Microsoft has had to do some work to prepare for Chrome 80. Microsoft says that Office 365 is prepared but customers will have to apply patches for on-premises products, once the patches are available. Or stop using Chrome. Which mightn’t be a bad thing.

Phishing Attempt to Grab Office 365 User Credentials

Office 365 users might receive a phishing attempt to say that they’ve just been paid by a UK healthcare group. The message shows some obvious signs to tell the recipient that it only contains trouble, but these signs are easier for humans to pick up than they are for machine learning. The combination of good message hygiene and user education should be enough to deflect phishing attacks.

Using the Groups Admin Role

The Groups admin role was added to Office 365 in November 2019 to allow tenants to assign responsibility for day-to-day group management to specific users through interfaces like the Microsoft 365 Admin Center. The role is still relatively unknown and probably not used in many tenants. In this post, we discuss how to use PowerShell to assign the role to those allowed to create new groups.

Microsoft to Enable Recordings of Teams Meeting Recordings Outside Local Datacenter Region

In mid-February, Microsoft will roll out a change to allow Office 365 tenants in regions where the Teams and Stream services are not co-located to record Teams meetings for the first time. This might be good news for you, but it might also pose a data sovereignty issue because once you start using Stream in another region, that’s where the recordings will stay.

How to Generate an Activity Report for Microsoft 365 Groups and Teams

After a couple of years, it’s time to update the Office 365 Groups and Teams Activity Report script. Written in PowerShell, the script analyzes the groups in an Office 365 tenant to figure out if each group or team is in active use. Because it’s a PowerShell script, you can amend the code to your heart’s content.

Microsoft Retreats From 1TB Limit for Auto-Expanding Archives – For Now

In November, Microsoft set a 1TB limit for Exchange Online auto-expanding archive mailboxes. Now they’ve retreated and the latest service description says nothing about a limit. The two changes in the service featured little or no customer communications and a total lack of any supporting material, like administrative controls to help manage archive mailboxes approaching the limit. While a limit has gone for now, it will be back.

How to Post Microsoft 365 Roadmap Items to Teams Channels with PowerShell

Finding it hard to keep up to date with Office 365? This post describes how to use PowerShell to post recent Microsoft 365 roadmap updates to a Teams channel.The message cards hold details of what an update contains, its status, the posting date, and the technology categories the item covers. Apart from posting to Teams, the script also creates a CSV file holding details of all the roadmap items that you can use for reporting and analysis.

Microsoft Removing Legacy Office 365 eDiscovery Tools

Microsoft announced the retirement of legacy eDiscovery tools from Office 365. The Exchange Online in-place holds and eDiscovery tool, Office 365 Advanced eDiscovery 1, and the Search-Mailbox cmdlet are being retired. All will be gone by mid-2020. It’s a pity to see the Search-Mailbox cmdlet being removed, but time and progress make this kind of thing inevitable.

Antivirus Exclusions and the Teams Desktop Client

Like all applications, the Microsoft Teams client has some “hot” files that the app depends on. Antivirus software processing can affect app performance if it conflicts with the hot files. You can exclude the Teams hot files from antivirus processing to see if that helps performance. Like anything to do with antivirus software, it’s a question of balancing security and performance.

Office 365 Message Encryption (OME) Making Protected Email Better

Microsoft is releasing some updates to Office 365 Message Encryption (OME) in January. The detail in the announcement wasn’t great, so we plunged in to find out what’s happening. THe bottom line is that OME will use tenant domains to send email so that anti-spam filters will consider the messages to be authentic.

The End of Delve Blogs

Microsoft has announced that Delve blogs will no longer be supported in 2020. The news is unsurprising because Delve blogs have not been actively developed for several years. Office 365 tenants with content in Delve blogs must figure out where to move the content to. It might be the case that you don’t need to do anything because the content isn’t needed. If you do need to keep it, you could move Delve blog posts to SharePoint news or similar repositories.

Microsoft Launches Office 365 in Switzerland

Office 365 services are now available in Switzerland from Microsoft’s datacenters located in Geneva and Zurich. The services available include Exchange Online, SharePoint Online, and Teams. Swiss tenants will continue to access other services like Stream and Planner from Office 365 datacenters in other regions.

Teams Replaces Commercial Cloud Trial with Exploratory Experience

Microsoft Teams will soon offer users the chance to engage with an exploratory experience to see what Teams is all about. The new experience replaces the previous 1-year trial offer. Office 365 tenant admins who don’t want users to test software can disable the ability to sign up for trial apps and services in the Office 365 Admin Center.

Improved Role Management in the Office 365 Admin Center

The Office 365 Admin Center is a critical tool for tenant admins. Recently, Microsoft has improved the management of role assignments by providing a way to compare what different roles can do. The idea is that if you know exactly what a role enables people to do, you’re less likely to assign the wrong role to the wrong people.

Why Site Renames and Teams Private Channels Mean You Should Review the Usage of Get-SPOSite

The Get-SPOSite PowerShell cmdlet is used to fetch details about SharePoint Online sites. It works well, but some recent functionality upgrades means that script writers need to be more precise about how they use the cmdlet. Most scripts don’t need to process redirect sites or the sites belonging to Teams private channels, so why would you ask Get-SPOSite to fetch these sites?

Why We Write PowerShell (for Office 365) Like We Do?

Everyone’s PowerShell style is different. Here at Office365ITPros, we try and write code to help people understand what’s possible when working with Office 365. Our scripts are certainly not up to professional standard in that they’re incomplete in many ways (comments are always good). But the code works and proves what you can do, which we think is important.

How to Configure the Per-Site Anyone Link Expiration Policy for SharePoint Online Sites

You can use PowerShell to configure a customized per-site Anyone sharing link period for different sites. Public sites might have a 365 day period while more confidential sites might have a more restricted period. All it takes is the Set-SPOSite cmdlet to set the necessary properties and you have a customized policy.

Get Email Notifications When Office 365 Services Break

Office 365 is a complex place and service incidents happen all the time. When something breaks, it’s good to know what those problems are. A new feature in the Office 365 Admin Cemter enables you to get email notifications for service incidents that affect your tenant. It’s all goodness, as long as the email service you choose to receive notifications remains in operation.

How to Use PowerShell to Send a Welcome Message to New Office 365 Users

Multiple PowerShell modules are available to Office 365 administrators to automate common processes. In this case, we want to send a welcome message to new accounts. Three PowerShell modules are available, but what’s the best in terms of performance and ease of use? There’s only one answer and that’s Exchange Online.

Using the Immersive Reader in Teams and OWA

The Microsoft Immersive Reader exists to make messages more readable for those who need a little help. It’s built into Office apps like Teams and OWA. Most people don’t know this or don’t need to use the reader, but those who do need support to access and understand text will find the Immersive Reader very helpful.

Disable Self-Service Purchases for Power Platform Apps

The prospect of allowing user-controlled purchases of Power Platform apps in an Office 365 tenant maddened many administrators. Microsoft promised to release a method to allow administrators control self-service purchases in a tenant. The MSCommerce PowerShell module is now available. Here’s how to use it to disable self-service purchases.

Teams Updates PowerShell Module for Private Channels

Some new and updated cmdlets in a new version of the Teams PowerShell module are available to support private channels. The cmdlets and parameters are pretty straightforward for anyone used to working with Teams through PowerShell. Remember to read up and understand all about private channels before trying to work with them through PowerShell.

Use ORCA to Check Office 365 Advanced Threat Protection Settings

ORCA is a project to help Office 365 tenant administrators validate their anti-spam and anti-malware settings against recommendations from Microsoft. ORCA is installed as a PowerShell module with just one cmdlet. After running Get-ORCAReport, you’ll have a report containing recommendations and observations about your configuration.

SharePoint Online Gains New Office 365 Compliance Features

At the Microsoft Ignite 2019 conference, Microsoft described how SharePoint Online will use Office 365 compliance features such as sensitivity labels and information barrier policies to better protect information stored in SharePoint sites. The Office Online apps also gain support for sensitivity labels. The new features will enter a mixture of public and private previews starting November 20.

Disabling Azure Active Directory Service Principal Might Block Power Platform Self-Service Purchases

Microsoft annoyed many Office 365 tenant administrators when they announced plans to allow self-service purchases for the Power Platform apps. A curious note in the FAQ might reveal how tenants can block this feature. If self-services purchases depend on accessing your tenant directory, maybe you can disable the service principal that holds the role enabling that access.

Helping Office 365 Users Access Azure Active Directory MySign-Ins

Azure Active Directory now features the public preview of the My Sign-Ins feature, which allows users to see where their sign-ins originate and what applications are used to sign-in. It’s a nice idea but Office 365 users are unlikely to find the page. We can help by creating a custom tile with a link to the My Sign-Ins page. The tile appears in the Office 365 apps menu and makes it easy for people to access their sign-in data.