How Teams System Messages Can Give Away Personal Secrets

Do people read the notifications posted by Teams to the General channel of a team when someone joins or leaves the membership? Maybe they don’t take much notice, but these messages can tell you that someone has joined or left the company. If you think that Teams should have a setting to suppress “add member” messages for a team, consider supporting the User Voice suggestion on the topic.

What’s Happening with the MailItemsAccessed Audit Event

Microsoft launched the MailItemsAccessed audit event (to capture when email is opened) in January, reversed the roll-out in April, and now might restart sometime in Q3. It’s an odd situation that isn’t really explained by a statement from Microsoft. Are they going to charge extra for this audit event? Will they be analyzing the events? Or does Office 365 capture too many mail items accessed events daily?

Microsoft Reveals Secrets of SharePoint Online Storage

Have you ever wondered how Microsoft secures SharePoint Online and OneDrive for Business data? Well, a recent article explains it all, and it is fascinating reading. Chunks and keys and blobs and encryption. A must-read article for anyone interested in SharePoint security.

Stopping New Employees Appearing in Org-Wide Teams

Org-wide teams are great because they feature automatic membership management. But sometimes you don’t want new Office 365 accounts showing up in org-wide teams. The solution is to create the account with some dummy details to mask the identity of the real person and update the account after they join the company.

Important Change to SharePoint Online Retention Policy Processing

Microsoft is changing how the removal of an Office 365 retention policy affects the data held in the SharePoint Online Preservation Hold Library. Instead of an immediate purge, data will be kept for a period to allow administrators to recover it. Sounds like a good idea and it should help people rescue a situation when someone removes a retention policy in error. That is, if they notice that the policy is no longer in effect for a site.

Removing Office 365 Accounts Fast

Removing Office 365 accounts is easily done through the Admin Center. You can also restore deleted accounts within 30 days, but what if you want to remove accounts in such a way that they can’t be restored? The answer is that it can be done using a two-stage process. And if the mailboxes belonging to those accounts are on hold, they are kept as inactive mailboxes.

Three New Themes Available for Office 365

Much to our surprise, this blog is covering the availability of three new Office 365 browser themes. We’re only doing this so that we can avoid including it in the Office 365 for IT Pros eBook. We know this will upset some people, especially fans of the unicorn theme, but we really have to draw the line somewhere when deciding what should be in the book.

Excluding Inactive Mailboxes from Org-Wide Retention Holds

Exchange Online supports inactive mailboxes as a way to keep mailbox data online after Office 365 accounts are removed. Inactive mailboxes are available as long as a hold exists on them. You can update mailbox properties to exclude all or some org-wide holds. If you exclude holds from a mailbox, you run the risk that Exchange will permanently remove the mailbox. If that’s what you want, all is well, but if it’s not, then you might not be so happy.

CISA Report Only Scratches Surface of Securing Office 365

The CISA report titled “Microsoft Office 365 Security Observations” makes five recommendations to improve security of an Office 365 tenant. The recommendations are valid, but competent administrators won’t take long to implement them. In fact, the worst thing is that consultants brought in to help organizations didn’t seem to have much expertise in securing Office 365.

The Sad Case of Truncated Office 365 Audit Events

On May 7, Microsoft eventually fixed a truncation bug that affected group events (creation, add member, etc.) ingested into the Office 365 audit log. The fix took far too long coming and the overall response is certainly not Microsoft’s finest hour. Audit events, after all, are pretty important in compliance scenarios and it’s not good when those events are incomplete.