Office 365 licenses can seem complex, especially when you descend to the level of multi-product license plans. PowerShell makes it easy to generate a quick and simple report of who’s been assigned which license. And best of all, because the code is PowerShell, you can amend it to your heart’s content.
Azure Active DIrectory is getting a slimmed-down background image to help with bandwidth-constrained locations. Office 365 tenants with custom backgrounds won’t see the change. Customizing the appearance of the sign-in screen is easy if you prepare. And to finish up, we have pointers to a set of videos about how Azure Active Directory authentication works.
Teams supports federated guest access for Gmail accounts using the identity provider framework of Azure B2B Collaboration. Office 365 tenants must first decide if they want Gmail accounts as guests in all or some teams before going down the federation route. Why Teams and not other Office 365 apps? It’s all to do with the endpoint used by the client to connect. If it can handle federation, all good. If not, it’s standard Azure B2B Collaboration.
Microsoft annoyed many Office 365 tenant administrators when they announced plans to allow self-service purchases for the Power Platform apps. A curious note in the FAQ might reveal how tenants can block this feature. If self-services purchases depend on accessing your tenant directory, maybe you can disable the service principal that holds the role enabling that access.
Azure Active Directory now features the public preview of the My Sign-Ins feature, which allows users to see where their sign-ins originate and what applications are used to sign-in. It’s a nice idea but Office 365 users are unlikely to find the page. We can help by creating a custom tile with a link to the My Sign-Ins page. The tile appears in the Office 365 apps menu and makes it easy for people to access their sign-in data.
Office 365 Informatiom Barriers allow tenants to erect communication firewalls between different groups. Teams supports Information Barriers, but currently has a problem adding new guest accounts to team memberships. An easy workaround exists, but debugging what’s going on is difficult because of the lack of clues.
Office 365 applications create lots of Azure Active Directory guest accounts. Here’s how to find old accounts and check their Office 365 group membership. If you know the accounts that are old and stale and aren’t members of any Office 365 group, you can consider removing them from your tenant.
Office 365 makes extensive use of Azure Active Directory guest accounts. Implementing a risky sign-in policy is a good idea, but it can have the unfortunate side-effect of suddenly blocking guest accounts that could previously access tenant resources. If blocks happen, they can only be lifted through administrative intervention in the guest account’s home tenant.
Microsoft makes a strong case that all Azure Active Directory accounts should be protected with multi-factor authentication (MFA). That’s a great aspiration, but the immediate priority is to check accounts holding admin roles. This post explains how to use a PowerShell script to find and report those accounts.