Creating a Dynamic Office 365 Group for Global Administrators

A reader asks if it’s possible to create a dynamic Office 365 group for global administrators. Well, it is and it isn’t. Azure Active Directory doesn’t give us the ability to execute the right kind of query to find global administrators, but with some out-of-the-box thinking, we can find a way to accomplish the task.

Advertisements

Office 365 Groups Naming Policy Now Configurable in Azure Active Directory Portal

The Groups section of the Azure Active Directory portal now includes a preview of a feature to configure the Office 365 Groups naming policy without going near PowerShell. Although those proficient with scripts and GUIDs will lament this sad reduction in standards, the normal administrator will welcome the chance to forget some obscure syntax.

LinkedIn Connector for Office 365 Uses Group to Control Users Allowed to Access Contacts

The LinkedIn connector for Office 365 now uses a group to control the set of user accounts allowed to connect their accounts to LinkedIn. It’s a good change because it makes the connection easier to manage. Even so, you might still need to use PowerShell to manage the membership of the group, especially if you want to add multiple people to the group at one time.

Eliminating Basic Auth for Exchange Online with AAD Conditional Access Policies

Exchange Online protocol authentication policies control what protocols a user can connect to mailboxes with, but it would be much better if we didn’t have to worry about some old and insecure protocols. Azure Active Directory gives Office 365 tenants the chance to clamp down on IMAP4 and POP3 connections and close off some of the holes that attackers try to exploit. Microsoft says that this can lead to a 67% reduction in account compromises, so that’s a good thing.

Office 365 Groups Naming Policy Now Generally Available

The Office 365 Groups Naming Policy is now generally available. The policy has taken nearly two years of preview to not get very far, but at least it’s now an official part of the service. Microsoft considers the naming policy to be an Azure Active Directory Premium feature. Many customers might think differently, especially because the naming policy must be implemented through PowerShell and can easily be mimicked through PowerShell. And of course, Exchange Online’s distribution list naming policy is free.

Azure Active Directory Still a Weakness for Office 365

The January 24-25 Azure Active Directory outage demonstrated once again how important AAD is to Office 365. Microsoft’s Post Incident Report tells us what happened to deprive 1% of the users in Europe of service. That doesn’t sound a lot, but you’d be mad if you were affected.

Azure Active Directory Feature Bans Custom Words from User Passwords

Making sure that Office 365 user (and administrator) accounts have good passwords is a never-ending task. A new preview feature in Azure Active Directory helps by ensuring that users can’t include common words specific to the organization (like its name) in a password. It’s another piece in the puzzle to frustrate potential attackers.

Populating Team or Group Membership from Distribution Lists

Exchange Online distribution lists can be used to populate the membership of Office 365 Groups or Teams by applying a little PowerShell magic. Here’s how.