How to Report the MFA Status for Azure AD Accounts

When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.

How to Restrict the Audit Data for User Office 365 Activities Flowing to Microsoft

Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.

Teams Now Supports Dynamic Microsoft 365 Groups

The latest version of the Teams desktop and browser clients support the creation of dynamic teams based on dynamic Office 365 Groups. The functionality is welcome, as long as you can pay for it as every member who comes within the scope of a query used for a dynamic team needs an Azure AD P1 license.

Block Guest Members from Microsoft 365 Groups and Teams

By default, the Groups policy for an Office 365 tenant allows group owners to add guest users to group membership. You can block this access if necessary, but it’s probably not what you want to do as blocking brings guest access to a complete halt across the tenant.

Any Authenticated Users Permission Now Generally Available for Sensitivity Labels

Azure Information Protection rights management templates now support the Any Authenticated Users permission to allow Office 365 users to share email and documents with anyone who can authenticate with Azure Active Directory or has an MSA account or uses a federated service.

Existing Guest Accounts and the Azure B2B Collaboration Policy

When you impose a block on certain domains, you’d like to think that applications like Teams will respect that block. As it turns out, if you have some lingering guests in your Azure Active Directory, the B2B collaboration policy might not be as effective as you’d hope.

Office 365 E5 Accounts Now Keep Audit Log Data for 365 Days

Microsoft has updated its retention period for Office audit records from 90 to 365 days, but only for accounts with Office 365 E5 licenses. On another front, the problem with truncated audit records for Azure Active Directory events still persists.

Managing Guest Users in a Microsoft 365 Tenant

How many guest users does your Office 365 tenant have? And how many of those accounts are actually used? Given that many Office 365 applications now generate guest user accounts to facilitate external access to content, managing these accounts is a growing concern.

Org-Wide Teams Don’t Need Azure AD P1 Licenses

The prospect of having to pay for many Azure AD Premium P1 licenses just because you use an org-wide team is horrible to contemplate. But don’t worry. You don’t have to because the Teams developers look after membership updates for you.

Check Your Azure AD Accounts Before Adding Org-Wide Teams

Org-Wide Teams are a nice feature, but calculating their membership can be puzzling, as in the case of some perfectly valid accounts that were not added to a team. As it turns out, the error lies in Azure Active Directory.

LinkedIn Connects to Office 365

You can now connect Office 365 accounts to LinkedIn accounts (or block the connection at a tenant level). It’s a nice way to keep tabs on your LinkedIn contacts and find out what they’re doing with a simple click in an Office 365 people card.

How Microsoft IT Manages Microsoft 365 Groups

Details of how Microsoft IT manages its deployment of Office 365 Groups were discussed at the recent Ignite 2018 conference. It’s a good idea to write down the basic framework of your Office 365 Groups deployment, if only to understand how all the different policies and features fit together.

New Teams Administrative Roles Available in Azure AD

Microsoft has released four new administrative roles to help Office 365 tenants manage Teams. It’s a good thing and we were able to include the news in the September 20 update for Office 365 for IT Pros.

How to Synchronize AAD Security Groups with Microsoft 365 Groups

Security groups are often used to protect access to resources, but they can’t be used to control membership for Microsoft 365 Groups or Teams. If you want to use AAD security groups to control membership for Groups and Teams, you need to come up with a way to synchronize. PowerShell is available to do the job, and as it turns out, it’s not too difficult.

What that BOXServiceAccount Does in Office 365

Records featuring an account called BOXServiceAccount appear in the Office 365 audit log. Not much information is available about the account, but it’s all OK because it’s used to assign administrative roles to Office 365 accounts.

When Things Go Wrong in the Cloud It’s Hard to Look Where for Help

An outage in a U.S. datacenter on September 4 caused problems for Azure Active Directory with a ripple effect on Office 365. It’s a good example of how cloud services depend on each other, so when one fails, another has problems.

Using Dynamic Office 365 Groups with Teams

Some say that Microsoft Teams doesn’t support dynamic Office 365 Groups. Well, I couldn’t find anything formal on the topic and the teams that I have configured to use dynamic groups work well, so what’s the real scene? As it turns out, Microsoft is still working on the feature.

Microsoft to Support Google IDs for Azure B2B Collaboration

Microsoft has launched the preview of Google B2B Federation, which allows Google accounts to be used to access Azure AD apps. Quite how this will work out for apps that use guest user accounts is unknown at this point.

Losing the Last Name, First Name Legacy

Office 365 Gravtar

A recent post by MVP Mark Vale describes how to use synchronization transformation rules in AADConnect to change the last name, first name format (for example, Smith, James) for display names to a more user-friendly first name last name format (our example becomes James Smith) for accounts as they synchronize to Azure Active Directory from an …