You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.
Outlook for Windows has a Groups menu bar which is displayed when conversations in a Microsoft 365 group are accessed. A new Teams button is available to bring users to the General channel of team-enabled groups. It’s an interesting decision by Microsoft to add the button because I am not quite sure if any need exists for such a facility.
Outlook for Windows has supported Microsoft 365 Groups since 2015. The developers chose a seen/unseen model for Groups, but now Outlook has switched to a read/unread model, meaning that the unread counts for Groups can suddenly seem much higher than before. It’s a one-time change that aligns Outlook desktop with OWA and Outlook Mobile and there’s an easy way to set all unread items to be read. But you might want to tell people that this change is coming!
You can apply an Office 365 Sensitivity Label to control different aspects of Groups, Teams, and Sites. One of the settings controls whether guest users are allowed in group membership. We explain how to use PowerShell to search groups assigned a label to block guest access for existing guests, just in case you want to remove them.
In the latest example of rebranding wizardry, Microsoft has announced that Office 365 Groups are becoming Microsoft 365 Groups. You’d wonder if the rename is just to keep the marketing people happy. But maybe the new name reflects what Office 365 Groups have become. Less of a collaboration platform and more of a membership service for Microsoft 365 apps.
Writing code to illustrate a point sometimes falls into the trap that things don’t work so well when you scale things up. Take Graph calls for instance. Code that works well with 100 teams isn’t so good with 4,000. The solution is to keep on telling the Graph to fetch data until it’s all in the safe hands of PowerShell, and then process it.
Office 365 Groups (and their underlying teams and sites) can be removed by user action or automatically through the Groups expiration policy. By examining records in the Office 365 audit log, we can track exactly when groups are soft-deleted followed by permanent removal 30 days later. All done with a few lines of PowerShell and some parsing of the audit data held in the records.
A question asked how to be notified when people delete Teams. The answer lies in the Office 365 audit log, and once we’ve found out when Teams are deleted are who deleted them, we can notifications to administrators via email or by posting to a Teams channel. The administrators can then decide if they should restore the deleted team or let it expire and be permanently deleted after 30 days.
The Groups admin role was added to Office 365 in November 2019 to allow tenants to assign responsibility for day-to-day group management to specific users through interfaces like the Microsoft 365 Admin Center. The role is still relatively unknown and probably not used in many tenants. In this post, we discuss how to use PowerShell to assign the role to those allowed to create new groups.
After a couple of years, it’s time to update the Office 365 Groups and Teams Activity Report script. Written in PowerShell, the script analyzes the groups in an Office 365 tenant to figure out if each group or team is in active use. Because it’s a PowerShell script, you can amend the code to your heart’s content.
At the Ignite 2019 conference in Orlando, Microsoft announced that Office 365 Groups will soon support sensitivity labels, but only to mark group containers with levels of sensitivity. The actual content of the containers, like the messages in Outlook Groups or Teams, will remain unaffected by the labels. For now.
Office 365 applications create lots of Azure Active Directory guest accounts. Here’s how to find old accounts and check their Office 365 group membership. If you know the accounts that are old and stale and aren’t members of any Office 365 group, you can consider removing them from your tenant.
You can configure Send As and Send on Behalf of permissions to allow Exchange Online users to send messages for an Office 365 Group. All is well if the messages arrive, but if they don’t, the NDRs might not get to where you think they should go, such as a folder in the Recoverable Items structure. That’s OK if the sender was told that a problem exists with a message, but they don’t know anything happened.
Office 365 Connectors are used to bring information from network sources into Office 365 Groups, Teams, and other apps. Microsoft retired the Facebook connector on September 4, so that’s one network source that won’t be used as a conversation starter in the future. Microsoft’s telemetry says that the Facebook connector isn’t used much, except by us (of course).
It’s easy to create a list of group-enabled SharePoint Online sites using the Get-SPOSite cmdlet. But it’s much more interesting to probe a little deeper to uncover extra information about the group using the GroupId property returned if you specify the Detailed parameter. This post explains a PowerShell script written to examine the possibilities, including how to highlight sites belonging to deleted groups that are kept by retention policies.
A reader asks if it’s possible to create a dynamic Office 365 group for global administrators. Well, it is and it isn’t. Azure Active Directory doesn’t give us the ability to execute the right kind of query to find global administrators, but with some out-of-the-box thinking, we can find a way to accomplish the task.
The new version of OWA boasts new abilities for owners to manage Office 365 Groups. The new UI is pretty slick and a welcome upgrade to the previous capabilities. You’ll still need to revert to PowerShell to manage some aspects of Office 365 Groups, but not as many times as you used to.
A reader wants the benefits of dynamic Office 365 groups without having to pay for Azure AD premium licenses. It’s relatively straightforward to maintain the membership of a group with PowerShell. That is, if your directory is accurately populated and the right results are returned when you look for who the set of group members should be.
How best to add every team in your tenant to the Office 365 Groups Expiration Policy? Well, one way is to check all groups for Teams. Another is to use Get-Team to return the set of teams and process those. But then you should think about how to mark the teams that are in the policy in such a way that you don’t process them again. It’s easy to do this with one of the Exchange Online custom attributes.
The Groups section of the Azure Active Directory portal now includes a preview of a feature to configure the Office 365 Groups naming policy without going near PowerShell. Although those proficient with scripts and GUIDs will lament this sad reduction in standards, the normal administrator will welcome the chance to forget some obscure syntax.
One of the great things about Teams is the way that it orchestrates Office 365 resources like SharePoint Online sites. The downside is that a tenant’s valuable SharePoint storage quota might be absorbed by a profusion of Teams. To offset the problem, you can apply lower limits to sites belonging to Teams and the best approach is to use PowerShell for the job.
The Office 365 Groups Naming Policy is now generally available. The policy has taken nearly two years of preview to not get very far, but at least it’s now an official part of the service. Microsoft considers the naming policy to be an Azure Active Directory Premium feature. Many customers might think differently, especially because the naming policy must be implemented through PowerShell and can easily be mimicked through PowerShell. And of course, Exchange Online’s distribution list naming policy is free.
A recent article prompted a check to see whether a PowerShell recommendation made sense and delivered better performance when executing a command to extract the membership of Office 365 Groups performance. As it turns out, the recommendation is valid, but whether you notice any difference is arguable.
It’s easy to create a webhook connector to post information to a team channel or an Microsoft 365 group. What might not be quite so easy is formatting the JSON payload. Here’s how to use a template card to simplify the process.
Encrypted email is becoming more common within Office 365. Things usually flow smoothly when sending protected messages to email recipients, but other Office 365 recipient types like Teams and Yammer might not be able to handle protected email.
Now that we know all about the different email addresses used by Office 365 Groups and Teams, the question arises of how to include a team channel as a member of a distribution group. As it turns out, there’s a simple way and a more complicated way.
Exchange Online distribution lists can be used to populate the membership of Office 365 Groups or Teams by applying a little PowerShell magic. Here’s how.
A reader asked if it is possible to add an administrator account to every Office 365 Group. This feature doesn’t exists OOTB, but it’s an easy task to script with PowerShell.
Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.
The latest version of the Teams desktop and browser clients support the creation of dynamic teams based on dynamic Office 365 Groups. The functionality is welcome, as long as you can pay for it as every member who comes within the scope of a query used for a dynamic team needs an Azure AD P1 license.
Office 365 doesn’t include a way to export a list of Teams in a form that can be imported by Power BI, but PowerShell makes it an easy task to accomplish. Here’s a script to help solve the problem.
By default, the Groups policy for an Office 365 tenant allows group owners to add guest users to group membership. You can block this access if necessary, but it’s probably not what you want to do as blocking brings guest access to a complete halt across the tenant.
When you impose a block on certain domains, you’d like to think that applications like Teams will respect that block. As it turns out, if you have some lingering guests in your Azure Active Directory, the B2B collaboration policy might not be as effective as you’d hope.
How many guest users does your Office 365 tenant have? And how many of those accounts are actually used? Given that many Office 365 applications now generate guest user accounts to facilitate external access to content, managing these accounts is a growing concern.
Details of how Microsoft IT manages its deployment of Office 365 Groups were discussed at the recent Ignite 2018 conference. It’s a good idea to write down the basic framework of your Office 365 Groups deployment, if only to understand how all the different policies and features fit together.
Security groups are often used to protect access to resources, but they can’t be used to control membership for Microsoft 365 Groups or Teams. If you want to use AAD security groups to control membership for Groups and Teams, you need to come up with a way to synchronize. PowerShell is available to do the job, and as it turns out, it’s not too difficult.
Some will tell you that you can figure out what resources an Office 365 Group is connected to by checking the ProvisioningOption property with the Get-UnifiedGroup cmdlet. Well, you can’t. If you want to do something like check for team-enabled groups, you’ll need a different approach.
A demo to show how easy it is to use PowerShell to manage Office 365 Groups and Teams was progressing nicely at the UK Evolve conference when a problem happened with code that used to run perfectly. Sounds like a normal programming situation, but in this case, Microsoft had changed the format of Office 365 audit records for Azure Active Directory operations. That’s not so good. What’s worse is that some essential data is now missing from the audit records.
Hanging on to old email habits is a bad idea, especially if you use a cloud service like Office 365 where Microsoft introduces a steady stream of new features. The worst bad habit is password sharing. It’s time to stop this now.
Some say that Microsoft Teams doesn’t support dynamic Office 365 Groups. Well, I couldn’t find anything formal on the topic and the teams that I have configured to use dynamic groups work well, so what’s the real scene? As it turns out, Microsoft is still working on the feature.