The Ultimate Guide to Mastering Microsoft 365
The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can update elements through the admin center or PowerShell. This article explains how to use the Microsoft Graph PowerShell SDK to customize the sign-in text and background image for the sign-in screen.
Recent attacker activity made me think that access might have been gained through an OAuth app. Keeping an eye on app permissions is important. From a PowerShell perspective, it is reasonably straightforward to retrieve details of app permissions using the Microsoft Graph PowerShell SDK. Several methods are available to do the job.
Microsoft plans to change the way that the Teams website channel tab works in early April 2024. Instead of the client opening a site, a new browser tab opens. Microsoft says that the change better aligns with best practice for web security and privacy. Even so, it creates an administrative challenge to find what teams have website channel tabs that might need to be adjusted. Fortunately, we have a script to do just that.
Lots of hype surrounds Copilot for Microsoft 365, but I like the way that Copilot for Teams extracts real value from meeting transcripts to generate meeting notes. Even better, Copilot for Teams allows meeting participants to interrogate the transcript to find questions asked and answered (or not) among other capabilities. It’s one of the most obvious ways to extract value from Copilot.
MC705357 (9 Jan 2024) says that the dynamic group rule builder in the Entra ID and Intune admin centers no longer supports the contains and notContains operators. There’s no real cause to worry because existing rules continue to work and if you need to use contains or notContains in a membership rule, you can edit the rule manually.
Microsoft’s January 15 announcement reduced deployment costs and opened the possibility for Copilot for Microsoft 365 deployments to many Office 365 tenants. Reducing costs is great, but just because Copilot for Microsoft 365 is now available to many more tenants doesn’t mean that it is a silver bullet to address all IT woes.
The essence of a good teams naming convention is simplicity and clarity. This article explains why those aspects are so important in terms of helping users. We suggest some guidelines that tenant administrators can use to make sure that their team names are simple and clear.
Entra ID registered apps can authenticate using app secrets and certificates. These credentials expire over time, so it’s good to review app credential expiration dates periodically. This article explains how to use the Microsoft Graph PowerShell SDK to generate a report about app credential expiration dates to allow tenant administrators to manage registered apps a little better…
Document mismatch notifications tell users when they apply a higher-priority sensitivity label to documents than applied to the site. Some organizations don’t like these messages because they think the notifications confuse recipients. In this article, we discuss how to use a mail flow rule to redirect the messages to an address who can help people understand how to use sensitivity labels.
Entra ID supports user extension attributes but the same facility is unavailable for group objects. That seems strange, but it might be due to the way that Entra ID thinks about group object. In any case, it’s an inconsistency that Microsoft should address. Also covered is how to report problems with Graph SDK cmdlets and a new function to help you understand the permissions needed to run a script.
Audit events generated for the new Stream look like any other SharePoint Online event. Extracting the Stream audit events takes a little more effort than before when Stream classic generated its own dedicated set of events. In this article, we examine the advanced Stream audit events that are apparently coming to Purview Audit standard customers and how to extract the Stream audit events from the unified audit log.
The Stream browser app has received a bunch of recent enhancements, some of which are still deploying to tenants. The changes make it easier for Microsoft 365 tenants work with video. While investigating recent changes, we found some stuff that works well and some limitations that we never knew about before.
A new Share Someone’s Contact Info feature is available for Teams one-to-one and group chats. The option inserts a link to the person’s profile card in a chat message. Contact information can only be shared for members of the tenant (guests are unsupported). It’s a small but useful addition to Teams chat.
Password profiles store the password settings for Entra ID user accounts. By updating the password profile, you can update an account’s password and force actions like force the user to change their password on the next sign-in or force the user to enable multifactor authentication for the account. All done with cmdlets from the Microsoft Graph PowerShell SDK.
In message center notification MC703706 Microsoft announces yet another attempt to retire the Search-Mailbox cmdlet. This time it’s due to happen in March 2024. I don’t mind Microsoft removing old technology from its products, but it’s important that the old functionality is replaced by newer, better technology. And that’s not the case here. At least, not so far.
This article explains how I use custom document properties with SharePoint Online to track the topics covered by blog articles that I write. The custom document properties allow me to track where and when articles appear and the technology areas covered in their text. It’s a very easy update that can be applied in many situations where SharePoint is used to store documents.
A new beta Graph API supports the creation of a Viva Engage community. This article explains how to use the Graph SDK to create a new community with the API. It’s the start on the transition from the old Yammer APIs to fully embrace the Graph API.
Copilot for Word reference documents help to ground the prompts sent to LLMs for processing. The documents can be too large, which means that their contents aren’t fully taken into account when the LLM processes the prompt. This might or might not be an issue.
The January 2024 update for the Office 365 for IT Pros eBook is available for subscribers to download from Gumroad.com or Amazon. Like any monthly update, the January 2024 update is packed full of changes across the content chapters. Readers should download the updated files as soon as convenient to make sure that they have the most up-to-date information available.
A question came in about how to report admin consent requests as viewed through the Entra ID admin center. PowerShell does the trick, once you know how. The key thing is to find the right cmdlet to use. Once you know that, the rest is pretty easy as we explain in this article.
This article describes how to block welcome messages for new members of Microsoft 365 groups using a resource behavior option (a group setting). This is an immutable setting that prevents the Groups service sending welcome messages to new members. You might want to take this approach when creating team-enabled groups.
The Sensitive by Default control allows tenants to prevent external access to newly uploaded documents until DLP processing checks their content. The idea is to close off the opportunity external users have to access control between its upload and DLP scanning of the content. You can combine the sensitive by default control with sensitivity labels to exert maximum control over confidential material.
Microsoft plans to make an eDiscovery hold report available to tenants in January 2024. This article explains how to use PowerShell to create a similar report. Without seeing what Microsoft plans, it’s hard to create a perfect replica, but it will be possible to upgrade the script once Microsoft reveals their hand.
The Delve web app will be deprecated by Microsoft in December 2024. It’s the end of a line for an app that once promised to reimagine search. The problem is that Delve never achieved much traction within Office 365 and its functionality never increased. In fact, Delve seemed to lose features over the years. Delve now joins apps like Sway and StaffHub as artifacts of Office 365 development and evolution.
OAuth apps are a big part of the extensibility picture for Microsoft 365 tenants. As such, they are targeted by attackers as a good way to gain access to data. In a recent security blog, Microsoft recommends some steps to secure tenants. We’ve covered most of them in other articles, but it’s always good to pull the story together and rewrite a script to make it easier to report consent grants for apps.
Copilot for Word is an application-specific implementation of Microsoft 365 Copilot. Amongst its capabilities, Copilot can generate and rewrite text. In this article, I explore the experience of interacting with Copilot for Word to generate text that could be used for articles and to rewrite paragraphs from real articles.
Microsoft’s security strategy is all about AI with Security Copilot leading the charge. Even in a world of AI tools, knowing how to use KQL and Sentinel is key. After all, AI might be able to identify potential problems and fix some of issues, but sorting out situations needs a certain level of basic knowledge to guide the AI to a successful conclusion.
For whatever reason, it’s not possible to update the Default MRM policy to add the DeletedItems retention tag to process items in the Deleted Items folder. All attempts to add the tag fail and Exchange Online doesn’t signal any errors. Is this part of Microsoft’s cunning plan to prompt tenants to use Microsoft 365 retention?
The preview app instance property lock feature designed to improve the security of Entra ID registered apps is becoming the default for new apps. In this article, we describe how to update the app instance property lock to reflect the new default setting using cmdlets from the Microsoft Graph PowerShell SDK, including a script you can download and run.
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in action against user accounts. The new property is available through the Graph beta endpoint. Quite a difference can exist between the last successful sign in and the last sign in, as explored in this article.
Conditional access policies control access to Entra ID connections. Policies should have exclusions for breakglass accounts, but sometimes this doesn’t happen. This article explains how to use cmdlets from the Microsoft Graph PowerShell SDK to check conditional access policies and update policies with exclusions where necessary.
Cloudy attachments are links to files sent in messages. An auto-label policy can capture copies of cloudy attachments and make them available for eDiscovery. Sounds good, but you need Office 365 E5 or above licenses to use an auto-label policy and Purview eDiscovery (premium). Even so, it’s a nice example of applying technology to solve a problem, even if it does use up some valuable SharePoint Online storage quota.
Exchange Online keeps message trace data online for 10 days and that’s what’s normally used to check for unused distribution lists. Checking over 90 days is obviously much better, and we can do this by checking against historic message trace data. All explained here with a script to do the job.
SharePoint Embedded is a new Microsoft offering for application developers. The big upside is that apps can take advantage of the Microsoft 365 ecosystem. Cost is the potential downside. Microsoft will charge using a pay-as-you-go model, but estimating the likely cost could be difficult until more experience about how apps use SharePoint Embedded emerges.
The December 2023 update (monthly update #102) for the Office 365 for IT Pros eBook is now available for subscribers to download. While Microsoft has become obsessed with AI and Copilots, we’ve stayed focused on getting real work done with the tools available to most Microsoft 365 tenants. That seems like a more intelligent way for us to work than becoming fixated on technology that only some tenants can aspire to use.
A new setting in OWA options allows users to choose to preserve declined meetings. Keeping details of declined meetings can help users to find information included in meeting details of data created during meetings like chats and meeting summaries, or forward the meeting to someone else if needed.
Now available for OWA and the Monarch client, Outlook voice dictation allows users to compose the body text of messages with speech-to-text transcription. A limited set of languages are available for now, but more to come. Learning how to compose email with speech is an acquired art and might required some AI help to produce acceptable results.
Not everyone likes to respond to email with an emoji, which is why the options to disallow Outlook reactions through clients or mail flow rules exist. Everything revolves around the x-ms-reactions message header, which is what Exchange Online uses to understand if people can respond to email with emojis.
The European SharePoint, Office 365, and Azure Conference (ESPC 2023) starts in Amsterdam on Monday, November 27. There’s lots of Copilot and Viva content at the event, but a disappointing lack of coverage of Exchange Online and Entra ID, both of which are essential to any Microsoft 365 deployment. Oh well… you can’t have everything and ESPC 2023 will be a great event.
Teams background blur now comes in two flavors. The standard blur is what we’ve had since 2018. The new portrait blur applies a more subtle level of blurring and doesn’t obscure background details as much as the standard blur option. It’s a small but interesting addition to the range of video effects people can use during Teams meetings.