The only always up-to-date eBook about the Microsoft 365 cloud Office system, covering Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Planner, Azure Active Directory, and more
Exchange retention tags can be assigned to mailbox folders. In this article, we explain how to retrieve details of folder and personal tags assigned to folders plus the default archive and delete tags defined in the mailbox retention policy. We also explore if it’s possible to report retention tags assigned to individual messages and conclude that it’s not worthwhile.
On July 31, Microsoft announced that Clipchamp for Work will roll out to targeted release Microsoft 365 commercial tenants in the next few weeks. Although it’s good that Microsoft 365 tenants will get a very capable video editor, the goodness of the announcement is reduced by the fact that Microsoft is not making Clipchamp for Work available for Office 365 enterprise SKUs. That seems like a great pity, but it’s all part of Microsoft’s plan to nudge customers toward Microsoft 365.
Monthly update #98 is available for the Office 365 for IT Pros eBook. Subscribers can download the updated files from Gumroad.com (PDF/EPUB) or Amazon (Kindle). Lots happened during July, some of which like Microsoft 365 Copilot and the Microsoft 365 Archive and Backup products, can’t be covered in the book until the software appears in public preview. But that’s the great thing about a book like Office 365 for IT Pros. Because we update the entire book every month, we can track and report on new solutions as they appear and we gain experience with them.
At the Inspire conference, Microsoft briefed their partners about the Microsoft 365 Backup and Microsoft 365 Archive products they plan to launch at some time in the future. Microsoft’s biggest advantage is their access to data and the speed at which they can process the information. Whether this gets people past the “all digital eggs in the Microsoft basket” issue remains to be seen.
Stream video playback in Teams chats and channels is now inline, meaning that the video plays direct without any need to call the Stream browser client. It’s a good update that makes watching Stream videos a very seamless experience. It would be nice if Microsoft can improve some other integration points where Stream and Teams touch because some of the other integration features don’t work so well. In other news, SharePoint Online is rationalizing how it stores user photos.
Microsoft’s FY23 Q4 results wrapped up another strong year for Microsoft Cloud revenues. The $111.6 billion (actual) and $121.2 billion (run rate) results continue a strong record of growth. In other numbers, Entra ID now supports over 610 million monthly active users and EMS has over 256 million. All in all, lots of use for the Microsoft Cloud.
An update coming soon increases the channel limit for regular and shared channels to 1,000. That should be enough Teams channels for anyone. Then again, a case can be argued that 25 channels should be enough to organize discussions for any team. In any case, you’re going to have the opportunity soon to create channels to your heart’s content. That is, until you reach the 1000-channel; limit.
Automated generation of Stream transcripts resumes in August. It’s a nice feature to have because a transcript makes it much easier to follow what’s happening as people discuss topics during online events. Stream transcripts won’t be generated for existing videos. If you want those transcripts, you’ll have to generate them manually.
A new Maybelline video filters app allows Teams meeting participants to enhance their appearance during or before a meeting. 12 filters are available to apply AI-powered enhancements based on a 70-point map generated from a user’s face. It’s good if a filter helps you feel better about yourself when you join a call, but I can’t help thinking that maybe Microsoft could work on more important functionality?
Microsoft has added a machine learning feature to Entra ID Access Reviews. The new feature checks affiliation between users and the group being reviewed. It’s an interesting idea, but only if the manager-employee relationships in your directory are accurate because that’s what Entra ID Access Reviews use to check affiliation. Microsoft Entra ID Governance licenses are needed for the new features… Another $7/user/month!
Sensitivity Label PDF support is now available in SharePoint Online and OneDrive for Business. In effect, this means that SharePoint can protect and process PDFs in the same way as it handles Office documents. Given the widespread use of PDFs in many organizations, this is an important step forward for those wishing to protect their most sensitive information.
Microsoft has announced that they will deliver Microsoft 365 Backup for Exchange, SharePoint, and OneDrive in public preview in late 2023. Microsoft has several advantages when it comes to access to data and ability to update APIs, but it also has to cope with the putting all eggs in one basket syndrome. We don’t know how Microsoft will charge for Microsoft 365 backup, but it’s likely to be on a consumption basis.
Microsoft is making it easier for owners of Teams shared channels to request help if they run into a trust problem when adding a member from another domain. If Teams detects a problem with a missing trust, it flags the error to the channel owner and offers a link to a web page to seek additional support. Of course, the tenant might decline to trust the domain the channel owner wants to use, but that’s a different story.
Outlook Monarch controls are available to help with the deployment of the new Outlook for Windows client in a mixture of Exchange settings and registry entries. You can block users from using the new client or adding consumer email accounts to Monarch. And best of all, you can disable the “try the new Outlook” toggle until you’re ready for people to plunge into the brave new world of the revamped Outlook for Windows.
Restricted administrative units (preview) are a new mechanism to support scoped management of Entra ID user accounts, devices, and security groups. You’ll need Premium P1 licenses for the accounts assigned management roles for these AUs, but that seems like a small price to pay for the functionality.
Microsoft announced that they are rebranding Azure AD to become Microsoft Entra ID. This is just a name change and no functionality or licenses are affected. It’s simply yet another Microsoft rebranding exercise like Microsoft 365, Purview, and Defender. The name change will start in the latter half of 2023 and be completed by 2024.
PIM, or Privileged Identity Management, is a solution for managing the assignment of privileged Entra ID roles to users and groups. PIM role assignments can be active or eligible. If you report “normal” role assignments, you only see the currently active set. Some more processing is needed to fetch the PIM assignments. Here’s our version of a script to do the job for holders of the Exchange administrator and Global administrator roles.
SharePoint Online makes extensive use of file versioning. Coming in November 2023, we will see SharePoint Intelligent Versioning based on usage and the probability that a version will be needed for a restore. The new intelligent mechanism will replace the current method of setting a fixed version count for document libraries. Sites that need fixed version counts can continue, but SharePoint intelligent versioning should become the default when the feature reaches general availability in early 2024.
The Microsoft Graph PowerShell SDK V2 attained general availability on July 4, 2023. Microsoft did a horrible job of announcing the news, but now that the SDK V2 is available, it’s time to migrate scripts from earlier versions. Splitting the V1.0 and beta cmdlets into different modules is a big difference, as is renaming the beta cmdlets. But other points exist to consider as you migrate from the Microsoft Graph PowerShell SDK V1 to V2.
Microsoft announced that they are rolling out a refresh for the Teams Admin Center search feature. Useful as it can be, TAC search can output odd results. That’s a pity because the TAC search feature would be a whole lot better if its results were less profuse and more reliable.
Up to now, the Microsoft Graph PowerShell SDK has not included a cmdlet capable of reporting the renewal dates for Microsoft 365 subscriptions. A new beta Graph subscriptions endpoint is a method to retrieve the renewal information. Even if you can’t use an off-the-shelf cmdlet, you can still get the data.
It would be nice to report that Microsoft’s new My Groups page delivers great user-centric group management portal, but it doesn’t. My Groups can’t deal with distribution groups (lists), which is surprising because distribution lists are a valid Azure AD group type. What’s worse is that the OWA option to manage distribution lists doesn’t work any more. There’s little evidence of Microsoft joined-up thinking here.
Microsoft released details about the deployment schedule for the new Teams client (2.1) on June 30, 2023. It looks like a lot of work to roll out the new Teams client will happen over the remainder of 2023. It seems like tenants can use the classic Teams client for at least until mid-2024, but soon there’ll only be one Teams client in use, and that’ll be Teams 2.1.
The Tenth edition of Office 365 for IT Pros, the only always up-to-date eBook covering Microsoft 365 Office services is now available for EPUB/PDF and Kindle. Existing subscribers for the EPUB/PDF version can upgrade to the 2024 edition for a low cost (and should have an email to tell them how). The new book is based on the 2023 edition but is completely revised and updated with changes and new material.
The SharePoint Preservation Hold Library is where files needed for retention or hold purposes are stored. In the past, the library stored separate copies of each version of a retained file. Now it stores files complete with the entire version history, which is more intelligent and means that SharePoint consumes less storage for retention.
The need to find SharePoint documents with sensitivity labels might arise during a tenant divestiture to decrypt the documents before the split. As it turns out, searches against the SharePoint InformationProtectionLabelId property is a good way to find the files. After that, the need arises to decrypt the documents, which is where Microsoft Purview eDiscovery (premium) might come in handy.
Microsoft 365 tenants have long been able to define file type exclusions for the OneDrive for Business sync client through the SharePoint Online admin center, PowerShell, or GPO. A change in the client now exposes the excluded file types to user view for the first time. Meantime, the OneDrive Personal client also gains support for file type exclusions.
The Outlook Monarch client is making steady progress. It’s now due to replace the Mail and Calendar apps in Windows 11 at the end of 2024. This article discusses using the Outlook Monarch client with Gmail accounts. The integration is pretty good and will no doubt be popular with those who have a Gmail account.
Security Researchers JumpSec demonstrated a weakness in Teams External Access by showing how to send malware to users via a federated chat. The exploit depends on another weakness in that attackers can interfere with the set of policy controls transmitted by the Teams server to clients. It’s yet another reason why Microsoft 365 tenants should restrict external access to the set of domains they really want to chat with.
After discussion in 2022 about potential vulnerabilities for the AES128-EBC cipher used by Microsoft Information Protection (MIP), an August upgrade enables AES256-CBC protection for sensitivity labels and other MIP components. Some care is needed to make sure that Exchange Server and other on-premises solutions work properly with the new cipher, but transition for Microsoft 365 tenants should be seamless.
Collaborative meeting notes are a preview feature available for Teams meetings which uses a Loop component composed of three other components to capture the agenda, notes, and task list for meetings. Because the feature is based on Loop. it inherits the goodness and problems of the technology (like no guest access). But overall, this is a nice solution that will go down well in large organizations that run many internal meetings.
Being able to set user-preferred authentication methods for Azure AD multi-factor authentication hasn’t been possible up to now. New Graph APIs make it possible to get and set authentication methods for Azure AD accounts. It’s just another small step along the line to migrate away from the MSOL and Azure AD modules.
In this article, we discuss how to create a report of registered devices known to the Exchange mobile device management framework. Microsoft hasn’t made many changes to the way Exchange Online manages mobile devices connected to its mailboxes over the past few years and would prefer if organizations used Intune instead. But if you just want simple device management, Exchange delivers, and PowerShell reveals what devices are active.
MC590113 (June 16) contains the unexpected news that capture of Planner audit events and To Do audit events will require tenants to have Purview Audit Premium licenses. Microsoft has bundled Planner and To Do with Project to make the change more appealing, but it’s really not. The sad fact is that little audit value is likely to be extracted from Planner and To Do events.
Microsoft has announced that Teams now supports the Microsoft 365 targeted release mechanism, meaning that new Teams features should appear more consistently. The Teams preview program continues, but targeted release takes precedence. In other news, the Teams chat client in Windows 11 is being replaced by the Teams Free client. This probably won’t make much different, but it’s good to know.
Although SharePoint Online doesn’t support the allocation of OneDrive storage quotas via group membership, this is an easy solution to code with PowerShell. In this article, we discuss the steps needed to use groups to set a desired storage allocation for group members and how to apply those allocations to OneDrive for Business accounts. If you don’t want to use groups, Azure AD administrative units or even Exchange Online dynamic distribution lists would work too.
A new Microsoft 365 Audit Platform service plan is available to license solutions like App Governance in Microsoft 365 Defender for Cloud Apps. After a shaky start, App Governance includes some useful functionality, including a set of default policies to highlight apps that need some attention. If you don’t have the necessary licenses to use App Governance, there’s always the examination of raw data about app activity, like sign-in information for app service principals.
Teams animated backgrounds add something to meetings. According to Microsoft, it’s “a dynamic animation for a more immersive virtual environment.” Based on the limited set of background animated released by Microsoft (which currently can’t be augmented by custom backgrounds), the effect might not be quite what you expect. In any case, animated backgrounds will please some and disappoint others, which is what happens in a very large service spanning over 300 million active users.
An update for Microsoft 365 Data Loss Prevention policies supports the configuration of oversharing popups for Outlook shown when a user composes email with specified sensitivity labels for either the message or any attachment. The idea is that the popup (a policy tip) helps the user to understand the problem and why they are violating a DLP policy so that they can address the problem before attempting to send the message.
Sometimes administrators need to intervene and cancel meetings on behalf of users. That’s why the Remove-CalendarEvents cmdlet exists. The cmdlet scans a user mailbox to find meetings organized by the user for a defined period and cancels the events. Meeting participants receive a cancellation notice. It’s a useful cmdlet to know about, just in case.