The Ultimate Guide to Mastering Microsoft 365
No Teams administration policy controls the creation of regular channels. Policies are there to control the creation of shared and private channels, but not the regular variety. Team owners can restrict creation on a team-by-team basis, but if organizations want to apply central control, they’ll need to do it with PowerShell.
A little known fact about the Graph Explorer utility is that you can use it to sign into a tenant using a guest access. This might or might not be a good idea, but if you don’t want people to do this, it’s easy to block guest access by either disabling user access to the app (crude) or using a Conditional Access policy (much nicer).
Some recent announcements have shown Yammer’s new direction. The Communities app is now Viva Engage and Teams Meeting Q&A app is powered by Yammer. That’s all good because it negates some of the tension between Teams and Yammer in terms of positioning within Microsoft 365. The messages that make up Q&A in Teams meetings are captured for compliance purposes, and that’s also a good thing.
In March 2020, I wrote about mailbox audit events for Office 365 E3 accounts not showing up in the Office 365 audit log. As far as I can tell, Exchange Online deals with new mailboxes properly now. However, there might be some mailboxes in your organization that aren’t generating the audit records you thought they are… so it’s time to check.
No Microsoft 365 admin portal will tell you about the set of email addresses assigned to Teams channels. Fortunately, it’s relatively easy to create a report with PowerShell and just a little Graph magic.
Document label mismatches happen when users create, upload, or update Office documents in SharePoint sites and give the documents a higher-priority sensitivity label than the one assigned to the site. When this happens, SharePoint Online creates a DocumentSensitivityMismatchDetected audit event. Unhappily, that event doesn’t tell us who caused the mismatch, but some work with PowerShell reveals all.
A new feature allows Teams users to start new group chats by adding participants from the membership of distribution lists, Microsoft 365 groups, or mail-enabled security groups. It’s a neat way to add up to 249 participants to a new group chat. And while we’re covering the topic of adding people to group chats, we also mention the oft-overlooked feature that allows Teams tags to be used for this purpose.
Like all apps, the Azure AD Admin center has its own quirks and inconsistencies. In this article, we cover issues creating groups when the admin center doesn’t apply sensitivity label container management settings properly, and group-based license management, which only works if the group’s security enabled property is set correctly.
Microsoft is rolling out the public preview of the ability to set a default sensitivity label for SharePoint Online document libraries. This is likely to be a premium feature when it is generally available. For now, Office documents are supported, but Microsoft promises to support PDFs in the future.
Exchange Online shared mailboxes only need licenses if they have an archive, exceed 50 GB in size, or are on litigation hold. The rules are there, but how many tenants check their shared mailboxes to make sure that they’re in compliance. This article explains how to use PowerShell to detect shared mailboxes that need licenses.
In this article, we explain how to create a report about the Teams private channels found in a tenant together with the members and owners of each channel. The PowerShell script is relatively straightforward and once the data is extracted from Teams, it can be sliced and diced in different ways.
A previous article explains how to use an Azure Automation runbook to write information to a SharePoint Online site and Teams channel. At the time, I used a stored credential to authenticate and access SharePoint and Teams. Azure Key Vault offers another way to store secrets (bits of information) securely. This article explores how to store secrets in Azure Key Vault and retrieve and use the secrets in a runbook script and interactive PowerShell.
A new Yammer administrator role is available in Azure AD. Assignees of the new role become Yammer verified admins and can make changes to both native and non-native Yammer networks. It’s nice to see the new role appearing in Azure AD and no doubt it will be useful to Microsoft 365 tenants that use Yammer, but why did it take so long to happen?
The Get-AssociatedTeam cmdlet is part of V4.6 of the Microsoft Teams PowerShell module. It reports the membership a user account has in teams, including where the account has direct membership of shared channels. The cmdlet makes it easy to generate a report of teams membership, and the PSWriteHTML module makes it easy to output nice PDF reports.
Microsoft plans to reduce the recovery period for inactive mailboxes newly released from retention holds and policies from 183 to 30 days. The change will be implemented worldwide by the end of September. The reduction in recovery time sounds seriously but it’s really not. If you haven’t figured out that you need to recover some data from an old inactive mailbox within 30 days, the data probably isn’t needed. And anyway, if you really want to, you can keep inactive mailboxes forever.
This article explains how to populate the membership of a Teams shared channel using PowerShell. The idea is to create a shared channel that’s used for organization-wide communications, like a HR questions and answers channel. Alternatives like using a dynamic Azure AD group with a filter to find Teams users are also considered.
A new version of the Microsoft 365 user activity report PowerShell script is available. This version extends the activity lookback period to 180 days, which is helpful when assessing if user accounts are active when people might be on parental leave or sabbaticals.
In a welcome move, Microsoft has revamped its guidance for Microsoft 365 compliance licensing, specifically for Data Lifecycle and Records Management. The new text is much clearer about when different licenses are needed to use a feature, which is goodness even if you disagree that a feature should need a high-end license. Now if only Microsoft could do the same for the rest of its documentation…
Microsoft has released 42 new sensitive information types (SITs) in preview. The new SITs cover credentials used in services such as Azure, GitHub, Amazon, and Google, and can be deployed in Purview solutions like DLP and auto-labeling policies.
Version 4.6 of the Microsoft Teams PowerShell module includes the Get-TeamAllChannel cmdlet. As the name implies, the cmdlet returns details of all channels in a team (regular, private, and shared). To see what it does, we wrote a script to report all the channels in teams in a tenant.
The OWA calendar has gained some new features to help users see more detail about events. Users can choose different time slot lengths from 5 to 60 minutes. They can add time zones to the calendar display, and they can choose a different color for events. Nothing earth-shattering, but the changes will please users.
Subscribers to the Office 365 for IT Pros (2023 edition) eBook can download the updated files for the August 2023 release. Twenty-one of the 23 content chapters are updated, something that’s pretty normal for an Office 365 for IT Pros book update. Lots more change is coming, all of which will be covered in future updates.
Word review mode has been available for a couple of years (online app only). Review mode is a good way of guiding people to do the right thing when they review documents, and now Microsoft is upgrading the Sharing Link dialog UI with a new “Can Review” permission to make it easier for people to use review mode.
Microsoft’s FY22 Q4 results didn’t reveal too much in terms of real numbers for Office 365 users, or usage of individual workloads like Teams or SharePoint Online. We do know that the Microsoft Cloud segment reached the landmark of $100 billion in annualized run rate ($91.2 billion actual). How much of that is down to Office 365? That takes some guesswork, but we’ve done our best.
The Teams Files policy gives a way for administrators to control if users see the Teams Files tab in every channel and Teams chat, and if they can access OneDrive and SharePoint to upload files. The policy exists for organizations that have standardized on other file storage systems such as Box or Dropbox.
In a July 12 announcement, Microsoft says that they will restrict the use of Exchange Web Services to access Teams message data from September 30. Microsoft wants customers to use the Teams Export API instead. All that’s fine, but it means that customers have to change their Teams backup product to one that uses the new API – and they’ll be charged for the privilege of using the Export API.
Outlook’s new Booking with Me feature is rolling out worldwide. Any user with an Exchange Online license can create a personal bookings page to allow other internal and external people to book meetings with them. It’s a nice idea and a good example of how Microsoft can use its software toolkit to create new solutions.
The Microsoft Bookings app is available to many Office 365 users. The app is designed to host a shared calendar for a group of people. The calendars are in special scheduling mailboxes that are created by the Microsoft 365 substrate. Appointments in the calendar can be scheduled by people through a bookings page, which can be on the internet or confined within an organization. It’s a neat way to run an online business – if only Bookings could take in some money for all that scheduled work.
Microsoft promises they will deliver the long-awaiting Outlook roaming signatures feature in October 2022. There are signs of progress in Outlook beta builds, but the development of the feature has caused some disruption for Microsoft 365 tenants because it broke the cmdlet that updates HTML signatures for OWA. Oh well, it will all be OK in October. At least, that’s the plan.
There are many versions of PowerShell scripts to report SharePoint external users online. Most don’t handle team-connected sites, so we take the time to explain the oddities of the Get-SPOExternalUser cmdlet and create some data that we can report using the PSWriteHTML module. All in day’s work with Microsoft 365.
The new tenant admin Microsoft Graph API allows access to read and update SharePoint Online tenant settings. Although the API offers limited capabilities for now, it marks the start of Graph support for tenant settings that are currently managed through admin portals or PowerShell. It’s a welcome development.
Microsoft has improved the functionality of the Teams Files channel tab since its introduction. The most recent update adds SharePoint’s Grid View and Details pane, and the net effect is that the Files channel tab is now almost as functional as the SharePoint browser interface.
Microsoft has announced that Teams will no longer provision the Teams Wiki channel tab for newly created channels. The change goes into effect in mid-August. It seems like not many people like the Teams Wiki, but it does its job and deserves a little respect – or does it?
The imminent deprecation of basic authentication for 7 Exchange Online connectivity protocols mean that client updates need to be considered. If you use IMAP4, the Thunderbird client does a good job, but will other clients be able to cope? It’s a good question to ask.
Stale Teams meetings have just one participant and last more than 10 minutes past the scheduled end time. Soon, Teams will end these meetings automatically. It’s a small but useful change that will prevent Teams meetings lingering on in cyberspace long after anything useful ceased happening in the gathering.
Loop components are now supported in OWA. The implementation is reasonably close to that of Teams chat, but has some essential differences due to the nature of email. The current state of Loop components mean that they are highly suited for internal communication but not for collaboration outside an organization.
Cmdlets in the Microsoft Graph PowerShell SDK module can interact with many types of Microsoft 365 data using Graph API requests. Adding the Debug parameter gives you an insight into what happens when SDK cmdlets run Graph requests. The knowledge can help you write better code and avoid mistakes, and that’s always a good thing.
A new Software Updates page in the Microsoft 365 admin center is intended to help tenant administrators keep an eye on what Office and Windows software people are using. As you’d expect, the page offers no details about non-Microsoft clients connected to Microsoft 365. That’s OK, except when work is needed to make sure that clients can cope with the effects of a massive change, like the October retirement of basic authentication for seven email connection protocols.
Two recent and useful enhancements for Viva Topics are rolling out to Microsoft 365 tenants. You can now include topic cards in Teams chat messages and knowledge managers can add external references (website links) to topic cards. Neither might seem terribly important, but both changes make Viva Topics more useful and usable.
Many example PowerShell scripts exist to report Azure AD accounts and their MFA status. Most of the scripts use the old MSOL module. Now we can use the Microsoft Graph PowerShell SDK and some Graph API requests to do the same job, This article explains how, including how to highlight unprotected Azure AD accounts that hold administrative roles.