Understanding the Email Addresses Used by Microsoft 365 Groups and Teams

Some recent questions in the Microsoft Technical Community show confusion about the email addresses used by Office 365 Groups and Teams. Here’s our attempt to clarify.

Using S/MIME with the Azure Information Protection Client

The latest version of the Azure Information Protection (AIP) client supports the ability to associate S/MIME protection with an AIP label. Although interesting, it’s a feature unlikely to be of much practical use to the majority of Office 365 tenants.

Phishing: Sample Messages Delivered to Exchange Online Mailboxes

Another day, another phishing attempt, this time trying to make unwary Office 365 administrators click on a link to “Retrieve Pending Messages” for their domain. I’m surprised this one got through! Some other examples from November 2019 are included for your review. Make sure that you report these bad boys when they arrive into user mailboxes

Phishing: EFile Document Notification

A very exciting message arrived in my mailbox. So exciting that it was too good to be true. Some basic checks made me more suspicious and then Outlook’s Message Header Analyzer gave more evidence to think the message was bad.

How to Embed External Content in Modern SharePoint Online Pages

Embedding external content in modern SharePoint Online (SPO) pages is a really easy task using Microsoft’s out of the box Embed webpart. In the WebPart settings panel we can add the external content URL (such as a YouTube video) or by using the standard <iFrame> HTML tag: In the event we want to add a …

Sensitivity Labels Bring Rights Management to the Masses

Azure Information Protection and Office 365

Rights management and encryption are likely to be a much more common Office 365 feature in the future. Sensitivity labels makes protection easy for users to apply through Office apps. The downside is that protection makes content harder to access for some Office 365 and ISV functionality.

How to Populate Team or Group Membership from Email Distribution Lists

Exchange Online distribution lists can be used to populate the membership of Office 365 Groups or Teams by applying a little PowerShell magic. Here’s how.

Use Search-Mailbox to Remove Thousands of Items from an Exchange Online Mailbox

A question asks how to remove a bunch of emails from a shared mailbox. You can use OWA to do the job, especially with its Cleanup Mailbox option, but perhaps some administrative action is needed.

Tip: Make Sure to Add Owners as Members When Creating New Teams

Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.

Office 365 Data Governance at the European SharePoint Conference 2018

On Wednesday, November 28, Tony’s speaking about Office 365 Data Governance at the European SharePoint Conference in Copenhagen, Denmark. The topic is interesting, if only because its source material changes all the time.

How to Report the MFA Status for Azure AD Accounts

When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.

How to Report Files Protected by Sensitivity Labels

The availability of Azure Information Protection and Office 365 sensitivity labels allow tenants to protect important and confidential files. That’s nice, but it’s even better when you know what files are protected. Here’s how to use PowerShell to create a report about those files.

How to Find and Report Inactive Distribution Lists

A recent correspondent asked how to find inactive distribution lists in Exchange Online. We didn’t have a good answer in the book, so here’s some PowerShell code to do the trick.

How to Restrict the Audit Data for User Office 365 Activities Flowing to Microsoft

Following a Dutch report saying that Office 365 might violate GDPR, some thoughts about how to restrict some of the flows of information from an Office 365 tenant to Microsoft.

Teams Now Supports Dynamic Microsoft 365 Groups

The latest version of the Teams desktop and browser clients support the creation of dynamic teams based on dynamic Office 365 Groups. The functionality is welcome, as long as you can pay for it as every member who comes within the scope of a query used for a dynamic team needs an Azure AD P1 license.

Stream Intelligent Features Available to All Office 365 Commercial Users

Microsoft has made the intelligent features of Stream available to all Office 365 commercial customers, meaning that you can now luxuriate in closed captions, automatic transcripts and deep search, and face recognition.

Office 365 Privileged Access Management: Too Flawed and Too Exchange?

Microsoft has launched Privileged Access Management (PAM) for Office 365. The name’s incorrect because PAM only works for Exchange Online right now. PAM is based on RBAC, which is good, but is the implementation too Exchange-centric?

Office 365 Tenants to Microsoft: Send Training Tips to End Users – No Thanks!

Microsoft’s grand plan to send helpful emails to Office 365 users hit a roadblock when customers said “No thanks” to the idea. Microsoft has now taken the plan back for mature reflection. Does this kind of initiative reflect a certain arrogance on the part of Microsoft?

Block Guest Members from Microsoft 365 Groups and Teams

By default, the Groups policy for an Office 365 tenant allows group owners to add guest users to group membership. You can block this access if necessary, but it’s probably not what you want to do as blocking brings guest access to a complete halt across the tenant.

How to Find Send As Records in the Office 365 Audit Log

Exchange administrators are accustomed to looking through mailbox audit logs to find details of events. Those same events are in the Office 365 audit log, so that’s the place to go look for information, like when you want to find out who sent a message from a shared mailbox using the SendAs permission.

Any Authenticated Users Permission Now Generally Available for Sensitivity Labels

Azure Information Protection rights management templates now support the Any Authenticated Users permission to allow Office 365 users to share email and documents with anyone who can authenticate with Azure Active Directory or has an MSA account or uses a federated service.

The Vexed Question of Microsoft 365 Backups

Backup vendors say you should definitely use their products to protect your valuable Microsoft 365 data. Backup products can do a good job, but the nature of Microsoft 365 creates many challenges at a technical level. A lack of APIs is the most fundamental issue, but the connected nature of Microsoft 365 apps is another.

Existing Guest Accounts and the Azure B2B Collaboration Policy

When you impose a block on certain domains, you’d like to think that applications like Teams will respect that block. As it turns out, if you have some lingering guests in your Azure Active Directory, the B2B collaboration policy might not be as effective as you’d hope.

How to Apply Encryption to Exchange Online Email Containing Sensitive Data

Office 365 offers different ways to apply encryption to important messages. When those messages hold sensitive data known to Office 365, like credit cards or passport numbers, we can define a transport rule or DLP policy to protect outbound email automatically. And while you can define rules and policies through the GUI, PowerShell is available too.

How to Migrate On-Premises Distribution Lists to Exchange Online

If you run a hybrid Exchange deployment, you probably have some on-premises distribution lists that you’d like to move to the cloud. Office 365 offers no way to do this, so it’s up to PowerShell. Instead of starting from scratch, you can use a script created by Tim McMichael of Microsoft and amend it to meet your needs. PowerShell is just great.

Protecting PDFs the Native Way

On October 12, Microsoft and Adobe launched the public preview of the native integration of Azure Information Protection for PDF files. Knowledge about protection is built into the latest version of the Acrobat reader, meaning that third-party tools are no longer needed to process protected PDFs.