The Ultimate Guide to Mastering Microsoft 365
I’ve used Teams avatars for a couple of years but never liked them all that much. The chance to create a Teams avatar from a photo seemed like a great idea. Alas, the results obtained from uploading a professional headshot photo or from an image captured by the PC’s camera didn’t live up to expectations. The avatar is closer to my reality, but not by much.
News that Viva Engage search results are included in the results generated by Office.com and SharePoint.com is not unexpected. Only certain Viva Engage items appear in search results such as storyline items and question and answers from public communities. In other news, ten years after Microsoft’s Acompli acquisition, there’s no doubt that Outlook Mobile is a huge success.
Monthly update #115 is now available for download by subscribers to the Office 365 for IT Pros (2025 edition) eBook. The files available to subscribers also include an update for the Automating Microsoft 365 with PowerShell eBook. Those who bought the PowerShell book without buying the Office 365 for IT Pros bundle can also download the update.
On 19 December 2024, Microsoft announced the retirement of the Microsoft Search in Bing feature. Copilot is better at searching and presenting web and work results. Although tenant administrators might worry about the recent batch of retirements, the fact is that Microsoft retires unsuccessful products and features from Microsoft 365 all the time. The swift demise of the Office tags feature is another example.
Microsoft loves branding exercises. At least, that can be the only reason why the Microsoft 365 Copilot rename is happening. I can think of no other reason why Microsoft would seek to confuse its customers by applying the Microsoft 365 moniker to an app that can’t access Microsoft 365 data, unless of course people pay to use Copilot agents. It’s all very confusing.
The Copilot inference and evaluation policy controls if users can ask Copilot in Teams to evaluate the emotions of other meeting participants. It sounds creepy that meeting participants can ask Copilot how someone is feeling based on their contributions to a meeting, but AI is happy to answer unless blocked by policy. Maybe blocking big brother monitoring should be the norm rather than an exception?
Two types of retention labels are in use: Microsoft 365 retention labels and MRM retention tags. Clients hide the difference, but the Microsoft Graph PowerShell SDK cmdlets can only process Microsoft 365 retention labels for files stored in SharePoint Online and OneDrive for Business. EWS can manage MRM retention tags, but it’s on a fast path to retirement in 2026…
On December 12, Microsoft said that they want to make the Search-UnifiedAuditLog cmdlet use high completeness for all its searches. If implemented, the result will be a disaster because many of the current uses of the cmdlet to retrieve audit log data will be rendered impracticable because of the slowness and unreliability of high completeness searches. Microsoft just doesn’t seem to understand how its software is used in production.
In January 2025, Microsoft will introduce resizable Teams windows for the Windows and Mac desktop clients. This is a fundamental change to the client experience that will affect how end users interact with Teams. In a nutshell, users can resize panes like the chat list or meeting stage to a minimum of 360 pixels, which isn’t a lot. On the other hand, you can zoom a Teams window to 400%, which is definitely a lot.
Microsoft originally were going to license the Outlook Org Explorer to E3 and E5 users. Then they had the clever plan to license the feature through Viva. The gloss has gone off that idea and now Microsoft says that all commercial Microsoft 365 users will be able to use the Org Explorer starting in early 2025. In other news, you’ve been given 15 months’ notice about Outlook toggling.
The SharePoint Online Block Download Policy controls the ability to use features that rely on downloaded files (including temporary files), such as printing or editing with the Office desktop apps. It’s the kind of configuration that organizations might use for sites that hold very confidential files. Although the Set-SPOSite cmdlet can configure the policy for a site, it’s easier to use a container management label.
A February 2025 deadline looms for Outlook classic add-ins that use legacy Exchange tokens for authentication. Add-ins must switch to nested app authentication (NAA) to have continued access to Exchange mailboxes and other objects. The upgrade is easy enough if the ISV that developed the original add-in is still in business. Things get a lot more complicated when they’re not, or you have no idea who developed an add-in.
The scheduled retirement of Delve on December 16, 2024, meant that Microsoft had to create a new way for users to update their profile settings. The new method has now appeared in Microsoft Search, and it will spread to other workloads (like OWA) where users can access and update their profile. The new mechanism is welcome, but it’s still too difficult to customize user profiles within a tenant.
Microsoft’s announcement of the Viva Goals retirement came as a complete surprise to the customers using Viva Goals to implement the OKR methodology for their organization. From Microsoft’s text, it seems pretty clear that Viva Goals just didn’t succeed in winning sufficient customers to warrant ongoing development. The outcome is that Microsoft cut its losses and will retire Viva Goals.
A recent report noted an increase in social engineering attacks through Teams federated chat. You can stop these attacks by limiting external access to an allow list of known domains, which is what I do. Or you can depend on the technology built into Teams to detect suspicious connections and remind users about potential risk. This now extends to connections from brands commonly targeted by phishers.
A November 26 announcement says that Microsoft 365 Video will bring Stream and Clipchamp together under the Clipchamp brand. A lot of hard work over the past few years created the potential for unification as Stream moved to the SharePoint platform and Clipchamp embraced the Microsoft 365 framework. Bringing the two solutions together into a unified Microsoft 365 video platform makes perfect sense.
Intelligent versioning means that SharePoint Online manages file versions automatically and only keeps what’s needed. The feature works for OneDrive too, if only you can figure out how to enable it. Intelligent versioning can be enabled for a OneDrive account manually. PowerShell is the best option to enable intelligent versioning across a tenant. But how? We explain all here.
This article describes how to report the audit events for a user over a single day. The task seems simple, but inconsistency in audit payloads makes it harder. Workloads don’t help by the variations in audit events. In any case, persistence and knowledge about what the audit event captured for an action helps to decode the data, as illustrated by the script detailed here.
The Office 365 for IT Pros writing team is thrilled to announce the availability of the December 2024 update (monthly update #114). Current subscribers can download the updated EPUB and PDF files for the main book and the Automating Microsoft 365 with PowerShell book using their Gumroad.com account or the download files link in their receipt.
This article covers how to use Exchange Online message trace data to find inactive mailboxes based on their message send activity. The script processes user mailboxes but can easily be adapted to process shared mailboxes too. This is only one of the available methods to find inactive mailboxes. The other methods mentioned in the article might be better suited to your purpose.
Microsoft recently renamed the default set of sensitivity label permissions. Each permission defines the usage rights for a labelled item for users. The rights range from the basic actions like edit, save, and print to the more advanced extract, right to run macros, and export. The trick is to make sure that sensitivity labels assign the right permissions to users.
SharePoint generates document mismatch notifications when users create or update files with sensitivity labels that are higher than the site’s container label. Normally, everything works as planned, but if a tenant has a cloudy attachment auto-label retention policy, items can end up in site preservation hold libraries that generate document mismatches. The problem is that you can’t stop the mismatches!
Generative AI tools are nice to have, but the LLMs used by these tools must come from somewhere. The impact of generative AI on technology websites is very real and will have a far reaching effect if websites close due to reduced traffic and revenues. How will the LLMs used by generative AI refresh their knowledge base if websites don’t create that information for them (for free)?
The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more interesting announcements for Microsoft 365 tenants for Teams, SharePoint Online, and Purview. Many of the new features need high-end licenses or add-ons, but that doesn’t mean that the issues addressed by the technology should be ignored.
Service principal sign-in activity is a new insight available in the Entra admin center. As explained here, it’s also possible to use PowerShell to fetch and analyze the data to derive new insights into what apps create service principals in a tenant and what organizations own the apps. Some detective work is needed to fully understand the data. That might be an ongoing task, but at least we have the data.
The Purview Insider Risk Management solution can do all sorts of clever things, like tracking sensitivity label downgrades and removals as an indicator that a user might be preparing to exfiltrate data. The same kind of checking can be done by using the events captured in the audit log when people remove or change sensitivity labels. All in a few lines of PowerShell…
In a November 18 post, Microsoft describes some Exchange Online security updates that are due to land between now and 2026. Some of the news is a restatement of previously announced information, like the deprecation of EWS in October 2026. New information includes some information about feature caps that the Graph APIs cannot close when EWS goes away. And then there’s a hint about the demise of public folders (again!)
In February 2025, Microsoft will begin enforcing a mandatory MFA requirement for the Microsoft 365 admin center. All connections to the Microsoft 365 admin center must pass an MFA challenge. The move is to increase the percentage of Entra ID user accounts protected by MFA. This article explains what’s happening and outlines how to gain insight into who might be affected by the change.
The unified audit log is full of interesting information about who did what and when they did it. In this article, I describe how to use file operations audit events to find the last accessed date for documents in a SharePoint Online site. It’s data that isn’t available in the Microsoft Graph, but it is in the unified audit log.
This article describes how to create eligible and active PIM role assignment requests using cmdlets from the Microsoft Graph PowerShell SDK. Although the PowerShell code is straightforward, Microsoft recommends using the Entra admin center for Privileged Identity Management. But you can automate the management of role assignment requests if you want to.
Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention policies and labels can stop the removal of versions. This article explains what happens when SharePoint Online attempts to trim (remove) unwanted versions of files under the control of retention policies and labels.
In a November 8 post, Microsoft says that Purview Data Lifecycle Management will allow tenants to split processing of Copilot interactions and Teams chats with different policies. The public preview for the change should be available in mid-November. This update makes perfect sense because there’s no logic to dictate that Microsoft 365 tenants want to impose the same retention period for Teams chats and Copilot interactions.
Microsoft recommends that developers move from the older DirectoryRoles Graph API and use the UnifiedRoleDefinition API instead. Changing APIs will impact the code in any PowerShell scripts used to automate role assignments. In this article, we review some examples of the older way to assign roles and show how to do the same tasks with the new API.
Microsoft launched private channels in November 2019. A lot has happened since, and private channels don’t really get much attention these days. That’s a pity because private channels can be very useful in the right situation. I rediscovered this fact recently when working through an issue with a university where private channels were the right answer. Like all technologies, happiness comes from choosing the right tool.
A recent article about analyzing interaction records for Microsoft 365 Copilot led to the question if it’s possible to do the same for Microsoft Copilot. After checking the compliance records captured by the Microsoft 365 substrate, we discovered that Microsoft Copilot generates compliance records. However, a bug with encoded text means that the information captured for responses from Microsoft Copilot and Microsoft 365 Chat isn’t visible. All explained here.
Microsoft announced Delicensing Resiliency, a new feature for tenants with over 10,000 paid seats, to avoid inadvertent data loss due to licensing errors. Essentially, the feature adds an extra 30-day grace period post license removal during which mailboxes work as normal. The idea is that administrators will have extra time to detect and fix licensing errors that lead to mailbox removal. Overall, the new feature seems like a great idea (for large tenants).
Container management label support is coming to the Loop app. Before it arrives, we look at how Loop supports sensitivity labels assigned to pages in Loop workspaces. As you might imagine with the initial implementation of a feature, some gaps are obvious that the Loop developers should fix as they build out full support for sensitivity labels within the Loop ecosystem.
Group-based licensing is a mechanism to make it easier to assign and manage product licenses for large sets of user accounts. In this article, we discuss how to use Microsoft Graph PowerShell SDK cmdlets to manage group-based license assignments in a Microsoft 365 tenant. Assigning licenses to groups is very much like direct assignments, but some differences exist.
Monthly Update #113 (November 2024) for the Office 365 for IT Pros eBook is now available for download by current subscribers from Gumroad.com. An update is also available for the Automating Microsoft 365 with PowerShell eBook. In other news, we look at the Microsoft 365 news from Microsoft’s FY25 Q1 results and try to interpret what some of Microsoft’s statistics really mean.
Copilot agents are part of Microsoft’s Wave 2 initiative launched in September 2024. Basically, an agent restricts Copilot queries to a defined set of content, meaning that the response generated by Copilot is much more precise and won’t be affected by information found in other sites. The wizard makes it very easy to create a new custom agent. Some features are missing, but they’re on the way.