Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts

Without warning (for security reasons), Microsoft stopped the Exchange Online Set-User cmdlet being able to update the work and mobile numbers for Azure AD accounts. We don’t know what kind of security concerns caused Microsoft to take this action, but it might be associated with administrative roles. In any case, this disappointing example of how to communicate with customers might end up with people having to update some PowerShell scripts – and no one likes unexpected work.

How to Create an Azure AD B2B Collaboration Policy

Azure B2B collaboration is used by Microsoft 365 Groups-based apps like Teams, Planner, and Yammer to create new guest accounts. You can update settings in the Azure AD portal to stop new accounts from specific domains or restrict guests to a list of known domains. But before you go ahead and update the settings, it’s a good idea to know where existing guest accounts come from. It’s easy to create a report with PowerShell. The next step might be to remove guests from offending domains.

How to Update Your Guest Account in Another Microsoft 365 Tenant with a Photo

Office 365 administrators can update Azure AD guest accounts with photos. Guests can do the job themselves using three PowerShell commands. Other approaches work too, but this is the easiest and quickest method to do the job, especially if you have guest accounts in multiple tenants.

How to Create a Report of Managers and Their Direct Reports from Azure AD

Azure AD holds information about managers and their direct reports. It’s easy for that data to go out of date, so we create a report to tell us who are the managers and how many direct reports they have. Azure AD has some cmdlets to retrieve information about managers and direct reports, but as it turns out, the older Get-User cmdlet is the best way to proceed.

Resetting the Sign-In Address for an Azure AD Guest Account

A new preview feature allows the resources available to an Azure AD guest account to be reassigned to another email address. It’s a nice feature, but Teams has some problems with it at present. On the upside, everything works great with SharePoint Online and Planner, and we’re sure that Microsoft will fix the problem with Teams soon.

How to Discover New Audit Events in the Office 365 Audit Log (Including App Consents)

The Office 365 audit log is packed full of information about what happens inside workloads. New events show up all the time. The question is how to understand what actions these events relate to. We outline a simple procedure to discover the presence of new audit events and dive into the investigation of an event called Consent to application, which is pretty important in the context of recent high-profile attacks.

How to Create Exchange Dynamic Distribution List with Custom Recipient Filters

Exchange dynamic distribution lists allow messages to be sent to sets of recipients determined by a query against the directory. A custom filter is a powerful way to find the right set of recipients. In this case, we want to find mailboxes with certain job titles whose Azure AD accounts are not blocked for sign-in. Here’s how to create the filter, make sure it works, and create the DDL.

Keeping an Accurate Office 365 Tenant Directory is Important

Many Office 365 features depend on accurate user account data in Azure AD. Here’s how to use PowerShell to track down accounts with missing properties. Once you know which accounts need to be updated, it’s easy to insert the missing properties. Boring, but easy…

How to Leave a Microsoft 365 Tenant by Removing Your Guest Account

Over time, you might join several Office 365 tenants as a guest. Some of those Azure AD guest accounts probably won’t be needed forever and you want to clean them up. This is easy for individuals to do through their MyAccount page, which might just be a page that they never knew existed.

How to Synchronize AAD Security Groups with Microsoft 365 Groups

Security groups are often used to protect access to resources, but they can’t be used to control membership for Microsoft 365 Groups or Teams. If you want to use AAD security groups to control membership for Groups and Teams, you need to come up with a way to synchronize. PowerShell is available to do the job, and as it turns out, it’s not too difficult.