Site icon Office 365 for IT Pros

Blog

Advertisements
  1. Modernizing Sensitivity Label Grouping for Displays October 29, 2025 7:00 am - Microsoft announced the modernization of grouping for sensitivity labels to a new "dynamic architecture." It doesn't take much to be more dynamic than the previous parent-child arrangement. Even if the announcement is a tad overhyped, it’s still goodness because administrators can now move labels between label groups in a way that wasn’t possible before. The new way of displaying labels should be everywhere in December 2025.
  2. Auto-Updating Teams Work Location is Not Employee Monitoring October 28, 2025 7:00 am - As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about the prospect that managers would keep an eye on employees based on their location. Of course, this is all rubbish. The update automates an existing feature that no sane manager would use to monitor employees.
  3. Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised October 27, 2025 7:00 am - Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use those tokens with the Graph API. Is this important? It could be if attackers manage to gain access to a workstation, but at that point you’ve got other problems, and maybe using code to decrypt some tokens is the least of your troubles.
  4. Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea October 24, 2025 7:00 am - Enterprise apps can come from a variety of sources. Most are Microsoft 1st party apps, and the rest are ISV apps. It's easy to add an app without really intending to, which is a good reason to force users through the Entra ID app consent workflow when they want to add an app. Unhappily, I failed the test and added an app in a moment of weakness. Here’s what happened.
  5. Updating the Entra ID Password Protection Policy with the Microsoft Graph PowerShell SDK October 23, 2025 7:00 am - The Entra ID password protection policy contains settings that affect how tenants deal with passwords. Entra ID includes a default policy that doesn’t require additional licenses. Creating a custom password protection policy requires tenant users to have Entra P1 licenses. As explained in this article, once the licensing issue is solved, it’s easy to update the policy settings with PowerShell.
  6. Important Change Coming for Entra ID Passkeys in November 2025 October 22, 2025 7:00 am - Entra ID is about to introduce passkey profiles, a more granular approach to passkey settings. The change is good, but you might like to check the current passkey settings to make sure that the values inherited by the new default passkey profile behave the way that you want. In particular, check attestation enforcement to make sure that the right kind of passkeys are used.
  7. Automating Microsoft 365 with PowerShell November 2025 Update October 21, 2025 7:00 am - The November 2025 update for the Automating Microsoft 365 with PowerShell eBook is available online. Subscribers can download the new PDF and EPUB files from their Gumroad account. As always, the update features a mixture of new and updated information, some corrections, and removal of obsolete information. Look no further for guidance about using PowerShell with the Graph APIs to interact with Microsoft 365 data!
  8. New Audio-Only Recording Option for Teams Meetings October 20, 2025 7:00 am - A new audio-only recording option for Teams meeting suppresses the video feed from meeting participants when generating the MP4 file for the meeting recording. The idea is to better preserve user privacy during recording playbacks. Few will miss the video stream because the audio is usually more important. The audio is also the basis for the meeting transcript, and that leads to AI-generated outputs like meetings summaries and action items.
  9. Outlook Gets AI Drafting of Meeting Agendas October 17, 2025 7:00 am - Agenda auto-draft is a new feature for OWA and the new Outlook to help meeting organizers create a draft meeting agenda using AI. The Copilot-generated draft agenda contains an introduction and some bullet points created from the meeting subject. It’s not a make or break feature for Microsoft 365 Copilot. Some will like it, if they discover how to use agenda auto-draft.
  10. Using the Secret Management PowerShell Module with Azure Key Vault and Azure Automation October 16, 2025 7:00 am - If you can't use managed identities, credential resources are a way to manage username and password credentials for Azure Automation runbooks. The Secret Management module is an alternative, and it’s a good option to manage credentials that are shared between interactive scripts and automation runbooks. This article describes how to use the Secret Management PowerShell module to fetch credentials stored in Azure Key Vault for use in an automation runbook.
  11. The My Sign-Ins Portal, Applications, and Conditional Access October 15, 2025 7:00 am - A recent change has exposed the applications used by the My Sign-ins portal for use in conditional access policies. This article discusses the app-centric nature of Microsoft 365 and Entra ID and why it’s important that the newly-revealed set of applications are available for conditional access processing, just in case the Entra ID agents planned by Microsoft can't optimize your policies.
  12. Changing the Offline Access Period for Sensitivity Labels October 14, 2025 7:00 am - One of the settings for sensitivity labels governs how long items protected by a label remain accessible (including offline access) before reauthentication. The default is 30 days, which is a good balance between security and avoiding users having to constantly reauthenticate to open protected messages and files. If necessary, tenant administrators can change the validity period to be anything from 0 to 65535 days.
  13. ChatGPT Enterprise Connects to SharePoint Online October 13, 2025 7:00 am - OpenAI has launched a ChatGPT enterprise SharePoint Connector that allows organizations to synchronize files from SharePoint Online to ChatGPT. I could never understand why Microsoft 365 tenants allowed users to upload individual files from SharePoint or OneDrive to ChatGPT for processing. Using a connector to synchronize entire sites to ChatGPT makes even less sense, especially from a compliance perspective. I must be missing something!
  14. Microsoft 365 Copilot Usage Report API General Availability October 10, 2025 7:00 am - The Copilot usage report Graph API is now generally available. Like the report APIs for the other workloads, the Copilot usage API helps to understand usage of some very expensive licenses. Even better, the usage data can be combined with data from other Microsoft 365 sources to produce interesting and valuable insights. All it takes is some PowerShell to knit everything together.
  15. Exchange 2016 and 2019 End of Life and Some Interesting Exchange Online Developments October 9, 2025 7:00 am - On Oct 14, 2025, Exchange 2019 and 2016 reach end-of-life and Exchange SE becomes the only supported on-premises Exchange server. In other news, we discuss Microsoft guidance for moving to cloud first identity, HVE and ECS and the extension of basic authentication support to September 2028, the introduction of auto-archiving for Exchange Online, and why Microsoft is deprecating the Contact object from Exchange Online.
  16. Teams Support for Emojis in Chat and Channels Section Names October 8, 2025 7:00 am - Teams users can use emojis to create or rename chat section names. By incorporating emojis into section names, users create "visual anchors" to help navigate through Teams chats and channels. Sprinkling emojis around section names doesn’t really make me navigate any smarter, but it’s a feature that Slack has, so Teams can’t be left behind in the pretty interface stakes.
  17. Chromium 141 Update Will Affect Offline Access for SharePoint Online and OneDrive for Business October 7, 2025 7:00 am - An update for Chromium 141 can affect the ability of SharePoint Online and OneDrive for Business to access offline content, including files and lists and lead to degraded performance. The change is designed to improve user privacy, but some Microsoft 365 apps need browsers to be able to access local files, notably for OneDrive synchronization. Prepare by upgrading the OneDrive Sync client and distributing a new policy to workstations.
  18. What’s the Best Way to Find SharePoint Online Sites with Graph PowerShell? October 6, 2025 7:00 am - What's the best way to find SharePoint sites with the Microsoft Graph PowerShell SDK? Is the Get-MgAllSite cmdlet best or should you use the Get-MgSite cmdlet? Does it matter if you’re looking for one site or many sites? We explore the issue in this article by examining some reasons why you’d choose Get-MgSite and others that drive the decision for Get-MgAllSite.
  19. Microsoft Introduces Restore Capability for Conditional Access Policies October 3, 2025 7:00 am - New Graph APIs allow Entra administrators to restore a conditional access policy with a Graph request. This article explains how to list, restore, and permanently remove soft-deleted conditional access policies using Graph API requests run in PowerShell. Being able to restore conditional access policies removed in error closes a big gap, especially if agents might begin working on policies. Who knows what errors might happen in future.
  20. Teams Stamps External Users with Trust Indicators October 2, 2025 7:00 am - Attackers might attempt to use social engineering to trick Teams users in compromise. Trusted indicators help users understand the status of external users with difficult visual markers. The idea is that users will see the marker and realize that they should be less trusting in their communications. Sounds good. But maybe securing external access for Teams with a comprehensive block list is even better?
  21. Office 365 for IT Pros October 2025 Update October 1, 2025 7:00 am - Monthly update #124 for the Office 365 for IT Pros (2026 edition) eBook is now available. Current subscribers can download the updated PDF and EPUB files from Gumroad.com. An update is also available for the Automating Microsoft 365 with PowerShell eBook. Like every month, changes are made to many chapters in the book, so if you’re a subscriber, please download the files.
  22. January 2026 Change for How Outlook Extracts Events from Email September 30, 2025 7:00 am - The Outlook events from email feature changes from January 31, 2026. Events will only be created if notifications support the properties for events defined by schema.org. Seeking consistency is a good idea, especially if it means that Outlook can process notifications sent by airlines, car hire companies, and other event providers in a way that doesn’t happen today. However, some disruption is likely.
  23. Using the Enterprise Website Microsoft 365 Copilot Connector September 29, 2025 7:00 am - Microsoft 365 Copilot Search can be extended by ingesting information from external sources through a Microsoft 365 Copilot Connector. In this article, we show how to configure the Enterprise websites prebuilt connector to ingest articles from the Office365ITPros.com and Practical365.com sites, and how Copilot Search presents that information in its results and summaries. It’s quick, easy, and seamless - so really pretty good!
  24. Microsoft Use of Anthropic AI Models Creates Concerns for Tenants September 26, 2025 7:00 am - On September 24, Microsoft announced that Anthrophic LLMs could be used with the Copilot Researcher agent and to build agents with Copilot Studio. Although it’s great to enable choice so that customers can choose the AI model they prefer, questions about data security, lack of support for compliance solutions, and adherence to standards like the EU data boundary will concern Microsoft 365 tenants.
  25. SharePoint Knowledge Agent Available in Preview September 25, 2025 7:00 am - With not a little hype, Microsoft launched the SharePoint Knowledge Agent on September 18. Getting some AI help to organize sites sounds good, but only if the assistance delivered by the artificial intelligence does something useful. In this case, the agent generated some moderately interesting results without ever reaching the level of AI magic anticipated (and reported) by some.
  26. Assembly Clashes Make Microsoft 365 PowerShell Frustrating September 24, 2025 7:00 am - An assembly clash happens when a PowerShell module attempts to load a .NET assembly only to find that a different version is already loaded in the session. Unhappily, this kind of thing happens far too often with Microsoft 365 modules, which implies that there isn’t a great deal of coordination between different development groups. All you can do is to load modules in the right order.
  27. Updating the User Password and Authentication Report September 23, 2025 7:00 am - A change to a Graph beta API meant that some data used to create the user password and authentication report was no longer available. A script update was required. The experience underlines the truth that developers should not rely on the Graph beta APIs because the APIs are prone to change at any time as Microsoft moves them along to become production-ready.
  28. Automating Microsoft 365 with PowerShell October 2025 Update September 22, 2025 7:05 am - The Office 365 for IT Pros team is happy to announce the availability of the October 2025 update for the Automating Microsoft 365 with PowerShell eBook. Subscribers can download the latest PDF and EPUB files from Gumroad.com. In other news, a new eBook about Exchange Server Subscription Edition (SE) is available. It’s always nice to see new sources of knowledge open up!
  29. Copilot Chat Arrives in Microsoft 365 Apps September 19, 2025 7:00 am - The rollout of the Copilot Chat integration with the Microsoft 365 apps has started, with the intention of making it easier to use AI in peoples’ work. Nice as the integration is, the news that an Open in Word action button is coming (soon) to allow content generated by Copilot to be edited in Word is even better. And we round out the week with a note about a change to the domain used by Teams.
  30. What’s the Best Way to Manage Guest Accounts? September 18, 2025 7:00 am - Guest account management should be a part of every Microsoft 365 tenant administrator’s checklist, unless the tenant has no guests. That’s possible but given the way that workloads like Teams and SharePoint Online create new guest accounts, the average tenant is likely to have quite a few guests. The question is how to manage guests – with Microsoft’s tools or using tenant-designed PowerShell scripts?
  31. Entra ID’s Keep Me Signed In Feature – Good or Bad? September 17, 2025 7:00 am - The Entra ID Keep Me Signed In (KMSI) feature creates persistent authentication cookies to allow users to avoid sign-ins during browser sessions. Is this a good or bad thing and should Microsoft 365 tenants enable or disable KMSI. I think KMSI is fine in certain conditions and explain my logic in this article. Feel free to disagree!
  32. Copilot Administrative Skills Don’t Do Much for SharePoint Management September 16, 2025 7:00 am - Microsoft 365 Copilot now has some SharePoint skills to deploy in the SharePoint admin center. The problem is that the skills aren't very good and don’t do much to help hard-pressed SharePoint Online administrators cope with the vast explosion of sites that exist in many tenants today. The problem is data. If Copilot doesn’t have the information to reason over, it can’t answer questions or give advice.
  33. Copilot Transcription Behavior Changing for Teams Meetings September 15, 2025 7:00 am - Microsoft plans to deploy an update to change how transcription behaves for Teams meetings where Copilot is enabled. New meetings will not generate a transcript unless the meeting organizer explicitly enables transcription or the Microsoft 365 tenant deploys custom meeting policies that enable transcription with Copilot. The AI features work even without a transcript. But no transcript means no searchable artifact, and that’s what some want.
  34. Running Teams PowerShell Cmdlets in Azure Automation September 12, 2025 7:00 am - This article describes the prerequisites and how to run cmdlets from the Teams PowerShell module in Azure Automation runbooks. We also consider when you’d want to consider using Teams PowerShell cmdlets instead of Graph API requests or cmdlets from the Microsoft Graph PowerShell SDK. The bottom line is that it’s possible, but maybe not a frequently-used option.
  35. Running the SharePoint Site Content and Policy Comparison Report September 11, 2025 6:00 am - A new SharePoint Site content and policy comparison report is available to tenants with Microsoft 365 Copilot or SharePoint advanced management licenses. The idea is that you choose some reference sites to compare other sites against to detect deviations from the reference site. It seems like a good idea if you’re trying to impose standards to control Copilot. Unhappily, attempts at running the report turned up zero results.
  36. Microsoft’s Effort to Develop a Broad People Platform September 10, 2025 7:00 am - Microsoft 365 users see the profile card and might wonder where the information displayed on the card comes from. Entra ID is the obvious source, but the people platform that Microsoft is developing is another and could include information imported through a Copilot connector to build out a complete picture of users and contacts within a Microsoft 365 tenant. It’s early days yet, but beta code is available.
  37. Microsoft’s Push to Save Office Files in the Cloud September 9, 2025 7:00 am - A new policy setting is available to force Microsoft 365 enterprise (Office subscription) applications to save to cloud locations and ignore the local disk. The idea is to increase cloud usage and improve compliance by storing all Office files in OneDrive for Business or SharePoint Online. Like a network PC, creating a dependency on a network connection only makes sense when a network connection is dependable, which might not always be the case.
  38. Microsoft Bolts on Copilot License Check onto ExRCA September 8, 2025 7:00 am - Microsoft announced a new Copilot license check diagnostic for the Exchange Connectivity Analyzer. Sounds good, but the test is very simple, and its results don’t tell you anything more than a few lines of PowerShell can deliver. To prove the point, we wrote a quick script to show how to perform a Copilot license check with the Microsoft Graph PowerShell SDK.
  39. How to Update Entra ID Apps to Run Teams Cmdlets September 5, 2025 7:00 am - MC1134747 describes a new permissions requirement for Entra apps that run Teams PowerShell cmdlets. Fixing apps to meet the new requirement is easily done with PowerShell. First, find the apps that use Teams PowerShell (we show two ways), and then assign the two required permissions to the apps. All done with a few lines of Microsoft Graph PowerShell SDK code.
  40. People Settings Appear in the Microsoft 365 Admin Center September 4, 2025 7:00 am - The Org Settings section of the Microsoft 365 admin center has a new People Settings section where you can choose properties for the Microsoft 365 profile card instead of using PowerShell. The kicker is that the old method of using Exchange custom properties to customize what appears on the profile card is being replaced with standard Entra ID properties. A migration is needed, and it’s easily done with PowerShell.
  41. Microsoft Explains the Differences Between Copilot Memories September 3, 2025 7:00 am - Copilot memory is a term that refers to different things, including Copilot communication memory, a method to use the Graph to personalize responses for users. The idea is to use all the sources of information available through the Graph as Copilot responds to user prompts in Microsoft 365 apps instead of limiting sources to whatever the app works with. It's a good idea, providing the Graph sources are accurate.
  42. Microsoft Deprecates Graph CLI and Toolkit September 2, 2025 7:00 am - Microsoft has depreciated the Microsoft Graph CLI and Graph Toolkit. It’s nice to see some rationalization, but the real need is for better quality and coverage across all the Microsoft 365 administrative actions. Even after fourteen years of development, too many undocumented and private APIs exist today, which is an unacceptable situation. You should vote for a feedback portal item to ask Microsoft to do better.
  43. September 2025 Update for Office 365 for IT Pros September 1, 2025 7:00 am - Monthly update #123 is available for the Office 365 for IT Pros eBook. Subscribers can download updated EPUB and PDF files for the main book and the Automating Microsoft 365 with PowerShell book from their Gumroad.com account. As with every month, the update touches most chapters as we continue to make sense of the changes that occur across the Microsoft 365 ecosystem. Subscribe today!
  44. Creating and Using an Azure Automation Custom Runtime Environment August 29, 2025 7:00 am - A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Graph PowerShell SDK runbooks. In this article, we create a new environment for PowerShell V7.4, load in some SDK modules, switch a runbook from a system-generated environment, and run some code.
  45. Teams Gives Users Control Over Hiding Inactive Channels August 28, 2025 7:00 am - In March, Microsoft said that they'd change Teams to offer suggestions about which inactive channels a user might want to hide from client channel lists. That update is now available. There’s no tenant-wide admin control, so users must decide for themselves whether Teams will suggest which channels to hide. No detail is available how Teams decides about inactive channels, but the change to put control in user hands is welcome.
  46. September 2025 Update for Automating Microsoft 365 with PowerShell August 27, 2025 7:00 am - The Office 365 for IT Pros eBook team is proud to announce the availability of update 15 for the Automating Microsoft 365 with PowerShell eBook. The book includes extensive coverage of how to work with Microsoft 365 workloads through standard modules, Graph APIs, and the Microsoft Graph PowerShell SDK, including hundreds of practical examples over 350-plus pages. No fluff, just real-world code.
  47. Summarize Email Thread Feature Coming to Outlook August 26, 2025 7:00 am - In late August, Microsoft plans to release the Copilot summarize email thread feature in Outlook clients without the need for a Microsoft 365 Copilot license. This news might seem surprising, but it’s simply a matter of business. If Microsoft doesn’t make basic AI features available in Outlook, ISVs (including OpenAI) will fill the gaps with add-ons. And that might make it harder to sell Microsoft 365 Copilot licenses.
  48. Microsoft 365 Tenants Need Vanity Domains to Send External Email August 25, 2025 7:00 am - Microsoft will impose a throttling limit for external recipients for tenants that use MOERA domain addresses to send outbound email. The limit is designed to stop tenants using mailboxes with primary SMTP addresses from MOERA domains from sending email, a technique that’s often used by spammers. This shouldn’t cause a problem for legitimate organizations who already have vanity domains, but it might stop some spam.
  49. Microsoft Fixes Copilot Audit Records August 22, 2025 7:00 am - After a report to the MSRC about some missing file data from Copilot audit records, Microsoft fixed the problem and audit records now contain details about the SharePoint Online files reviewed by Copilot to construct answers to user prompts. Having solid audit and compliance data is a good thing, unless you’re a lawyer charged with defending an eDiscovery action who might be asked to produce the files.
  50. Reporting Authentication Method Usage Data via the Graph August 21, 2025 7:00 am - Three new Graph API resources provide easy access to Entra ID authentication method summary data. The information is helpful to understand the type of sign-ins that happen, and the authentication methods used by user connections. The article includes a script based on the MFA sign-in summary to highlight non-MFA connections and the apps users connect to.
  51. Removing Obsolete Mobile Device Partnerships from Exchange Online August 20, 2025 7:00 am - This article discusses how to use PowerShell to find obsolete mobile device partnerships in Exchange Online (or Exchange Server) and remove the obsolete devices. Users won’t be able to remove obsolete mobile devices after the settings to manage mobile devices are removed from OWA and the New Outlook, so cleaning up the mess is the responsibility of administrators (like it usually always is).
  52. Unverified Sender Messages Highlighted By Outlook Mobile August 19, 2025 7:00 am - Outlook Mobile clients have started to highlight messages received from unverified senders. But what does "unverified" mean and what can be done to fix the problem? The issue lies at the sender’s end, so the administrators of the sending system must verify their email configuration to make sure that Exchange Online can validate inbound messages from their domain. The same visual markers are available in Outlook classic, OWA, and the new Outlook.
  53. Microsoft Defender for Office 365, Shared Mailboxes, and Microsoft 365 Groups August 18, 2025 7:00 am - Microsoft Defender for Office 365 (MDO) requires shared mailboxes to be licensed but doesn't extend the same requirement to Microsoft 365 Groups. Given that Microsoft 365 Groups have group mailboxes and can function very much like shared mailboxes, the difference in licensing is remarkable. Why does this happen? It could be due to internal Microsoft politics, omissions, or just a preference for Groups. Who knows?
  54. Mobile Device Management Options Disappear from OWA and the New Outlook August 15, 2025 7:00 am - Microsoft plans to remove the ability of users to perform mobile device management (for their devices) from the OWA and new Outlook for Windows clients. It’s unclear how much use these options receive, but following the update, users will only be able to disable or wipe a device remotely using features provided by O/S vendors. Administrators can still act to block or wipe lost or stolen devices.
  55. Sensitivity Labels with User-Defined Permissions Gain SharePoint Support August 14, 2025 7:00 am - Finally, Microsoft solved the technical issues that blocked SharePoint Online support for sensitivity labels with user-defined permissions (UDP). The feature is now generally available and it’s very welcome because support opens access for Office files and PDFs with UDP labels for search and Purview solutions like DLP and eDiscovery. Files with UDP labels applied prior to GA are not processed until they are edited, but that’s reasonable.
  56. Purview Priority Cleanup Expands to SharePoint and OneDrive August 13, 2025 7:00 am - Purview Priority Cleanup is growing its capabilities to be able to process files stored in SharePoint Online and OneDrive for Business. Public preview begins in mid-August, and the solution should be generally available at the end of September 2025. Removing files without regard for retention holds is much more complicated than removing mailbox items. The question is who needs this feature and how will it be used?
  57. Maintaining a Microsoft 365 Retention Policy with PowerShell August 12, 2025 7:00 am - The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, the Security and Compliance module doesn’t support managed identities, which makes it harder to run Connect-IPPSSession securely in an Azure Automation runbook. In the end, we use a credential stored in the automation account. And then we had to disable WAM. All explained here.
  58. Unexpected Microsoft Defender for Office 365 License Requirement for Shared Mailboxes August 11, 2025 7:00 am - A question about shared mailboxes brought up the topic of licensing requirements when a tenant has Microsoft Defender for Office 365 (MDO). The news is not good. Once MDO is active, every shared mailbox needs an MDO license, and every user mailbox must also be licensed for MDO (those with E5 licenses are covered). At $5 per month, those MDO licenses can ramp up to a considerable cost. Ouch!
  59. Teams Gets a KeyQL-Powered Search Box August 8, 2025 7:00 am - Microsoft is introducing a new KeyQL-powered capability for a revamped search box in Teams. The new implementation promises faster and more precise searching. First impressions are good, and the only doubt that I have is about how users will embrace this kind of searching. After all, some still use simple keyword searches.
  60. Microsoft Tells Hybrid Exchange Customers to Get Going with Dedicated Hybrid Connectivity App August 7, 2025 7:00 am - Microsoft says that few customers have installed the dedicated hybrid connectivity app that's needed to migrate from EWS. It's time to install that app! If not, rich coexistence between cloud and on-premises components will stop working for several days when Microsoft imposes service time-outs in August, September, and October to prompt customers to take action. It's time to install the dedicated hybrid connectivity app.
  61. Microsoft Introduces Copilot Memory August 6, 2025 7:00 am - A July 14 post announces Copilot Memory, a method to personalize how Copilot responds to user prompts. Controls are available to disable Copilot memory on a per-user and tenant basis. Manipulation of the tenant controls is done through Graph resources. This article explains how Copilot memory works and how to update the tenant controls with PowerShell.
  62. Creating a Microsoft 365 Retention Policy for Shared Mailboxes August 5, 2025 7:00 am - After being asked whether licenses are needed to include shared mailboxes in Microsoft 365 retention policies, I investigated and found that licenses are not. This led to a consideration of the steps needed to create a special retention policy for shared mailboxes (with PowerShell, naturally) and how to avoid retention setting collisions with other policies. All explained in detail here.
  63. How Microsoft Graph PowerShell SDK Access Tokens Work August 4, 2025 7:00 am - If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token management. Although you don’t need to know the details of the access token used in an SDK session, it’s possible to find and examine its contents, and even use the token with a Graph request. It's a nice to know thing that you’ll never need in practice.
  64. Monthly Update #122 Available for Office 365 for IT Pros eBook August 1, 2025 7:00 am - Monthly update #122 is now available for the Office 365 for IT Pros eBook. Subscribers can download PDF and EPUB files for the update from Gumroad.com. In other news, Microsoft cloud revenues keep soaring while Microsoft 365 seat growth moderates to 6% annually. Microsoft wants to give Copilot numbers but has no real data to share, and no one wants to talk about Teams active user numbers. It’s all in the mad world of Microsoft 365.
  65. DLP Diagnostics Available in Purview Portal July 31, 2025 7:00 am - DLP diagnostics were announced in October 2024, and it’s taken quite a while for Microsoft to make the four DLP diagnostic tests available. In truth, none of the tests are earthshattering and the kind of checking done by the tests could be performed quite easily by an experienced tenant administrator who knows the DLP solution. But those administrators are unlikely to be the target audience for these tests.
  66. How to Block OWA and Use the New Outlook July 30, 2025 7:00 am - Microsoft suggests that tenants wanting to block access to OWA while allowing people to use the new Outlook should deploy a conditional access policy. That’s good advice if a tenant has the necessary Entra P1 licenses and is willing to accept the loss of browser access to Teams. Microsoft 365 is a complicated interconnected place, and blocking one app can have consequences for another…
  67. Entra ID Governance Levies Charges for Guest Accounts July 29, 2025 7:00 am - A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2025. This only affects Microsoft 365 tenants that use ID governance for features like inactive guest access reviews, but unexpected charges might come as a surprise. This article explains a PowerShell script to find chargeable events in audit logs and how to calculate likely charges.
  68. August 2025 Update for Automating Microsoft 365 with PowerShell eBook July 28, 2025 7:00 am - The August 2025 update for the Automating Microsoft 365 with PowerShell eBook is available for subscribers to download. The eBook now includes over 350 content-rich pages packed full of practical examples of how to use PowerShell to automate Microsoft 365 operations. It’s an essential tool for anyone who needs to use PowerShell in a Microsoft 365 environment.
  69. New Outlook for Windows Enables S/MIME Inheritance Control July 25, 2025 7:00 am - The new Outlook for Windows now supports the NoSignOnReply control for inheritance of S/MIME signatures from messages to replies. It’s an update to match the feature that’s been in Outlook (classic) for a long time. The new setting is only available for Exchange Online and isn’t supported by OWA.
  70. Entra ID Introduces Linkable Token Identifiers for Audit Events July 24, 2025 7:00 am - Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The new identifiers make it easier to track all user actions taken during a session, and should be of great advantage to security investigators who need to know if an account is performing suspicious actions, possibly due to an attacker compromise.
  71. How to Remove Members from Microsoft 365 Groups with PowerShell July 23, 2025 7:00 am - After writing about how to copy group memberships from one user to another, the question arises about removing members from groups. The answer is straightforward when dealing with members of distribution lists and mail-enabled security groups, but things become more complicated when working with Microsoft 365 groups and it’s important to handle group owners correctly.
  72. Be Careful with Retention Labels Configured with Created Date Expiration July 22, 2025 7:00 am - Retention policies and retention labels have been around for about 8 years. Some of the older retention settings might use file created dates to remove items. No doubt basing retention on creation dates made perfect sense at the time, but experience shows that maybe basing retention on the last modified date can be better. All explored here together with a script to update retention labels in OneDrive.
  73. Changes Coming to Smoothen Edges in Microsoft Authenticator App July 21, 2025 7:00 am - The Microsoft Authenticator app gets two important changes in September 2025 to make the app easier to use for average users. The current number matching mechanism is modified to make it less likely that notifications will fail to be seen and the first run experience is changing to give priority to Entra ID accounts. Hopefully, the changes will encourage adoption of MFA in Microsoft 365 tenants.
  74. Teams Gains New Accent Colors July 18, 2025 7:00 am - The news that people can customize Teams by choosing one of ten accent colors for use in the Teams UX might or might not be positive, depending on your view. While it’s nice to see things in your chosen color, the thought might cross your mind that engineering could focus on other more important tasks… But that's being very critical.
  75. Microsoft Introduces Exchange 2016/2019 Extended Security Program July 17, 2025 7:00 am - The Exchange Extended Security Update program is a 6-month lifeline for organizations struggling to upgrade servers to Exchange Server SE. Although it’s easy to upgrade a server to , many things might get in the way before the Setup program can run. Small things like vacations, buying new hardware, or deploying a new O/S. From August 1, organizations can sign up to receive security updates from October 2025 to April 2026.
  76. Exchange Online Reduces Delicensing Resiliency Threshold to 5,000 Mailboxes July 16, 2025 7:00 am - A July 15 announcement says that Exchange Online is reducing the Delicensing Resiliency threshold from 10,000 to 5,000 mailboxes. That’s fine, but this feature should be available for all Exchange Online tenants. It’s a sticking plaster for how group-based licensing works and is inconsistent with how OneDrive for Business deals with unlicensed personal user data.
  77. Copilot Studio Agent Vulnerability to Prompt Injection July 15, 2025 7:00 am - Security researchers documented a prompt injection vulnerability in an agent created with Copilot Studio that allowed the exfiltration of customer data. Microsoft has fixed the problem, but the researchers figure that natural language prompts and the way that AI responds means that other ways will be found to cause agents to do silly things. Microsoft 365 tenants need to think about the deployment and management of agents.
  78. Microsoft 365 Copilot Search Rolling Out July 14, 2025 7:00 am - Microsoft 365 Copilot Search is the second iteration of Copilot Search. It borrows heavily from the older Microsoft Search in Bing feature in terms of how it presents different types of results. Copilot Search is unmatched when it comes to searching Exchange, SharePoint, and Teams, but its ability to search the web is hindered by the dependency on Bing and the preference given to Microsoft.com sources.
  79. Microsoft Graph PowerShell SDK V2.29 Now Available July 11, 2025 7:00 am - Version 2.29 of the Microsoft Graph PowerShell SDK can now be downloaded from the PowerShell Gallery. Initial tests show that the release is stable. However, it’s recommended that you deploy V2.29 on a few workstations to test essential scripts before proceeding to a full-scale roll-out. V2.29 does not address the issue with PowerShell runtime in Azure Automation, but overall, first indications are that V2.29 is a good release.
  80. Easier Configuration Promised for the Microsoft Authenticator App July 10, 2025 7:00 am - The Microsoft Authenticator app is a secure authentication method for MFA. The app is getting an easier way for backup and recovery, which should make it easier for people to move to new iOS devices. Instead of a Microsoft recovery account, Authenticator will use the iCloud keychain. The update is expected to roll out in September 2025.
  81. Improving the Processing of Protected Messages in Shared Mailboxes July 9, 2025 7:00 am - A sometimes overlooked 2024 update delivers easier access to protected messages delivered to shared mailboxes. Instead of direct assignment of Full Access to user mailboxes, access can be controlled through membership of a mail-enabled security group. It’s a small but very nice change, just like any update that eases the life of tenant administrators.
  82. Copying Group Membership with the Microsoft Graph PowerShell SDK July 8, 2025 7:00 am - Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you might need to update the script that you use. Things are a little more complicated when using the Graph, but where there’s a will, there’s a way. Here's how to use the Graph PowerShell SDK to do the job.
  83. Copilot Audio Overviews for OneDrive Documents July 7, 2025 7:00 am - Microsoft 365 Copilot users can generate audio overviews from Word and PDF files and Teams meeting recordings stored in OneDrive for Business. Copilot creates a transcript from the file and uses the Azure Audio Stack to generate an audio stream (that can be saved to an MP3 file). Sounds good, and the feature works well. At least, until it meets the DLP policy for Microsoft 365 Copilot.
  84. Exchange Server Subscription Edition Now Generally Available July 4, 2025 7:00 am - July 1 marked the general availability of Exchange Server SE (subscription edition), the latest in a long line of server releases going back to Exchange 4.0 (1996). Exchange Server SE will soon be the only game in town after Exchange 2016 and 2019 reach end of support in October 2025. In other news, Defender for Office 365 now boasts protection against email bombs.
  85. New Outlook for Windows Support for Export to PST July 3, 2025 7:00 am - The New Outlook for Windows supports an export to PST function. Unfortunately, exporting mailbox items is very slow – roughly ten times slower than Outlook (classic). But a bigger question is whether Microsoft 365 tenants should allow the use of the export to PST function because of the potential effect on tenant compliance and governance. Fortunately, it’s easily blocked.
  86. Microsoft Launches New Way to Consume Documentation July 2, 2025 7:00 am - The MCP server for Microsoft Learn is available in public preview. It can be installed to allow AI agent real-time access to Microsoft documentation. The problem with any AI technology is that it depends on the accuracy of its sources. And sometimes the accuracy of Microsoft Learn is not as good as people assume, which then means that the AI responses aren't so good.
  87. Announcing Office 365 for IT Pros (2026 Edition) July 1, 2025 7:00 am - Office 365 for IT Pros (2026 edition), the 12th in an eBook series going back to May 2015, is now available. Covering all the essential aspects of Microsoft 365 tenant management from Entra ID to Exchange Online, SharePoint Online, OneDrive for Business, Teams, data lifecycle management, information protection, and more, Office 365 for IT Pros is an indispensable companion for tenant administrators who want to understand how Microsoft 365 really works.
  88. Automating Microsoft 365 with PowerShell Second Edition June 30, 2025 7:00 am - The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads. Existing subscribers can download the second edition now free of charge.
  89. Copilot Agent Governance Product Launched by ISV June 27, 2025 7:00 am - Agent governance is the framework that allows tenants to deploy agents safely, securely, and under control. A new ISV offering from Rencore helps to fill some gaps in Copilot agent governance that currently exist in what’s available in Microsoft 365. It’s good to see ISV action in this space because the last thing that anyone wants is the prospect of Copilot agents running amok inside Microsoft 365 tenants.
  90. Token Protection Extends to Microsoft Graph PowerShell SDK Sessions June 26, 2025 7:00 am - The conditional access policy condition for token protection now extends to Microsoft Graph PowerShell SDK interactive sessions. Any account within the scope of a CA policy that requires token protection can use Web Account Manager (WAM) to sign in and check that everything is secure and ready to go. It’s a protection that might be of interest to administrators and developers that access sensitive data in Graph SDK sessions.
  91. Microsoft 365 PowerShell Modules Need Better Testing June 25, 2025 7:00 am - Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerShell SDK and Exchange Online Management modules. The root cause is a decision to remove support for .NET6, but the worrying point is the lack of awareness within Microsoft engineering that Azure Automation is where many critical scripts run. Better pre-release testing is definitely needed.
  92. Launch Plan for Office 365 for IT Pros (2026 Edition) June 24, 2025 7:00 am - We're a week away from the launch of the Office 365 for IT Pros (2026 edition) eBook, the 12th edition issued since the first book appeared in 2015. This article describes the launch plan and informs current subscribers about how they will receive an update offer to extend their subscription. We’re also updating the Automating Microsoft 365 with PowerShell eBook.
  93. Outlook’s New Summarize Option for Email Attachments June 23, 2025 7:00 am - Among the blizzard of Copilot changes is one where Outlook can summarize attachments. That sounds small, but the feature is pretty useful if you receive lots of messages with “classic” (file) attachments. Being able to see a quick summary of long documents is a real time saver, and it’s an example of a small change that helps users exploit AI. Naturally, it doesn’t work with Outlook classic.
  94. Microsoft to Block Users Granting Third-Party App Access to User Sites and Files June 19, 2025 1:30 pm - In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.
  95. Updating the Entra ID Custom Banned Password List with PowerShell June 19, 2025 7:00 am - Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. The idea is to prevent easily-guessed terms being used in passwords. You could also block words deemed to be objectionable. In any case, this article explains how to maintain the custom blocked password list with a PowerShell script.
  96. Microsoft Pushes European Sovereign Solutions June 18, 2025 7:00 am - On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Microsoft 365 apart from the need to connect to Azure from time to time. Microsoft 365 Local is an on-premises packaged solution. There’s nothing bad about that because some companies need to run on-premises servers for their own reasons. But calling it Microsoft 365?
  97. People Skills Rolling Out Within Microsoft 365 June 17, 2025 7:00 am - People Skills is a new Microsoft 365 solution that uses AI to determine what skills are possessed by users based on their profile and activities. The skills recorded for users turn up on the Microsoft 365 profile card, just like the older SharePoint/Delve implementation. Is this an example of more AI being used “just because we can” or a useful solution? It’s up to you to decide.
  98. Using a Copilot Agent in SharePoint to Interact with Office 365 for IT Pros June 16, 2025 7:00 am - Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs issued for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks as knowledge sources. If you’ve got Microsoft 365 Copilot licenses, this is an interesting way to interact with the books.
  99. AI Generative Summaries Make Life Even Harder for Technology Websites June 13, 2025 7:00 am - The AI-based generative summaries featured by Google and other search engines remove organic traffic from technology websites and make it less attractive for content creators to write about new topics. The upshot is likely to be a decrease in the amount of new knowledge shared on public websites and a resultant lack of information for the AI LLMs to feed off.
  100. When the Invoke-MgGraphRequest Cmdlet Needs Help to Fetch Responses June 12, 2025 7:00 am - Sometimes it's hard to get a response back from running a Graph API request with the Invoke-MgGraphRequest cmdlet. Graph Explorer helps. So does reading Microsoft’s documentation for the cmdlet. In the end, everything works out and we can discover some valuable information that comes back in a response header. In this case, the response header helps us discover if a purge job works.
Exit mobile version