Microsoft Defender for Office 365 (MDO) requires shared mailboxes to be licensed but doesn't extend the same requirement to Microsoft 365 Groups. Given that Microsoft 365 Groups have group mailboxes and can function very much like shared mailboxes, the difference in licensing is remarkable. Why does this happen? It could be due to internal Microsoft politics, omissions, or just a preference for Groups. Who knows?| Office 365 for IT Pros
The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, the Security and Compliance module doesn’t support managed identities, which makes it harder to run Connect-IPPSSession securely in an Azure Automation runbook. In the end, we use a credential stored in the automation account. And then we had to disable WAM. All explained here.| Office 365 for IT Pros
A question about shared mailboxes brought up the topic of licensing requirements when a tenant has Microsoft Defender for Office 365 (MDO). The news is not good. Once MDO is active, every shared mailbox needs an MDO license, and every user mailbox must also be licensed for MDO (those with E5 licenses are covered). At $5 per month, those MDO licenses can ramp up to a considerable cost. Ouch!| Office 365 for IT Pros
A sometimes overlooked 2024 update delivers easier access to protected messages delivered to shared mailboxes. Instead of direct assignment of Full Access to user mailboxes, access can be controlled through membership of a mail-enabled security group. It’s a small but very nice change, just like any update that eases the life of tenant administrators.| Office 365 for IT Pros