Copilot memory is a term that refers to different things, including Copilot communication memory, a method to use the Graph to personalize responses for users. The idea is to use all the sources of information available through the Graph as Copilot responds to user prompts in Microsoft 365 apps instead of limiting sources to whatever the app works with. It's a good idea, providing the Graph sources are accurate.| Office 365 for IT Pros
Microsoft has depreciated the Microsoft Graph CLI and Graph Toolkit. It’s nice to see some rationalization, but the real need is for better quality and coverage across all the Microsoft 365 administrative actions. Even after fourteen years of development, too many undocumented and private APIs exist today, which is an unacceptable situation. You should vote for a feedback portal item to ask Microsoft to do better.| Office 365 for IT Pros
Monthly update #123 is available for the Office 365 for IT Pros eBook. Subscribers can download updated EPUB and PDF files for the main book and the Automating Microsoft 365 with PowerShell book from their Gumroad.com account. As with every month, the update touches most chapters as we continue to make sense of the changes that occur across the Microsoft 365 ecosystem. Subscribe today!| Office 365 for IT Pros
A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Graph PowerShell SDK runbooks. In this article, we create a new environment for PowerShell V7.4, load in some SDK modules, switch a runbook from a system-generated environment, and run some code.| Office 365 for IT Pros
In March, Microsoft said that they'd change Teams to offer suggestions about which inactive channels a user might want to hide from client channel lists. That update is now available. There’s no tenant-wide admin control, so users must decide for themselves whether Teams will suggest which channels to hide. No detail is available how Teams decides about inactive channels, but the change to put control in user hands is welcome.| Office 365 for IT Pros
The Office 365 for IT Pros eBook team is proud to announce the availability of update 15 for the Automating Microsoft 365 with PowerShell eBook. The book includes extensive coverage of how to work with Microsoft 365 workloads through standard modules, Graph APIs, and the Microsoft Graph PowerShell SDK, including hundreds of practical examples over 350-plus pages. No fluff, just real-world code.| Office 365 for IT Pros
In late August, Microsoft plans to release the Copilot summarize email thread feature in Outlook clients without the need for a Microsoft 365 Copilot license. This news might seem surprising, but it’s simply a matter of business. If Microsoft doesn’t make basic AI features available in Outlook, ISVs (including OpenAI) will fill the gaps with add-ons. And that might make it harder to sell Microsoft 365 Copilot licenses.| Office 365 for IT Pros
Microsoft will impose a throttling limit for external recipients for tenants that use MOERA domain addresses to send outbound email. The limit is designed to stop tenants using mailboxes with primary SMTP addresses from MOERA domains from sending email, a technique that’s often used by spammers. This shouldn’t cause a problem for legitimate organizations who already have vanity domains, but it might stop some spam.| Office 365 for IT Pros
After a report to the MSRC about some missing file data from Copilot audit records, Microsoft fixed the problem and audit records now contain details about the SharePoint Online files reviewed by Copilot to construct answers to user prompts. Having solid audit and compliance data is a good thing, unless you’re a lawyer charged with defending an eDiscovery action who might be asked to produce the files.| Office 365 for IT Pros
Three new Graph API resources provide easy access to Entra ID authentication method summary data. The information is helpful to understand the type of sign-ins that happen, and the authentication methods used by user connections. The article includes a script based on the MFA sign-in summary to highlight non-MFA connections and the apps users connect to.| Office 365 for IT Pros
This article discusses how to use PowerShell to find obsolete mobile device partnerships in Exchange Online (or Exchange Server) and remove the obsolete devices. Users won’t be able to remove obsolete mobile devices after the settings to manage mobile devices are removed from OWA and the New Outlook, so cleaning up the mess is the responsibility of administrators (like it usually always is).| Office 365 for IT Pros
Outlook Mobile clients have started to highlight messages received from unverified senders. But what does "unverified" mean and what can be done to fix the problem? The issue lies at the sender’s end, so the administrators of the sending system must verify their email configuration to make sure that Exchange Online can validate inbound messages from their domain. The same visual markers are available in Outlook classic, OWA, and the new Outlook.| Office 365 for IT Pros
Microsoft Defender for Office 365 (MDO) requires shared mailboxes to be licensed but doesn't extend the same requirement to Microsoft 365 Groups. Given that Microsoft 365 Groups have group mailboxes and can function very much like shared mailboxes, the difference in licensing is remarkable. Why does this happen? It could be due to internal Microsoft politics, omissions, or just a preference for Groups. Who knows?| Office 365 for IT Pros
Microsoft plans to remove the ability of users to perform mobile device management (for their devices) from the OWA and new Outlook for Windows clients. It’s unclear how much use these options receive, but following the update, users will only be able to disable or wipe a device remotely using features provided by O/S vendors. Administrators can still act to block or wipe lost or stolen devices.| Office 365 for IT Pros
Finally, Microsoft solved the technical issues that blocked SharePoint Online support for sensitivity labels with user-defined permissions (UDP). The feature is now generally available and it’s very welcome because support opens access for Office files and PDFs with UDP labels for search and Purview solutions like DLP and eDiscovery. Files with UDP labels applied prior to GA are not processed until they are edited, but that’s reasonable.| Office 365 for IT Pros
Purview Priority Cleanup is growing its capabilities to be able to process files stored in SharePoint Online and OneDrive for Business. Public preview begins in mid-August, and the solution should be generally available at the end of September 2025. Removing files without regard for retention holds is much more complicated than removing mailbox items. The question is who needs this feature and how will it be used?| Office 365 for IT Pros
A change made to an Office 365 retention policy for Teams personal chats in the KPMG tenant removed data for 145,000 users. That's unfortunate, and it underlines the need for admins to understand how retention policies work.| Office 365 for IT Pros
The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, the Security and Compliance module doesn’t support managed identities, which makes it harder to run Connect-IPPSSession securely in an Azure Automation runbook. In the end, we use a credential stored in the automation account. And then we had to disable WAM. All explained here.| Office 365 for IT Pros
A question about shared mailboxes brought up the topic of licensing requirements when a tenant has Microsoft Defender for Office 365 (MDO). The news is not good. Once MDO is active, every shared mailbox needs an MDO license, and every user mailbox must also be licensed for MDO (those with E5 licenses are covered). At $5 per month, those MDO licenses can ramp up to a considerable cost. Ouch!| Office 365 for IT Pros
Microsoft is introducing a new KeyQL-powered capability for a revamped search box in Teams. The new implementation promises faster and more precise searching. First impressions are good, and the only doubt that I have is about how users will embrace this kind of searching. After all, some still use simple keyword searches.| Office 365 for IT Pros
Microsoft says that few customers have installed the dedicated hybrid connectivity app that's needed to migrate from EWS. It's time to install that app! If not, rich coexistence between cloud and on-premises components will stop working for several days when Microsoft imposes service time-outs in August, September, and October to prompt customers to take action. It's time to install the dedicated hybrid connectivity app.| Office 365 for IT Pros
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it only retrieved the first 200 workspaces.| Office 365 for IT Pros
A longstanding problem open since September 2023 causes problems retrieving important SharePoint usage data like site URLs and user activity data.| Office 365 for IT Pros
SharePoint Embedded is a new Microsoft offering for application developers. The big upside is that apps can take advantage of the Microsoft 365 ecosystem.| Office 365 for IT Pros
SharePoint Online makes extensive use of file versioning. Coming in November 2023, we will see SharePoint Intelligent Versioning based on usage and need.| Office 365 for IT Pros
Microsoft's service description for OneDrive for Business promises unlimited OneDrive storage for Office 365 E3 and E5.| Office 365 for IT Pros
SharePoint Online comes with a lot of storage. In this article, we explain how to create a SharePoint Online site storage report with PowerShell.| Office 365 for IT Pros
Month: June 2024| Office 365 for IT Pros
A July 14 post announces Copilot Memory, a method to personalize how Copilot responds to user prompts. Controls are available to disable Copilot memory on a per-user and tenant basis. Manipulation of the tenant controls is done through a Graph resources. This article explains how Copilot memory works and how to update the tenant controls with PowerShell.| Office 365 for IT Pros
After being asked whether licenses are needed to include shared mailboxes in Microsoft 365 retention policies, I investigated and found that licenses are not. This led to a consideration of the steps needed to create a special retention policy for shared mailboxes (with PowerShell, naturally) and how to avoid retention setting collisions with other policies. All explained in detail here.| Office 365 for IT Pros
If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token management. Although you don’t need to know the details of the access token used in an SDK session, it’s possible to find and examine its contents, and even use the token with a Graph request. It's a nice to know thing that you’ll never need in practice.| Office 365 for IT Pros
Monthly update #122 is now available for the Office 365 for IT Pros eBook. Subscribers can download PDF and EPUB files for the update from Gumroad.com. In other news, Microsoft cloud revenues keep soaring while Microsoft 365 seat growth moderates to 6% annually. Microsoft wants to give Copilot numbers but has no real data to share, and no one wants to talk about Teams active user numbers. It’s all in the mad world of Microsoft 365.| Office 365 for IT Pros
DLP diagnostics were announced in October 2024, and it’s taken quite a while for Microsoft to make the four DLP diagnostic tests available. In truth, none of the tests are earthshattering and the kind of checking done by the tests could be performed quite easily by an experienced tenant administrator who knows the DLP solution. But those administrators are unlikely to be the target audience for these tests.| Office 365 for IT Pros
Microsoft suggests that tenants wanting to block access to OWA while allowing people to use the new Outlook should deploy a conditional access policy. That’s good advice if a tenant has the necessary Entra P1 licenses and is willing to accept the loss of browser access to Teams. Microsoft 365 is a complicated interconnected place, and blocking one app can have consequences for another…| Office 365 for IT Pros
A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2025. This only affects Microsoft 365 tenants that use ID governance for features like inactive guest access reviews, but unexpected charges might come as a surprise. This article explains a PowerShell script to find chargeable events in audit logs and how to calculate likely charges.| Office 365 for IT Pros
The August 2025 update for the Automating Microsoft 365 with PowerShell eBook is available for subscribers to download. The eBook now includes over 350 content-rich pages packed full of practical examples of how to use PowerShell to automate Microsoft 365 operations. It’s an essential tool for anyone who needs to use PowerShell in a Microsoft 365 environment.| Office 365 for IT Pros
The new Outlook for Windows now supports the NoSignOnReply control for inheritance of S/MIME signatures from messages to replies. It’s an update to match the feature that’s been in Outlook (classic) for a long time. The new setting is only available for Exchange Online and isn’t supported by OWA.| Office 365 for IT Pros
Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The new identifiers make it easier to track all user actions taken during a session, and should be of great advantage to security investigators who need to know if an account is performing suspicious actions, possibly due to an attacker compromise.| Office 365 for IT Pros
After writing about how to copy group memberships from one user to another, the question arises about removing members from groups. The answer is straightforward when dealing with members of distribution lists and mail-enabled security groups, but things become more complicated when working with Microsoft 365 groups and it’s important to handle group owners correctly.| Office 365 for IT Pros
Retention policies and retention labels have been around for about 8 years. Some of the older retention settings might use file created dates to remove items. No doubt basing retention on creation dates made perfect sense at the time, but experience shows that maybe basing retention on the last modified date can be better. All explored here together with a script to update retention labels in OneDrive.| Office 365 for IT Pros
The Microsoft Authenticator app gets two important changes in September 2025 to make the app easier to use for average users. The current number matching mechanism is modified to make it less likely that notifications will fail to be seen and the first run experience is changing to give priority to Entra ID accounts. . Hopefully, the changes will encourage adoption of MFA in Microsoft 365 tenants.| Office 365 for IT Pros
The news that people can customize Teams by choosing one of ten accent colors for use in the Teams UX might or might not be positive, depending on your view. While it’s nice to see things in your chosen color, the thought might cross your mind that engineering could focus on other more important tasks… But that's being very critical.| Office 365 for IT Pros
The Exchange Extended Security Update program is a 6-month lifeline for organizations struggling to upgrade servers to Exchange Server SE. Although it’s easy to upgrade a server to , many things might get in the way before the Setup program can run. Small things like vacations, buying new hardware, or deploying a new O/S. From August 1, organizations can sign up to receive security updates from October 2025 to April 2026.| Office 365 for IT Pros
A July 15 announcement says that Exchange Online is reducing the Delicensing Resiliency threshold from 10,000 to 5,000 mailboxes. That’s fine, but this feature should be available for all Exchange Online tenants. It’s a sticking plaster for how group-based licensing works and is inconsistent with how OneDrive for Business deals with unlicensed personal user data.| Office 365 for IT Pros
Security researchers documented a prompt injection vulnerability in an agent created with Copilot Studio that allowed the exfiltration of customer data. Microsoft has fixed the problem, but the researchers figure that natural language prompts and the way that AI responds means that other ways will be found to cause agents to do silly things. Microsoft 365 tenants need to think about the deployment and management of agents.| Office 365 for IT Pros
Microsoft 365 Copilot Search is the second iteration of Copilot Search. It borrows heavily from the older Microsoft Search in Bing feature in terms of how it presents different types of results. Copilot Search is unmatched when it comes to searching Exchange, SharePoint, and Teams, but its ability to search the web is hindered by the dependency on Bing and the preference given to Microsoft.com sources.| Office 365 for IT Pros
Version 2.29 of the Microsoft Graph PowerShell SDK can now be downloaded from the PowerShell Gallery. Initial tests show that the release is stable. However, it’s recommended that you deploy V2.29 on a few workstations to test essential scripts before proceeding to a full-scale roll-out. V2.29 does not address the issue with PowerShell runtime in Azure Automation, but overall, first indications are that V2.29 is a good release.| Office 365 for IT Pros
The Microsoft Authenticator app is a secure authentication method for MFA. The app is getting an easier way for backup and recovery, which should make it easier for people to move to new iOS devices. Instead of a Microsoft recovery account, Authenticator will use the iCloud keychain. The update is expected to roll out in September 2025.| Office 365 for IT Pros
A sometimes overlooked 2024 update delivers easier access to protected messages delivered to shared mailboxes. Instead of direct assignment of Full Access to user mailboxes, access can be controlled through membership of a mail-enabled security group. It’s a small but very nice change, just like any update that eases the life of tenant administrators.| Office 365 for IT Pros
Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you might need to update the script that you use. Things are a little more complicated when using the Graph, but where there’s a will, there’s a way. Here's how to use the Graph PowerShell SDK to do the job.| Office 365 for IT Pros
Microsoft 365 Copilot users can generate audio overviews from Word and PDF files and Teams meeting recordings stored in OneDrive for Business. Copilot creates a transcript from the file and uses the Azure Audio Stack to generate an audio stream (that can be saved to an MP3 file). Sounds good, and the feature works well. At least, until it meets the DLP policy for Microsoft 365 Copilot.| Office 365 for IT Pros
July 1 marked the general availability of Exchange Server SE (subscription edition), the latest in a long line of server releases going back to Exchange 4.0 (1996). Exchange Server SE will soon be the only game in town after Exchange 2016 and 2019 reach end of support in October 2025. In other news, Defender for Office 365 now boasts protection against email bombs.| Office 365 for IT Pros
The New Outlook for Windows supports an export to PST function. Unfortunately, exporting mailbox items is very slow – roughly ten times slower than Outlook (classic). But a bigger question is whether Microsoft 365 tenants should allow the use of the export to PST function because of the potential effect on tenant compliance and governance. Fortunately, it’s easily blocked.| Office 365 for IT Pros
The MCP server for Microsoft Learn is available in public preview. It can be installed to allow AI agent real-time access to Microsoft documentation. The problem with any AI technology is that it depends on the accuracy of its sources. And sometimes the accuracy of Microsoft Learn is not as good as people assume, which then means that the AI responses aren't so good.| Office 365 for IT Pros
Office 365 for IT Pros (2026 edition), the 12th in an eBook series going back to May 2015, is now available. Covering all the essential aspects of Microsoft 365 tenant management from Entra ID to Exchange Online, SharePoint Online, OneDrive for Business, Teams, data lifecycle management, information protection, and more, Office 365 for IT Pros is an indispensable companion for tenant administrators who want to understand how Microsoft 365 really works.| Office 365 for IT Pros
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads. Existing subscribers can download the second edition now free of charge.| Office 365 for IT Pros
Agent governance is the framework that allows tenants to deploy agents safely, securely, and under control. A new ISV offering from Rencore helps to fill some gaps in Copilot agent governance that currently exist in what’s available in Microsoft 365. It’s good to see ISV action in this space because the last thing that anyone wants is the prospect of Copilot agents running amok inside Microsoft 365 tenants.| Office 365 for IT Pros
The conditional access policy condition for token protection now extends to Microsoft Graph PowerShell SDK interactive sessions. Any account within the scope of a CA policy that requires token protection can use Web Account Manager (WAM) to sign in and check that everything is secure and ready to go. It’s a protection that might be of interest to administrators and developers that access sensitive data in Graph SDK sessions.| Office 365 for IT Pros
Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerShell SDK and Exchange Online Management modules. The root cause is a decision to remove support for .NET6, but the worrying point is the lack of awareness within Microsoft engineering that Azure Automation is where many critical scripts run. Better pre-release testing is definitely needed.| Office 365 for IT Pros
We're a week away from the launch of the Office 365 for IT Pros (2026 edition) eBook, the 12th edition issued since the first book appeared in 2015. This article describes the launch plan and informs current subscribers about how they will receive an update offer to extend their subscription. We’re also updating the Automating Microsoft 365 with PowerShell eBook.| Office 365 for IT Pros
Among the blizzard of Copilot changes is one where Outlook can summarize attachments. That sounds small, but the feature is pretty useful if you receive lots of messages with “classic” (file) attachments. Being able to see a quick summary of long documents is a real time saver, and it’s an example of a small change that helps users exploit AI. Naturally, it doesn’t work with Outlook classic.| Office 365 for IT Pros
In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting users grant unsupervised consent to third-party apps to access files stored in OneDrive for Business and SharePoint Online is a bad idea. There are certainly apps out there that need such access, but requiring one-time administrator approval is no hardship.| Office 365 for IT Pros
Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. The idea is to prevent easily-guessed terms being used in passwords. You could also block words deemed to be objectionable. In any case, this article explains how to maintain the custom blocked password list with a PowerShell script.| Office 365 for IT Pros
On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Microsoft 365 apart from the need to connect to Azure from time to time. Microsoft 365 Local is an on-premises packaged solution. There’s nothing bad about that because some companies need to run on-premises servers for their own reasons. But calling it Microsoft 365?| Office 365 for IT Pros
People Skills is a new Microsoft 365 solution that uses AI to determine what skills are possessed by users based on their profile and activities. The skills recorded for users turn up on the Microsoft 365 profile card, just like the older SharePoint/Delve implementation. Is this an example of more AI being used “just because we can” or a useful solution? It’s up to you to decide.| Office 365 for IT Pros
Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs issued for the Office 365 for IT Pros and Automating Microsoft 365 with PowerShell eBooks as knowledge sources. If you’ve got Microsoft 365 Copilot licenses, this is an interesting way to interact with the books.| Office 365 for IT Pros
The AI-based generative summaries featured by Google and other search engines remove organic traffic from technology websites and make it less attractive for content creators to write about new topics. The upshot is likely to be a decrease in the amount of new knowledge shared on public websites and a resultant lack of information for the AI LLMs to feed off.| Office 365 for IT Pros
Sometimes it's hard to get a response back from running a Graph API request with the Invoke-MgGraphRequest cmdlet. Graph Explorer helps. So does reading Microsoft’s documentation for the cmdlet. In the end, everything works out and we can discover some valuable information that comes back in a response header. In this case, the response header helps us discover if a purge job works.| Office 365 for IT Pros
The old Set-MsolCompanySettings cmdlet is no more, so how can a Microsoft 365 tenant block email-based subscriptions? With the Graph, of course! Seriously, there’s no 1-to-1 mapping from the old cmdlet to a new, but some of the settings are available in the Entra ID authorization policy. We can update the authorization policy with PowerShell to block email-based subscriptions, like Copilot Studio.| Office 365 for IT Pros
After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration will work. Users who lose access to content shared from SharePoint Online or OneDrive for Business will have to contact the original sharer to ask them to generate a new sharing link. Sounds like a recipe for confusion, which is what might happen.| Office 365 for IT Pros
An OWA mailbox setting is available to block PST access for the new Outlook for Windows client. The setting mimics controls available for Outlook classic, where companies have been blocking PST access for a long time. Once email is in a PST, it’s invisible to any of the compliance solutions that organizations pay for. It’s also invisible to Copilot, which might not be a bad thing…| Office 365 for IT Pros
The need for more nuanced responses to Teams chat and channel messages can apparently be met through multiple emoji reactions instead of a basic one-emoji response like a smile or thumbs up. In any case, users can add up to 20 emojis in response to Teams chat and channel messages. The possibilities of what 20-emoji combinations might communicate are endless, or so it seems.| Office 365 for IT Pros
Microsoft announced the GA for the new message tracing feature on June 3. The old code will be deprecated in September 2025, so it's time to update any PowerShell scripts that use the Get-MessageTrace or Get-MessageTraceDetail cmdlets. Upgrading is easy and shouldn’t take too long, once you find the time to do the work.| Office 365 for IT Pros
A recent post revealed that the Mailbox Import-Export Graph API doesn't capture audit events for its operations. The API is in beta, but this is disappointing. Auditing any mailbox is important, but it becomes a critical requirement when the possibility exists that attackers could use the API to exfiltrate mailbox data outside of the tenant. This is a hole that Microsoft needs to close.| Office 365 for IT Pros
The new TwoClickMailPreviewEnabled setting in the Exchange organization configuration controls if OWA and the new Outlook for Windows use two-click confirmation to open protected email. The new feature could be useful for people who commonly open confidential and protected email in situations where someone else could see what they’re reading. In other situations, it will irritate people.| Office 365 for IT Pros
Monthly update #120 (June 2025) is available for the Office 365 for IT Pros eBook. This is the last update for the 2025 edition as the 2026 edition will be available on July 1, 2025. Change continues as Microsoft continues on their odyssey to an agentic world. Growth in the ecosystem continues and Microsoft 365 now has 430 million paid seats, 56 million of whom use Power Platform. All good!| Office 365 for IT Pros
Microsoft will launch the aiInteractionHistory Graph API (aka, the Copilot Interaction Export API) in June. The API enables third-party access to Copilot data for analysis and investigative purposes, but any ISV who wants to use the API needs to do some work to interpret the records returned by the API to determine what Copilot really did in its interactions with users.| Office 365 for IT Pros
A user reported that a script didn't list any details of hidden group memberships and asked why. The reason is that a separate Graph permission controls access to hidden group memberships. If an app doesn’t have the permission, the Graph returns null memberships, which is probably not all that helpful. Once the right permission is in place, everything works.| Office 365 for IT Pros
A set of 80 mysterious SharePoint Embedded containers turned up because Microsoft pre-provisioned storage for files used as knowledge sources by Copilot agents. Details of the pre-provisioning are in message center notification MC1058260, but who has the time to read and analyze everything posted to the message center? And anyway, the mysterious containers have now disappeared...| Office 365 for IT Pros
The prospect of agents running amok in Microsoft 365 tenants lessened a tad with the introduction of Entra Agent ID. Tenants will be able to manage agents through the Entra admin center. Custom agents created with Copilot Studio or Azure AI Foundry now have Entra identifiers and show up in the admin center. So far, not much else happens but the promise of more functionality is there.| Office 365 for IT Pros
The Teams Discover Feed highlights unread items from channels that users might have missed. Microsoft tweaked the feature so that it only works with 5 or more channels. The logic behind the change is that if you have access to less than five channels, the Discover Feed is unlikely to be much use because it probably won’t have many unread messages to show. One limitation is that guest users can’t use the feed.| Office 365 for IT Pros
The June 2025 update for the Automating Microsoft 365 with PowerShell eBook is now available. Coding automation with Microsoft 365 PowerShell can be challenging, but not with this book beside you. It contains hundreds of examples of working with Entra ID, Exchange Online, SharePoint Online, OneDrive for Business, Teams, and Planner using regular PowerShell cmdlets and the Graph APIs.| Office 365 for IT Pros
The update to allow team members to add a Loop workspace as a channel tab is now rolling out and should be available worldwide soon. Microsoft is currently putting a lot of emphasis on Loop and its almost read-time collaboration capabilities are turning up in many places within Microsoft 365, like Copilot Pages. Will Loop replace OneNote eventually? That's a big question...| Office 365 for IT Pros
A new feature of the Quest On Demand migration suite supports the tenant-to-tenant migration of Exchange and SharePoint content protected by sensitivity labels. This might not seem a big deal, but it’s the first time that a migration product has been able to automatically move protected files and messages from one tenant to another, including files protected by sensitivity labels with user-defined permissions.| Office 365 for IT Pros
Some sites picked up the Microsoft 365 Copilot penetration test that allegedly proved how Copilot can extract sensitive data from SharePoint Online. When you look at the test, it depends on three major assumptions: that an attacker compromises a tenant, poor tenant management, and failure to deploy available tools. Other issues, like users uploading SharePoint and OneDrive files to process on ChatGPT, are more of a priority for tenant administrators.| Office 365 for IT Pros
Two new service plans are now in the Microsoft 365 Copilot license to allow users access to Viva Insights. The new service plans enable the Copilot dashboard in Viva Insights. It’s nice to get new functionality, but sometimes you don’t want people to use a feature, which brings up the topic of disabling a Copilot service plan using GUIs or a PowerShell script.| Office 365 for IT Pros
This week's Microsoft layoffs provide a timely reminder to review how to retain and secure ex-employee data. OneDrive for Business might be the biggest challenge because of the variety of application data that now ends up in user OneDrive accounts. Agents and Flows are also an area of concern, as are objects like apps, phone numbers, and recurring meetings.| Office 365 for IT Pros
On May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying problems that have dogged the SDK for several months. The first few days haven’t revealed any new problems and bug reports are being closed, so the signs are positive. But do test before deploying V2.28 into production.| Office 365 for IT Pros
Litigation holds can retain mailbox data, but that's it. You can swap litigation holds out for a Microsoft 365 retention policy and gain extra functionality, such as retaining OneDrive for Business content for the mailbox owners. It’s easy to script the transition from litigation holds to retention policy using PowerShell and to show how, we include a fully working script.| Office 365 for IT Pros
The ConditionalAccessPolicy setting in an OWA mailbox policy can be configured to work with Entra ID conditional access so that OWA blocks access to attachments on unmanaged devices. Microsoft originally introduced the feature in 2018 and as it turns out, the combination of OWA mailbox policy and CA policy also blocks attachment access for the new Outlook for Windows client.| Office 365 for IT Pros
An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve data. The article is an interesting read and reveals how Copilot can reveal data in password protected Excel worksheets. However, many of the issues raised can be controlled by applying available controls, and the biggest worry is lhow the account being used to run Copilot came to be compromised!| Office 365 for IT Pros
Copilot usage data can be pretty sparse, but it's easy to enhance the data to gain extra insight into how Microsoft 365 Copilot is used within a tenant. In this case, an administrator wanted to have department and job title information available for each Copilot license holder, so we combined the Copilot usage data with details of Entra ID user accounts with Copilot licenses to create the desired report.| Office 365 for IT Pros
Microsoft recently announced the deprecation of the Exchange cmdlets to search for mailbox audit data. The audit data is ingested into the Microsoft 365 unified audit log, but it’s more difficult to find and retrieve Exchange mailbox audit events. Methods are available to find mailbox audit data, but interpreting what comes back is different. Any script that depends on the old cmdlets must be updated to interact with the unified audit log.| Office 365 for IT Pros
Some new Graph APIs were announced on April 1 to close a feature gap with EWS. The new APIs permanently remove mailbox items and other objects, including folders, calendars, and calendar items. Permanent deletion means that items cannot be recovered through clients because they end up in the Purges folder in Recoverable Items. This article explains how the new APIs work, including a practical example.| Office 365 for IT Pros
At Ignite 2024, Microsoft said that Copilot for Microsoft 365 tenants would benefit from SharePoint Advanced Management (SAM). What does that mean? Well, it doesn’t mean that Copilot tenants get SAM licenses, which is what many expect. It does mean that SAM checks for Copilot before it lets tenants use some, but not all, of its features. Read on…| Office 365 for IT Pros
First introduced in March 2025 to block access to sensitive documents by BizChat, Microsoft has extended the DLP policy for Copilot to cover the web and desktop versions of the Office apps (Word, Excel, and PowerPoint). The implementation works but could confuse users. It might be better if Microsoft simply removes all traces of Copilot when working with files subject to the DLP policy.| Office 365 for IT Pros
Last year, Microsoft removed the need to have a General channel in a team. Now the General channel is making a comeback, and you can choose to have one in a team. If you choose to have a General channel, it appears at the top of the channel list. If not, Teams sorts the channel list alphabetically. In other news, code snippets are being replaced by code blocks and the end of classic Teams is nigh.| Office 365 for IT Pros
Subscribers for Office 365 for IT Pros (2025 edition) eBook can download the May 2025 updates (#119) now. Update #11.3 for the PowerShell book is also downloadable. Another month brings a new batch of changes, updates, and new information. The Microsoft 365 conference happens this month, and Microsoft might disclose some interesting nuggets there, but only about SharePoint, OneDrive, or Teams. Oh well… on to June.| Office 365 for IT Pros
The Direct Send feature allows apps and devices to send unauthenticated email via Exchange Online to internal receipts. Microsoft doesn’t want unauthenticated connections to send email because these connections could be hijacked by spammers. Enter the Reject Send feature to block Direct Send. Reject Send is in preview now but Microsoft wants it to be the default setting in the future.| Office 365 for IT Pros
Microsoft will retire Exchange Web Services (EWS) from Exchange Online on October 1, 2026. A new usage report helps tenants understand what apps use EWS. Many of the apps are likely to be first-party (Microsoft) apps, but some might be third-party apps developed externally or internally. Those apps need to be retired or upgraded to use Graph APIs. Time is slipping away to do the work.| Office 365 for IT Pros
