Microsoft Lists are a powerful tool for end users to store and manage data stored in SharePoint Online sites. The Microsoft Graph PowerShell SDK includes cmdlets to work with Microsoft Lists and this article explains how to use the cmdlets to add new lists, add items to lists, retrieve data from lists, and remove items from lists.| Practical 365
In this Practical Graph article, we describe how to create SharePoint files using an Azure Automation runbook. The code uses the Microsoft Graph PowerShell SDK whenever possible, but we had to resort to Graph API requests at times. We also look at how to update document metadata for the newly uploaded files.| Practical 365
In this blog, we take a closer look at CVE-2025-55241, a critical Entra ID flaw that briefly allowed attackers to impersonate Global Admins across any tenant, no phishing or passwords required. While Microsoft moved fast to patch the issue, it exposed how deeply legacy code can undermine modern security efforts. We’ll break down what happened, why it matters, and what admins should do now to stay protected. The post Death by Token: Understanding CVE-2025-55241 appeared first on Practical 365.| Practical 365
Many examples of how to report inactive guest accounts are available on the internet, but they're all flawed because they make decisions based on the last sign in. That's a shortsighted method because it doesn't take guest activity into account. This article explains how to combine audit data with sign-in data to create an enhanced view of guest account activity so that intelligent decisions can be made to keep or retain the accounts. The post Creating a Comprehensive Inactive Guest Account R...| Practical 365
On this episode of the Practical 365 Podcast, Steve and Paul discuss Copilot Chat integration into Office apps, AI generated workslop, and why many pilot programs for AI (including Copilot) don't get off the ground. The post Copilot Chat for Everyone, AI Agents Everywhere in Teams, and Fighting “Workslop” – Practical 365 Podcast S04E44 appeared first on Practical 365.| Practical 365
Microsoft's Alex Simons came to the TEC 2025 conference to talk about the future of Entra ID, a lot of which hangs on the use of AI in components like the Entra agents that are now in preview. The idea of using agents to relieve hard-pressed human administrators is great, but only if those agents do more than a skilled human administrator can do, and that's not the case so far. The post Entra Agents are Promising but Could do More appeared first on Practical 365.| Practical 365
Many PowerShell scripts need to run on a scheduled basis or have to process large amounts of data. Azure Automation runbooks are a good way to handle both types of task. This article describes three important and practical steps to improve writing PowerShell code for Azure Automation.| Practical 365
Microsoft Teams Phone has improved over the years, but missed call reporting in call queues remains a gap. In this blog, Martin Heusser shows how to use Microsoft Graph and PowerShell to build a custom report that captures missed and answered calls, complete with caller info and agent details. Until Microsoft adds shared call history natively, this DIY approach is a solid workaround. The post Practical Teams Phone: Reporting Missed Calls on Call Queues appeared first on Practical 365.| Practical 365
In this episode of the Practical 365 Podcast, Steve Goodman and Paul Robichaux discuss the newest features and changes in Microsoft 365 Copilot Studio, examine an open-source solution, Jan, which enables running large language models locally for privacy-friendly AI, and reflect on Microsoft’s recent change in its remote work policy. The post Copilot Studio Updates, Licensing Changes, and Local AI Testing with Jan – Practical 365 Podcast S04E43 appeared first on Practical 365.| Practical 365
A reader question asked if it was possible to find the last app accessed by a user. Of course, anything is possible with PowerShell, but how? In this article, we explore using the Entra ID sign-in logs and Microsoft 365 audit log as sources for finding the desired information. Some performance issues emerge, so we end up running the code in Azure Automation. The post Practical Graph: Finding the Last App Accessed by a User appeared first on Practical 365.| Practical 365
Microsoft is rolling out Phase 2 of Azure services MFA enforcement starting October 1, 2025. This update requires MFA for all Azure Resource Manager operations. In this article, we dive into what you need to do to comply with the new enforcement requirements. The post Practical Protection: Microsoft Doubles Down on Azure MFA Enforcement appeared first on Practical 365.| Practical 365
Auditing Attack Surface Reduction (ASR) rules can generate overwhelming data. In this blog, we walk through the different ways of verifying the ASR audit results, different types of exclusions, and provide an advanced KQL that surfaces detailed information.| Practical 365
For those wanting to eliminate the SMTP AUTH protocol, Microsoft has three ways to send email using Graph APIs. This article looks at how to use the Send-MgUserMail cmdlet.| Practical 365
Microsoft has released the public preview of RBAC for Applications, a method to control the access Azure AD apps have to Exchange Online mailboxes.| Practical 365
Everyone probably knows how to use the Send As and Send on Behalf of permissions to send email from user mailboxes. Here we venture into the same task, but for Microsoft 365 Groups, shared mailboxes, distribution lists, and mail-enabled security groups. Once your permissions are aligned, everything is pretty simple.| Practical 365
This article outlines how to get started with PIM, how to audit its use, and what workarounds could be circumventing your security controls.| Practical 365
Microsoft 365 Copilot is a great AI notetaking app for Teams meetings, but it's expensive. A range of cheaper options are available from other AI companies. Should Microsoft 365 tenants allow users to install these apps and access what goes on in Teams meetings? It could be a difficult decision.| Practical 365
Since its inception, the Teams user interface emphasized teams and channels for collaboration. But that's not how people work, and the new chat and channels experience emphasizes chats a lot more. This doesn't mean that channels are going away. They remain the foundation of teams and the right way to communicate and share information for ongoing use, but the change to highlight chats might take some getting used to.| Practical 365
Practical Office 365 News, Tips, and Tutorials| Practical 365
Many organizations view Teams chats stored in OneDrive for Business as potential compliance risks. Without proper retention policies, this data can be lost, deleted, or retained too long. In this blog, we dive into managing Teams chat files automatically with Purview.| Practical 365
This article explains how to use PowerShell to create a report listing the files from a OneDrive for Business account. Because so many Microsoft 365 apps store their files in OneDrive (and other apps too), OneDrive can become a form of dumping ground for data. Seeing file information in the report allows account owners to clean up their digital debris.| Practical 365
Many Teams users love to use group chats as a way to get work done. Group chats are effective, but the information shared in chats ends up in personal OneDrive accounts. To help switch people back to channel conversations, Teams has a new threaded layout to make conversations behave much like chats. The new layout works well for some channels but not for others.| Practical 365
With Microsoft Power Platform on the rise with over 56 million monthly active users, governance is vital to reduce potential risk. In this first installment of Practical Power Platform, we discuss essential areas Microsoft 365 admins should focus on, including the Power Platform Admin Center, Data Loss Prevention (DLP) policies, tenant isolation, and Microsoft Purview auditing.| Practical 365
It's time to check recipient filters for dynamic distribution groups to ensure that you don't have any wildcard prefixes used with the -eq operator to find recipients based on their email addresses. A November 30 update will stop this kind of recipient filter working, and might have a knock-on effect on other processes.| Practical 365
Vasil Michev explores how you can mitigate threats and scope down permissions using application access policies in Exchange Online| Practical 365
Many apps are created in the Azure AD for a tenant. Those apps have permissions to allow them to access data, and consent for those permissions are granted by administrators and users.| Practical 365
