Microsoft has announced the formal renaming of the Win32 version of Outlook to be Outlook (classic). It’s preparing for the general availability of the new Outlook for Windows, expected very soon into the new Microsoft fiscal year starting on July 1, 2024. The change doesn’t affect the status of Outlook (classic) or the commitment to support the client until at least 2029.
The Set-PlannerUserPolicy cmdlet allows Microsoft 365 tenant administrators stop users deleting tasks created by other users. However, an undocumented consequence of setting the policy for user accounts is that it stops those accounts removing plans too. The unexpected block imposed by Set-PlannerUserPolicy caused me problems when attempting to delete a plan with PowerShell. It would be nice if the modules created by Microsoft worked as expected (and as documented).
The Microsoft 365 Licensing Report is a popular PowerShell script that’s just been updated to V1.9 with a bunch of changes to highlight different aspects such as license costs for disabled user accounts and inactive user accounts. Copious use of some very dubious color choices makes the HTML report created by the script look very nice (if you’re color blind) and the new version can generate an Excel worksheet.
Microsoft wants users to upgrade from legacy Outlook clients. The biggest impact for Microsoft 365 tenants might be the loss of OWA light, but consumer users are in for the same kind of change that enterprise users experienced when Microsoft blocked basic authentication for Exchange Online. The announcement wasn’t very clear about what’s happening, so we’re happy to clarify matters.
The Set-MailboxFolderPermission cmdlet is usually used to set calendar permissions, including the permission for the default user to allow everyone in an organization to see each other’s calendars. But you can use cmdlets from the Microsoft Graph PowerShell SDK too. The Graph SDK cmdlets are faster, but not enough to warrant replacing the Exchange cmdlet in scripts. We explain why here.
The incoming webhook connector is a popular method to post information to Teams channels, but Microsoft seems set on retiring the Office connectors. The Teams post to channel workflow when a webhook request is received seems like is a possible replacement, but it’s not just a matter of switching mechanisms. Some PowerShell magic is needed to create a suitable adaptive card to post to the channel, which is exactly what we explain how to do here.
A Microsoft Graph update makes per-user MFA state available for user accounts. Being able to access the data means that we can include it in the User Passwords and Authentication report. You can now see if accounts are disabled, enabled, or enforced for per-user MFA along with all the other information captured about passwqrd changes, MFA authentication methods, and so on.
Our review of the Videos chapter for the Office 365 for IT Pros eBook found a Teams meeting policy setting we hadn’t documented to block downloads for channel meeting recordings. Naturally, this was a disaster, so we spent some time investigating what the policy setting does and if it’s useful in practice. It works, but do you want to block downloads of channel meeting recordings?
Splatting is an optional PowerShell technique designed to make it easier to pass parameter values for cmdlets. It’s a personal choice whether to use splatting instead of passing values to individual parameters in the command line. Although the Microsoft Graph PowerShell SDK can be a little strange at times, you can use splatting with SDK cmdlets, even with some pretty complex parameters such as those used to filter objects.
Office 365 Connectors bring data from external sources into Microsoft 365 apps like Teams and Outlook. Workflows and Power Automate are replacing Connectors for Microsoft 365 Groups (Outlook groups) and SharePoint Online. Connectors are still available in Teams but for how long? No one knows, but it does seem like Microsoft is rationalizing no-code automation around Power Automate.
Understanding SharePoint Online storage used to be easy. Then applications like Loop arrived. Other influences like retention and archive can affect storage too. It’s a complicated situation before you throw OneDrive for Business into the mix and consider that Microsoft has removed unlimited OneDrive storage while an increasing number of apps store files in OneDrive. It’s a complicated situation.
Three years ago, I wrote a script to analyze the audit records generated for Teams meeting recordings. Then things changed in terms of how the audit records were generated and how the Search-UnifiedAuditLog cmdlet returns audit search results. All of which meant that considerable work was needed to revamp (rewrite) the script. Maybe you need to check any script that uses the Search-UnifiedAuditLog cmdlet too?
This article describes how to use the Microsoft Graph PowerShell SDK to report delegated permission assignments to user accounts and apps. Like in other parts of Microsoft 365, the tendency exists to accrue delegated permissions for both user accounts and apps over time. There’s nothing wrong with having delegated permissions in place, if they are appropriate and needed – and that’s why we report their existence.
Deciding whether to use Microsoft Graph PowerShell SDK cmdlets or Graph API requests is sometimes not easy. Some say that it’s best to use Graph API requests everywhere and avoid the complication of possibly buggy Graph PowerShell SDK cmdlets. My approach is different. I start with Graph PowerShell SDK cmdlets and only resort to Graph API requests when absolutely necessary. It works for me!
The latest technology initiative from Microsoft comes in the form of Teams custom emojis, designed to bring light and happiness to Microsoft 365 tenants. Of course, the light and happiness will only happen if tenants don’t disable the settings in Teams messaging policies that allow users to upload custom emojis. A tenant can support up to 5,000 Teams custom emojis. That’s a lot of room for people to get inventive.
Without any fuss or bother, Microsoft announced that the Teams 2.1 client has regained the Notify When Available feature. This functionality allows users to subscribe to the presence status for someone else to receive notifications when that person’s presence status changes to Available. It’s a very useful and worthwhile feature to have that goes back to Skype. It’s good to have it back!
The June 2024 update for the Office 365 for IT Pros 2024 edition ebook is available for download. We’re also announcing the availability of the 2025 edition on 1 July 2024. Office 365 for IT Pros 2025 edition drops the companion volume and introduces a new book dedicated to Automating Microsoft 365 with PowerShell. Anyone who subscribes to the 2024 edition in June 2024 will receive a free update to the 2025 edition when it is published.
Copilot audit records generated for the Microsoft 365 audit log capture details of the resources (files, emails, and documents) used by Copilot in its answers. This doesn’t sound very exciting, but it is important for forensic investigators who need to understand what information is consumed to generate AI answers. In another development, the Copilot for Microsoft 365 chat app is now available in Outlook classic.
Microsoft is deploying additional audit events to tenants with Purview Audit (Standard) licenses. Among the 15 Teams events in the set are Teams meeting audit events to capture details of meetings and participants. Unhappily, some of the data that you’d like to have for meetings, like the subject, are missing. And meeting participant information is available for some classes of user but not for others.
The Teams Activity feed received two recent major changes. First, calendar notifications now show up in the feed. Second, the set of filters that were available are reduced to just two (mentions and unread). Reducing the filters is part of Microsoft’s effort to streamline the Teams 2.1 client and remove unnecessary screen elements. I guess it’s OK, and you can disable the calendar notifications to stop that annoyance.
A request came in for a PowerShell script to report mailbox audit configurations to check that the important new events are being generated by mailboxes. After diverting into the hellhole of Microsoft licensing, normal sanity was resumed and a PowerShell script written to do the job. The script generates a CSV file or Excel worksheet for tenant administrators to review. After that, it’s up to you.
Microsoft is changing the storage location for Teams Meeting Transcripts from Exchange Online to OneDrive for Business. The change is designed to standardize storage of meeting recordings and transcripts in OneDrive for Business. The change makes sense seeing that Stream has completed its migration to SharePoint and OneDrive. In other news, because transcripts are now so important for other features, a bunch of new controls are coming to allow organizations to limit access to this data.
The Stream browser client has received some nice new features including the ability to trim videos in a very efficient manner and to add callouts to videos to appear between specific timecodes. And there’s Copilot for Stream, which is available if you have Copilot for Microsoft 365. The extra functionality demonstrates that Microsoft continues to invest in the development of the Stream client, which is nice.
A May 20 post contains the welcome news that the new audit events promised for Purview Audit standard customers should be available in June 2024. Some of these events are for Exchange Online, like the famous MailItemsAccessed event. Others are for Teams and SharePoint Online. In the case of Exchange, tenant administrators might have to do some work to validate that mailbox audit configurations are correct.
A new feature for Teams recurring meetings allows meeting organizers to create Loop workspaces to hold content shared within the meetings. It’s an example of close integration between different parts of the Microsoft 365 ecosystem to add value for customers. That’s great, providing you have the correct licenses to allow meeting organizers to create Loop workspaces and don’t need to support guest access (coming soon).
On April 9, 2024, Microsoft announced a big change in authentication for Outlook add-ins. It’s likely that people don’t realize the kind of change that’s coming. The change removes legacy Exchange authentication methods and replaces them with Nested App Authentication (NAA). Time is running short for developers to upgrade and test their code and Microsoft 365 tenants to get ready for the changeover.
The Financial Times reported that the EU is lining up new charges against Microsoft for Teams anti-competitive behavior. Given that Microsoft has already unbundled Teams from Office 365 products, it’s hard to know what remedy the EU will seek. If it’s a fine, then Microsoft could be charged up to 10% of their worldwide revenues. That’s unlikely, but the issue highlights how hard it is to compete against an integrated solution.
On May 14, Microsoft announced that they will require Azure MFA for connections to services starting in July 2024. No details about the implementation are available, so it’s difficult to measure the likely impact on Microsoft 365 tenants. Given that very few people access services like the Azure portal, it’s probable that the impact will not be large, but it would be nice to hear more precise details from Microsoft.
Teams has added the ability to use slash commands (shortcuts) to the message compose box. Although the feature seems useful, I wonder about its potential usage. The fact is that people are pretty accustomed to how they compose message text and other options are available to add Loop or code blocks or set their online status, so why would they use the slash commands in the message compose box?
A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have always worked. Even so, it’s good to have this capability because it helps site users clean out old and obsolete information, something that’s becoming increasingly important in the AI era for Microsoft 365.
The Follow response is a new option for people invited to a meeting to indicate that they can’t attend but are interested in what happens. Replying with a Follow response means that the user gains access to the meeting artifacts (like the chat and recap). It also means that the allotted time is not blocked in their calendar. The feature will be most valuable to people who have heavily-used calendars.
This article describes the process of blocking device code authentication requests against Entra ID with a preview feature for conditional access policies. It’s a good idea to tighten tenant security by removing device code authentication unless a clearly-defined need exists for apps to authenticate using this method. I suspect that most tenants will find that they can happily do without device code authentication.
Team channel collaboration might be a better choice than always creating a new team to host discussions about a topic, especially if channels grow in features. Now that a single team can support a mix of up to 1,000 regular, shared, and private channels, all of which can be archived, is it a good option to continue to create new teams? The answer is probably not, especially if Microsoft continues on a path to develop channel capabilities.
The user authorization policy defines user role permissions, or actions that non-admin users can take within an Entra ID tenant. The default settings are silly. I can’t think of good reasons to allow non-admin users to create new registered apps, tenants, or security groups. Why default settings allow these actions is a mystery, and it could be they’re just outdated.
In a May 2 announcement, Microsoft said that they have signed up 9 ISVs to add support for Entra ID authentication methods. The third-party methods work the same way as native Entra ID authentication (like the Authenticator app), meaning that verified connections can be used by other Entra solutions like Privileged Identity Management.
The Teams iOS client can send one-minute Teams video messages (or clips) to chats or channels conversations. Now, the videos can use image or blur backgrounds. Nice as it is to be able to expose your artistic side in Teams messaging, the compliance problem with Teams video messages remains. If you allow users to send video messages, remember that they could use this route to get around compliance barriers.
Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case, Microsoft changed cmdlet names. In another, it’s an identity issue caused by incompatible assemblies. In both cases, questions have to be asked about the level of testing done by Microsoft before they release a new module. Bugs do happen, but testing should catch the obvious problems.
On May 2, 2024, Microsoft announced the retirement of the Stream Mobile app on July 1, 2024. It’s all to do with rationalization and focus, or so Microsoft says. In any case, the suggested replacements are the OneDrive and Microsoft 365 apps, both of which are capable of handling video uploads, management, and playback.
The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was asked how to disable the add-in for some mailboxes. Here’s how to do the job using PowerShell to find a set of target mailboxes and then turn off Send to Teams for each mailbox.
Another month, another update for the Office 365 for IT Pros eBook. In this case, it’s monthly update #107 for Office 365 for IT Pros (2024 edition), now available for download by subscribers from Gumroad.com and Amazon.com. Like every month, update #107 contains a mixture of new features and revised knowledge, all essential information for Microsoft 365 tenant administrators to have.