Looking for Events in the Unified Audit Log

The Office 365 audit log is packed full of information about what happens inside workloads. New events show up all the time. The question is how to understand what actions these events relate to. We outline a simple procedure to discover the presence of new audit events and dive into the investigation of an event called Consent to application, which is pretty important in the context of recent high-profile attacks.

February 2021 Update Available for Office 365 for IT Pros (2021 Edition)

The February 2021 update for the Office 365 for IT Pros eBook is now available for subscribers to download. Office 365 for IT Pros is the only book with monthly updates covering the Office components of the Microsoft 365 ecosystem. Subscribers to the 2021 edition can now download updates PDF and EPUB files from Gumroad.com.

Office 365 Insights from Microsoft’s FY21 Q2 Results

Microsoft released their FY21 Q2 results on Tuesday. Buried in the details were several nuggets relating to Office 365.. Here are the interesting bits including some detail on the penetration of Teams into large organizations and a new number for Azure AD users.

Use Distribution Lists or Security Groups to Add Accounts to DLP Policies

Teams Data Loss Prevention (DLP) policies help to stop users sharing confidential information through chats and channel conversations. A recent update means that accounts to be included or excluded in DLP policies can be specified using distribution lists or mail-enabled security groups. While this doesn’t sound very exciting, it is if you need to deploy DLP policies to targeted sets of Teams users.

Feb 24 2021 Update: The picker used for OneDrive for Business accounts will support distribution lists and security groups in March.

Introducing the Office 365 for IT Pros GitHub Repository

Need a PowerShell script to do something with Office 365? You might find a script or at least an idea – in the Office 365 for IT Pros GitHub Repository. We have created over 80 scripts as examples and demonstrations of how to get stuff done in an Office 365 tenant with PowerShell. You’re welcome to use anything in the repository and especially welcome to fix our bugs.

How to Retrieve Information About Microsoft 365 Service Incidents

All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.

Available Now: January 2021 Update for Office 365 for IT Pros

The January 2021 update is available for Office 365 for IT Pros, the only eBook about Microsoft’s cloud Office service that’s updated monthly. Twenty-one of the 24 content chapters are updated as change keeps on happening in Exchange Online, SharePoint Online, Teams, Planner, Stream, Azure AD, and more.

How to Customize the Browser Themes for a Microsoft 365 Tenant

It’s easy to create a custom theme for the Office 365 browser apps (except Teams, which does its own thing). All you need is a corporate logo, some colors, and perhaps a sense of how colors go together. You can also block users from selecting from the default set of themes that come along with Office 365, an action that might just remove some light from some peoples’ lives.

Change in Guest Access for Teams: No Effect on Tenants Already Using Teams

Microsoft is changing the default setting for guest access to Teams from Off to On. This won’t affect tenants already using Teams, but it’s a good opportunity to review how guest access is used in tenants and consider whether existing guest accounts are needed or can be removed. This post offers some ideas about using policies to control guests and how to check what these accounts are used for.

How to Anonymize User Data in Microsoft 365 Usage Reports

The data used for Microsoft 365 usage reports comes from the Microsoft Graph. You can anonymize the data to replace references to user, group, and site names with system-generated values to protect user privacy. This works, but it reduces the usefulness of the reports by a large degree, so you should be prepared to switch to show full user data sometimes.

Exports of Exchange Online Search Results Now Decrypt Attachments

When you use an Office 365 content search to find items, the results from Exchange Online might include some encrypted attachments. A change means that the attachments can now be decrypted to make it easier for investigators to review the information. It’s a small but important change, just like the update to Edge which stops ClickOnce programs running unless an Edge setting is enabled. All good, clean, honest fun.

How Noise Suppression Works in Teams Meetings

An update to the Teams Windows and Mac clients introduces automatic noise suppression for Teams meetings. You can tune suppression up or down to reflect your environment. The feature works by analyzing the audio feed from the microphone used in a meeting and removing unwanted noise. The more suppression is done, the more resources are used, so this is something to keep an eye on.

Microsoft Makes Endpoint Data Loss Prevention Generally Available

Microsoft has made Endpoint DLP generally available. Leveraging Windows 10 workstations and the Edge browser, Endpoint DLP sends signals for evaluation to detect possible violations. The solution requires Microsoft 365 licenses and only supports Windows, so it’s not for every tenant. But those who have Microsoft 365 licenses will find this an attractive solution.

Workaround Moca Mobile Deficiency with To Do Tasks

Project Moca is a new Office 365 personal productivity app which doesn’t have a mobile app. It’s hard to be productive if you can’t be when mobile. Which is why To Do allows people to capture thoughts. A workaround of sorts is available through To Do tasks. Whether this is enough for you to switch to Moca is debatable.

Microsoft Clamps Down on Automatic Mail Forwarding in Exchange Online

Microsoft has updated the Exchange Online outbound spam filter policy to stop automatic forwarding of email from user mailboxes. The change is now effective with the default set to block automatic forwarding. You can create a custom policy and apply it to selected mailboxes and distribution lists if they need to forward email.

Microsoft Improves Teams Together Mode with New Background Scenes

Together Mode is a more immersive way to present participants in a Teams meeting. The original theater scene is being augmented with new scenes including boardrooms (suitable for small meetings) and amphitheaters (for large meetings). At the same time, the view used for Teams meeting recordings is changing from 2×2 to 3×3.

Quadrotech and Quest Combine

Quest has acquired Quadrotech to add to their portfolio of Office 365 applications designed to help organizations get date into the cloud and manage it when it’s there. Recent Quest acquisitions of Metalogix, Binary Tree, and now Quadrotech give it a bunch of technology, notably in the area of tenant-to-tenant migrations.

How to Support Manager-Assistant Scenarios in Teams

Unlike email systems, Microsoft Teams doesn’t support user delegation, or assigning the right for someone to act on behafl of someone else. Here’s how to workaround some of the issues involved in helping managers and their assistants work effectively together, including personal chat, channel messages, and scheduling calendar meetings.

Microsoft Removes EEEU Permission from OneDrive for Business Accounts

Microsoft is rolling out an update to remove the Everyone Except External Users (EEEU) permission from OneDrive for Business accounts created before August 1. They’re also doing a permissions reset of lists created in those accounts, meaning that some folks might lose access to lists. It’s hard to know how much impact this will have on Office 365 tenants, but it’s probably a good ideas to ask.

How to Resolve Duplicate Outlook for iOS Contacts

Outlook Mobile synchronizes contacts from Exchange Online to iOS. Sometimes errors happen and duplicate contacts result. It’s easy to resolve the problem by forcing a complete resynchronization of contacts to rebuild what’s on the iOS device.

Office 365 for IT Pros Issues November 2020 Update

The November 2020 update for the world’s best Office 365 book is available. Subscribers to Office 365 for IT Pros can now download updated files. The companion volume has also been updated. Full details of the updates to 222 chapters can be found in the Office 365 for IT Pros change log.

How to Use the Teams Meeting Add-in for Outlook

The Teams Meeting add-in for Outlook schedules online private Teams meetings. A recent update for Outlook for Windows allows meeting settings to be changed. It’s a logical and useful update to allow people who prefer to work in Outlook to maintain their meetings without needing to go to the Teams calendar app.

Signs of a Phishing Attempt Based on Office VoIP Voicemail Notifications

A crude phishing attempt based on voicemail notifications from a VoIP service arrived in mailboxes. It’s easy for experienced users to pick up signs to stay away, but the unwary can be trapped. Report samples of phishing attempts to Microsoft to make Exchange Online Protection better and keep on educating users.

Half of Active Office 365 Users Now Use Teams

Microsoft’s FY21 Q3 results told us that Teams now has 115 million users, a 53% uptick since April. Office 365 keeps on growing in numbers, revenue, and profit. While growth might be slowing, there’s still a ton of accounts to be moved to the cloud, where they’ll probably end up as Teams users.

Planner Leak Allows External Recipients to Receive Task Comments

An unfortunate problem in the Office 365 Planner app allows external recipients to be added to to email so that they receive and see comments posted for tasks. Although this doesn’t sound like such a big problem, it is because it can lead to confidential information leaking outside the organization in an uncontrollable manner. Microsoft support says that Planner is working by design. We don’t believe that this could possibly be the case.

Revocation of Email Protected by Office 365 Message Encryption

Office 365 Message Encryption (OME) allows OWA users to revoke some messages after they are delivered to recipients. But if the message goes to Office 365 or Outlook.com, you can’t revoke it. And there’s the slight matter of needing an Office 365 E5 license too. Even so, it’s still nice to be able to revoke messages if they go to the wrong place.

Microsoft Will Finally Retire Site Mailboxes in April 2021

Site Mailboxes were the face of Microsoft collaboration at one time. But that’s long in the past and it’s time for these archaic mailboxes to be dispatched. Microsoft will retire them from Office 365 in April 2021, probably two years after they passed their best-by date. I tried to clean up my tenant and failed utterly, so I’m leaving the mess for Microsoft to sort out.

Teams Notifications Updated for Native OS Support and Better Privacy

Teams notifications can now be handled by Windows and macOS, and you can get better privacy by disabling message preview in the notifications, including on Teams mobile clients. The privacy updates are available now and support for the native OS notifications in both Windows and macOS should be available in mid-November.

How to Update Teams to Send Meeting Invitations to All Members

Teams depends on Microsoft 365 groups. You can add groups as meeting attendees and expect that members of those groups will receive meeting invitations. But they won’t unless you update group settings to force Office 365 to send invitations to all members. The job is easily done with PowerShell, and we show how in this post.

Teams Now Has Basic Offline Capabilities

In an update posted to Teams User Voice, Microsoft said that they had enabled offline capabilities for messaging with access to recent chats and channel conversations. This is good, but the problem is that Teams is much more than chats and offline access remains problematic for many of the components people access through Teams. Until all apps support offline access, functionality will remain limited.

Millions of Microsoft 365 Groups Fail Auto-Renewal Annually

Among some interesting statistics offered at the Ignite 2020 conference, we learned that 79% of Microsoft 365 groups successfully auto-renewed because of their activity. That leaves 21% of groups which didn’t meet the bar to be automatically renewed. Only groups within the scope of an expiration policy are included, but even so millions of groups weren’t renewed. Is that a problem?

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

New Location for Teams Compliance Records Breaks Scripts

Without saying anything, Microsoft changed where Microsoft 365 stores Teams compliance records in user and group mailboxes. The logic behind the change is impeccable even if it will cause PowerShell scripts to break. In addition, any ISV claiming to backup Teams by copying compliance records has some work to do.

Teams Calendar Peek Gives Quick View to Upcoming Events

The latest build of the Microsoft Teams desktop and browser clients include the ability for users to see the essential details of calendar events through a “peek.” Single clicking on an event exposes the most commonly used information and some command buttons. It’s a quick and easy way to find out what you need to know about an event. Also, Teams has finally shipped two features announced in June and July, examples of how things sometimes get delayed for different reasons.

Managing Third-Party App Permissions in the Teams Admin Center

The latest update for the Teams admin center includes the ability to manage the permissions used by third-party apps to access data via the Microsoft Graph. The updates also include the ability to manage resource specific consent (RSC) for Teams apps. While third-party apps ate the obvious target, LOB apps created by tenants are managed in the same way.

Teams Offline Status Allows Users to Appear Invisible

Teams is introducing a new Offline presence status this month to allow users to continue working while appearing unavailable and uncontactable to coworkers. The new status behaves differently to the Do Not Disturb presence, which gives coworkers some hope that you’ll soon be online and available.

How to Search the Microsoft 365 Audit Log for Events

The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,