Microsoft is changing the storage location for Teams Meeting Transcripts from Exchange Online to OneDrive for Business. The change is designed to standardize storage of meeting recordings and transcripts in OneDrive for Business. The change makes sense seeing that Stream has completed its migration to SharePoint and OneDrive. In other news, because transcripts are now so important for other features, a bunch of new controls are coming to allow organizations to limit access to this data.
The Stream browser client has received some nice new features including the ability to trim videos in a very efficient manner and to add callouts to videos to appear between specific timecodes. And there’s Copilot for Stream, which is available if you have Copilot for Microsoft 365. The extra functionality demonstrates that Microsoft continues to invest in the development of the Stream client, which is nice.
A May 20 post contains the welcome news that the new audit events promised for Purview Audit standard customers should be available in June 2024. Some of these events are for Exchange Online, like the famous MailItemsAccessed event. Others are for Teams and SharePoint Online. In the case of Exchange, tenant administrators might have to do some work to validate that mailbox audit configurations are correct.
A new feature for Teams recurring meetings allows meeting organizers to create Loop workspaces to hold content shared within the meetings. It’s an example of close integration between different parts of the Microsoft 365 ecosystem to add value for customers. That’s great, providing you have the correct licenses to allow meeting organizers to create Loop workspaces and don’t need to support guest access (coming soon).
On April 9, 2024, Microsoft announced a big change in authentication for Outlook add-ins. It’s likely that people don’t realize the kind of change that’s coming. The change removes legacy Exchange authentication methods and replaces them with Nested App Authentication (NAA). Time is running short for developers to upgrade and test their code and Microsoft 365 tenants to get ready for the changeover.
The Financial Times reported that the EU is lining up new charges against Microsoft for Teams anti-competitive behavior. Given that Microsoft has already unbundled Teams from Office 365 products, it’s hard to know what remedy the EU will seek. If it’s a fine, then Microsoft could be charged up to 10% of their worldwide revenues. That’s unlikely, but the issue highlights how hard it is to compete against an integrated solution.
On May 14, Microsoft announced that they will require Azure MFA for connections to services starting in July 2024. No details about the implementation are available, so it’s difficult to measure the likely impact on Microsoft 365 tenants. Given that very few people access services like the Azure portal, it’s probable that the impact will not be large, but it would be nice to hear more precise details from Microsoft.
Teams has added the ability to use slash commands (shortcuts) to the message compose box. Although the feature seems useful, I wonder about its potential usage. The fact is that people are pretty accustomed to how they compose message text and other options are available to add Loop or code blocks or set their online status, so why would they use the slash commands in the message compose box?
A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have always worked. Even so, it’s good to have this capability because it helps site users clean out old and obsolete information, something that’s becoming increasingly important in the AI era for Microsoft 365.
The Follow response is a new option for people invited to a meeting to indicate that they can’t attend but are interested in what happens. Replying with a Follow response means that the user gains access to the meeting artifacts (like the chat and recap). It also means that the allotted time is not blocked in their calendar. The feature will be most valuable to people who have heavily-used calendars.
This article describes the process of blocking device code authentication requests against Entra ID with a preview feature for conditional access policies. It’s a good idea to tighten tenant security by removing device code authentication unless a clearly-defined need exists for apps to authenticate using this method. I suspect that most tenants will find that they can happily do without device code authentication.
Team channel collaboration might be a better choice than always creating a new team to host discussions about a topic, especially if channels grow in features. Now that a single team can support a mix of up to 1,000 regular, shared, and private channels, all of which can be archived, is it a good option to continue to create new teams? The answer is probably not, especially if Microsoft continues on a path to develop channel capabilities.
The user authorization policy defines user role permissions, or actions that non-admin users can take within an Entra ID tenant. The default settings are silly. I can’t think of good reasons to allow non-admin users to create new registered apps, tenants, or security groups. Why default settings allow these actions is a mystery, and it could be they’re just outdated.
In a May 2 announcement, Microsoft said that they have signed up 9 ISVs to add support for Entra ID authentication methods. The third-party methods work the same way as native Entra ID authentication (like the Authenticator app), meaning that verified connections can be used by other Entra solutions like Privileged Identity Management.
The Teams iOS client can send one-minute Teams video messages (or clips) to chats or channels conversations. Now, the videos can use image or blur backgrounds. Nice as it is to be able to expose your artistic side in Teams messaging, the compliance problem with Teams video messages remains. If you allow users to send video messages, remember that they could use this route to get around compliance barriers.
Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case, Microsoft changed cmdlet names. In another, it’s an identity issue caused by incompatible assemblies. In both cases, questions have to be asked about the level of testing done by Microsoft before they release a new module. Bugs do happen, but testing should catch the obvious problems.
On May 2, 2024, Microsoft announced the retirement of the Stream Mobile app on July 1, 2024. It’s all to do with rationalization and focus, or so Microsoft says. In any case, the suggested replacements are the OneDrive and Microsoft 365 apps, both of which are capable of handling video uploads, management, and playback.
The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was asked how to disable the add-in for some mailboxes. Here’s how to do the job using PowerShell to find a set of target mailboxes and then turn off Send to Teams for each mailbox.
Another month, another update for the Office 365 for IT Pros eBook. In this case, it’s monthly update #107 for Office 365 for IT Pros (2024 edition), now available for download by subscribers from Gumroad.com and Amazon.com. Like every month, update #107 contains a mixture of new features and revised knowledge, all essential information for Microsoft 365 tenant administrators to have.
The Copilot for Microsoft 365 license has 8 service plans to govern feature availability. You can disable individual components, if you know what you’re doing. One thing that’s not possible is to disable Copilot for individual Office apps. A single service plan covers all the “productivity apps,” so they’re either all on or all off.
The Teams classic client has been replaced by the Teams 2.1 client. Microsoft will block access to the Teams classic client for people running the app on unsupported platforms in October 2024. The final block swings into place for everyone on July 1 2025. The migration to the new client appears to be going well, so I’m not sure if many will miss the old client.
The Microsoft FY24 Q3 results didn’t contain any new user numbers for Office 365 or Teams. However, we did learn that Copilot and Azure are popular words in the Microsoft lexicon. As usual, statistics were introduced without context, but investors won’t really care too much as Microsoft continues to generate tons of revenue at a healthy margin, especially from its cloud business.
Teams group chats are getting a new Meet Now experience. Is that good news? Well, it’s not an earthshattering change, but it is a nice change because it simplifies the way the Meet Now feature works. It’s the kind of change that software vendors make to tidy up the loose ends in a product.
A reader asked if it is possible to script sending chat messages. In this article, we explore how to compose and send Teams urgent messages to a set of recipients using Microsoft Graph PowerShell SDK cmdlets. The conversation with each recipient is a one-to-one chat that Teams either creates from scratch or reuses (if a suitable one-on-one chat exists).
Some years ago, I wrote a script to demonstrate how to remove service plans with PowerShell. This article describes some upgrades to make the script even better by improving the code and leveraging complex Microsoft Graph queries against the license information stored for Entra ID user accounts. It’s PowerShell, so feel free to change the script!
The M365 Conference takes place in Orlando, FL from April 28 to May 2, 2024. I have two sessions, but my attempts to find sessions that cover all of Microsoft 365 failed because there’s no coverage of Entra ID and Exchange Online. Instead, the Microsoft priorities like Copilot, Viva, and SharePoint take front and center stage. I think that’s a pity, but maybe the reason is because speakers don’t submit sessions covering Entra ID and Exchange Online topics?
License management is a core competence for Microsoft 365 tenant administrators. This article explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It’s the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
April 11 saw the general availability of Microsoft Graph activity logs, a new set of data recording details of Graph API HTTP requests made in a tenant. The logs are intended to help security analysts understand actions taken by apps in a tenant such as data access or configuration updates. Before working with Graph activity logs, security analysts will need to understand Graph API requests and the context they’re made.
Although the trend is toward password authentication, many Microsoft 365 tenants still use passwords and some force users to change passwords regularly. This article explains how to create a password expiration report with PowerShell. The script caters for where a tenant password expiration policy is set for passwords to never expire. If anything else, it’s yet another example of how to extract information using PowerShell.
Exchange Online announced two important changes on April 15. SMTP AUTH is being depreciated and a new external recipient rate limit is being introduced. The changes are intended to improve the security of Exchange Online. The introduction of an external recipient rate limit is also intended to reduce the ability of spammers to abuse the platform.
The Maester tool is a community initiative to create a tool to help tenant administrators improve the security of their Entra ID tenants. It’s still in its early stages, but even so Maester shows signs that it will be a valuable asset for administrators who want to learn more about securing their tenant against possible external compromise.
Microsoft Teams now boasts the ability to add customizable group chat pictures to what might be otherwise a set of chats with not-very-good generated pictures. The idea is to make it easier for people to find the right group chat in their chat list, Of course, it might be difficult to find just the right picture to use, but Microsoft has selected 36 illustrations and there’s over 1,800 emojis to choose from.
Monarch client security became an issue last year when a German website reported some issues. It turns out that the reported problems are mostly hyperbole, but that hasn’t stopped them persisting, especially when email client competitors like Proton weigh in. It’s regrettable that much of the commentary is based on an incomplete understanding of how Monarch works, but Microsoft doesn’t help themselves by not explaining the facts.
A recent note from Microsoft advised that if your tenant uses classic Azure administrative role, you need to switch to Azure RBAC roles by 31 August 2024. This forced me to think about how many Azure services does my tenant consume. The number was surprising and it’s grown over time, which is why Microsoft 365 tenant admins should pay attention to Azure.
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant federation configuration again to improve how a script works. Instead of taking all the domains guest accounts came from and adding them to the configuration, I created a function to check if the tenant uses Microsoft 365. If it does, we add the tenant to the allow list in the tenant federation configuration. If not, we ignore the domain.
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it only retrieved the first 200 workspaces. I hadn’t realized that the Get-SPOContainer cmdlet supported an odd form of pagination to retrieve workspace data. In any case, I figured out how to page top find all available workspaces and updated the script. It’s just another example of oddness in the SharePoint Online PowerShell module
According to Microsoft 365 notification MC736438, Microsoft is getting tougher at enforcing the rules for Purview information protection licenses. In a nutshell, if administrators and end users don’t have premium licenses, features like automatic labeling policies or default sensitivity labels for document libraries won’t work. Users can still apply sensitivity labels manually.
A new major version of the MsCommerce PowerShell module makes you hope that something good is included in the new code. In this case, it’s hard to know if the developers did anything but increase the major version number for the MsCommerce module. Not much has changed. The module is as bad as ever, but at least it can be used to disable self-purchases of all supported licenses, which is all that’s really important.
The unified audit log includes Copilot for Microsoft 365 audit events captured when users interact with Copilot through apps. The information is very helpful in terms of understanding the usage of Copilot in different apps (apart from Outlook, which isn’t captured). Some care needs to be taken to understand the data and interpret the audit events, but that’s usual when dealing with Microsoft 365 audit data.
Microsoft announced a new component for OWA distribution list management but clearly the engineers never took role assignment policy customizations into account. If they had, they wouldn’t have created something that ignores the way organizations block end user ability to create new distribution lists. It’s just a sad indication of Microsoft’s attitude to one of the workhorses of Exchange.
