Table of Contents
Monthly Update #107 Available for Download
The Office 365 for IT Pros writing team is proud (once again) to announce the latest monthly update for the Office 365 for IT Pros (2024 edition). This is monthly update #107. Subscribers who purchased through Gumroad.com should use the link in the receipt sent for the original purchase or fetch the updated files from their Gumroad account. The link always downloads the latest files. If you bought through Amazon.com, you’ll have to ask Amazon support for help to get the update. Sorry, but that’s how Kindle publishing works. See our FAQ for more information about how to download updates.
The change history for the update is posted to our change log. Be aware that the change log is a guide to the areas of the book where our authors have been active instead of a detailed list of every change made. Too many changes occur to note every detail.
The Accrual of Digital Debris
As the era of AI unfolds, one thing that’s becoming very apparent is the impact of digital debris that accrues inside Microsoft 365 repositories. Copilot for Microsoft 365 uses Graph requests to find item available to the signed-in user when it generates responses to customer requests. Copilot cannot assess the accuracy of information stored in a document nor cannot correct what it finds. All Copilot works with is words and the words it outputs might be incorrect or misleading based on what found in the data retrieved from SharePoint Online, Exchange Online, OneDrive for Business, and Teams.
People generally aren’t very good at clearing out old items from their mailboxes, OneDrive account, or sites that they access. It’s easier to leave the task until some event happens, like a shared mailbox running out of quota. Retention policies help with basic storage maintenance by removing items based on date. However, retention policies are a blunt instrument that can remove good content along with bad. Users can control retention processing by assigning retention labels that set specific retention periods for the assigned items. I used to be very good at this and assigned retention labels assiduously. Now I find that I depend on default retention labels assigned at the document library label or by a retention policy.
The upshot is that Microsoft 365 tenants accumulate digital debris over time. Apart from an overconsumption of storage (and potential an increase in costs for products like Microsoft 365 backup), the debris didn’t matter. With artificial intelligence reasoning over everything it finds, the debris matters a lot more.
I don’t think a good answer exists for the problem exists at present. Asking users to download the contents of a document library to Excel might expose what’s in the document library better than browsing through the SharePoint GUI, but someone’s still got to assess and decide if items should be deleted or kept. It’s quite a conundrum.
Entra ID Apps
Another topic that’s receiving attention is over-permissioned Entra ID apps. This problem was coming for a while. You could argue that the root cause is the ease in which users can create registered Entra ID apps and the lack of management around those apps once created. Both assertions are true. Attackers have been exploiting the gaps around Entra ID apps for years, notably in the recent Midnight Blizzard attack against Microsoft. Once a malicious app with high level of permissions becomes active in a tenant, it can do terrible damage and exfiltrate large quantities of data without anyone noticing.
Like many things in life, there are some simple things you can do to protect your tenant. For example:
- Don’t allow non-admin users to create registered apps. They don’t need to. And if they do, they can explain the reason why to an administrator. Block this option in the Entra admin center.
- Monitor high-priority permissions assigned to apps and query why the permissions are needed. Events about permission assignment is captured in the audit log. Use a scheduled process to report unexpected assignments.
The steps don’t need sophisticated tooling. The data is there. It only needs to be fetched (with PowerShell) and analyzed by people who understand the tenant. Chapter 23 includes details about the Microsoft Graph PowerShell SDK. It’s now a fundamental tool for tenant administrators because of its ability to access data from all parts of Microsoft 365.
Upward and Onward for the Office 365 for IT Pros eBook
The process to build monthly update #108 has already started. This will be the last update for Office 365 for IT Pros (2024 edition). We plan to move to the 2025 edition on July 1, 2025. Hopefully, you’ll join us along the way.
If I want to purchase the e-book, does it make sense to wait till the 2025 version is out? Correct me if I am wrong, if I buy the 2024 version now I will have to pay again for the upgrade to 2025.
We say that the book is the best Microsoft 365 book available anywhere. You’ll get value from it no matter when you buy the book.
If you buy the 2024 edition now, you’ll get value from its content now. And when the 2025 edition comes out, as a current subscriber, you’ll be able to upgrade (if you choose) at a low cost. Last year, we charged subscribers $16.95 for the upgrade.
Thank you, Tony, for your prompt response as always. After thinking of buying the book for many years, I had finally bought it once from Amazon but returned it within a month for reasons I will not get into here. One of the other reasons was that I realized I will not get the same update offer on Amazon.
Don’t buy from Amazon. Their support for technical books is awful.