The arrival of application permissions for the Planner Graph API makes it much easier to write PowerShell scripts to automate administrative operations like reporting Planner data. This article describes a example script that uses the Planner APIs to gather and report information about the plans belonging to Microsoft 365 Groups.
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but it creates a dependency on a specific workstation and isn't as secure as you might like. Running Microsoft 365 PowerShell scripts in Azure Automation is a much better idea. It's time to dump the Task Scheduler!
Most Microsoft 365 user accounts don't need access to Exchange Online PowerShell. It's an administrative tool that end users don't get much value from. In this article, we explore the best way to disable Exchange Online PowerShell using a script that can run interactively or as a scheduled Azure Automation runbook (the best way for automatic management).
Many PowerShell scripts written to automate operations in Microsoft 365 tenants fetch Azure AD users or mailboxes to process. In this article, we explain how to fetch user objects effectively by using filters to make sure that scripts process the right set of accounts or mailboxes.
After seemingly ignoring the situation for years, Microsoft delivered modern authentication for Exchange Server (for pure on-premises organizations) in Exchange 2019 CU13. The solution uses ADFS to issue and manage the OAuth 2.0 tokens and is supported by the latest version of Outlook for Windows. Support for other clients is in the works.
Microsoft has long been asked to support guest account expiration, just like the functionality available for on-premises Active Directory accounts. Engineering priorities have not allowed the developers to work on the feature, but it's possible to do the job with PowerShell as we explain here.
It's good to put a face on Azure AD Guest Accounts by updating the accounts with thumbnail photos. This article explains how to approach the process of gathering suitable photos and uploading them to Azure AD. We also discuss how to speed up the process by finding guest accounts that are missing photos so that the script can focus on those accounts.
A Graph API is available to extract details of the sensitivity labels assigned to SharePoint Online documents. This article explores how to extract the information from files in a document library and use it to create a report. The nice thing is that once you have the data, you can slice and dice it any way you wish in Excel, Power BI, or whatever tool you prefer.
Microsoft actively develops Azure AD external identities and doesn't do much with mail contacts. Maybe it's a good idea to migrate mail contacts to Azure AD guest accounts. This article explores what's involved in moving mail contacts over to Azure AD guest accounts using PowerShell.
Microsoft 365 auditing makes lots of data available to administrators to help them understand what happens in a tenant. When attackers try to compromise accounts, they can leave fingerprints behind in audit data. Being aware of what you might find in the data helps suppress BEC attacks.
Microsoft's announcement of Security Copilot is more interesting in some respects than Microsoft 365 Copilot because it promises to help organizations defend themselves better. Of course, we don't know much yet about how Security Copilot will work in the real world, but if Microsoft delivers what it says, Security Copilot could be quite a tool in the battle against the bad guys.
Copilot for Microsoft 365 generated a lot of media hype after its March 16 announcement. In this article, we contemplate some of the implementation issues that need to be teased out before Copilot for Microsoft 365 deployments start.
