A new Set-MgDriveItemSensitivityLabel cmdlet makes it easier to assign sensitivity labels in PowerShell scripts. However, the cmdlet does not get around the restriction imposed by Microsoft on using metered APIs. Apps still must be registered as Azure resources before scripts can run the cmdlet. It's easy to understand why, even if it seems strange at first.
When administrators create new Entra ID apps, the apps don't have an owner unless an owner is explicitly assigned. The net result is that a tenant can end up with many ownerless apps. In this article, we explain how to find ownerless apps, and how to use audit data to find suitable owners for those apps. All done with PowerShell, of course.
The new Purview eDiscovery implementation supports a Graph API. Where there's a Graph API, there are PowerShell cmdlets based on the API. This article explains how to use PowerShell to automate different aspects of eDiscovery cases. PowerShell can't review the items found by searches, but it can handle most of the other processing.
A reader wants to remove all calendar items over a certain age. Compliance purge actions seem like a good way to do this, but there's a problem that needs to be fixed. eDiscovery purges can do the job, but only if you have eDiscovery Premium. And then there's Graph APIs to consider. All in all, many ways exist to purge calendar items.
Everyone learns from experience. This article covers five important building blocks for writing great Graph PowerShell scripts, the product of hard-won experience and many mistakes. Filtering, properties, permissions, and pagination all make the list.
Calendar events make up user and group calendars. It's possible to create, update, cancel, and remove calendar appointments and meetings, including recurring events, through the Graph API. This article explains how to pass all the properties needed to create and manage events using PowerShell and the Graph APIs.
I usually reach for the Microsoft Graph PowerShell SDK when I need to automate Microsoft 365 processes. But sometimes, the Graph doesn't work. PnP PowerShell is a great tool for interacting with SharePoint Online, in this instance to check document libraries to find how many have a default sensitivity label configured. The code works, it's reasonably quick, and it's an example of how flexible PowerShell can be in dealing with Microsoft 365.
A surprise announcement brings the news that the Exchange Online High Volume Email (HVE) solution will only deliver messages to internal recipients from June 2025. Azure ECS is now the sole offering for sending large volumes of email to external recipients. On the upside, HVE will support basic authentication until September 2028 to give tenants the chance to upgrade devices and apps.
App secrets are used to authenticate registered apps with Entra ID. App secrets (or passwords) are convenient and easy to use, but they're relatively insecure. The default app management policy for the tenant can block app secrets while custom app management policies can allow selective apps to use app secrets for testing or other well-defined purposes. All explained here.
A previous article explained how Microsoft 365 usage report data can highlight inactive Copilot users. If we add audit data to the mix, the analysis becomes much richer because we can see exactly what use people make of different Copilot apps, like Word, Chat, Outlook, and so on. Better data means better decisions!
Previously, the Graph APIs limited Outlook attachments to a maximum of 3 MB. That limit doesn't exist anymore, but the old method of uploading very large attachments in chunks to make sure that the operation is possible across flaky networks is still useful, so we explain how to do it here using the Microsoft Graph PowerShell SDK.
After a year or so of using the AuditLog Query Graph API, we have enough experience to be able to explain how to take advantage of the API and when it could be used to run audit searches instead of the Search-UnifiedAuditLog cmdlet. There's lots of PowerShell code in this article to give anyone who wants to experiment with the API a good start to finding audit events.
