Author: Tony Redmond

Latest Articles

Using Azure Automation to Monitor Unified Audit Log Events

The Office 365 audit log is a rich source of forensic information. This article explains how to use Azure Automation to search the log for high-priority events. We use the new support for managed identities in V3.0 of the Exchange Online management PowerShell module to search the audit log and end up sending a nice HTML-format message to administrators.

October 17, 2022

Microsoft Launches Teams Premium Product

Microsoft will launch a new Teams Premium product in early 2023 to make a set of security and compliance features (mostly) for Teams meetings available. Customers will be able to use the new functionality in preview for several months to understand if they need the new capabilities.

October 12, 2022

Practical Graph: Create a Mailbox Contents Report

Everyone likes reports. Well, here's a PowerShell script to create a report of Exchange Online mailbox content. The script uses the Graph API to list every item more than a year old (you can remove the filter if you like) and creates an Excel workbook containing the data. What you do with the information afterwards is up to you!

October 3, 2022

Update Teams External Access Configuration With PowerShell

The Teams external access configuration includes an allow list that defines which Microsoft 365 tenants are allowed to collaborate with your users through chats and meetings. To make sure that your allow list is complete, we can check the guest accounts present in the tenant and update the configuration with the domains used by guests. All in a matter of some straightforward PowerShell code.

September 15, 2022

Stop GIFShell Attack by Modifying Teams External Access

The GIFShell attack describes how attackers can penetrate Teams to run commands using special GIFs, including the ability to exfiltrate data. One practical and quick way to stop similar attacks is to limit the set of Teams organizations your tenant will communicate with by establishing an allow list for external access.

September 9, 2022