Ten years after its launch, backing up Office 365 data is more difficult than ever before. Apps are more complex and interconnected and APIs aren't available. What should an Office 365 administrator do to protect tenant data. Here's some thoughts on the challenges and why Microsoft needs to do more to help in this space.
Microsoft has announced that they won't support the Azure AD Graph after June 30, 2022. This means that the Azure AD PowerShell module won't be supported either. With that in mind, it's probably a good idea to think about how to upgrade scripts to use Graph API calls instead of Azure AD cmdlets. In this article, we take a script created to count members in distribution lists and convert it to use the Graph. As it turns out, the Graph bit is easy. It's all the housekeeping beforehand that takes the time.
It's a good idea to replace older calls to the Get-Mailbox cmdlet with Get-ExoMailbox. However, it's not just a matter of cut and paste updates. In some cases, the nature of the new REST-based cmdlets mean that some additional care is necessary to ensure that the updated code works as expected. As we examine in this article, filters are just one example where some attention to detail is needed to make sure Exchange Online delivers the right set of mailbox data.
Scheduler for Microsoft 365 is a new meeting scheduling service launched with a $10/month price tag (per user). Scheduler and Cortana work together to find the most suitable meeting times for participants to get together. Scheduler works for any kind of attendees (as long as they can receive email) and the big pay-out is that you can ask Cortana to set things up and leave the meeting for artificial intelligence to sort out. Sometimes things don't work out and humans need to get involved, and that's when privacy concerns come into play. If you can cope with the issues and have a lot of meetings to organize, Scheduler for Microsoft 365 might do a job for you.
An earlier article explained how to create organizational contacts in user mailboxes with Graph API calls. This article builds on that idea with three improvements. First, we select target mailboxes for update by looking for those added in the last month. Second, we allow any mail-enabled recipient to be added as an organizational contact. Third, we incorporate some code to check if a contact already exists in a mailbox. Like anything with PowerShell, this code can be improved..
Microsoft has delayed the release of the June 2021 cumulative updates for Exchange Server for two weeks to integrate the Windows Antimalware Scan interface (AMSI). The change will allow Exchange 2016 and Exchange 2019 servers running on Windows Server 2016 or later to integrate antimalware engines to check HTTP requests for potential problems. If ever there was good reason to delay an update, this is it.
The Outlook Places service uses metadata stored for conference rooms and room lists to help users find suitable meeting places. The metadata surfaces in Outlook's Room Finder component (shared between OWA and Outlook desktop). Obviously, the better populated the room metadata is, the more useful it will be, once we all start meeting in conference rooms again!
It's important to know if a tenant has any very large distribution lists as these might be the source of reply-all mail storms. An old article explains how to report the membership counts for distribution lists on an on-premises Exchange server. Life is different in the cloud, and we need to take a different approach. This article explains how to use different calls in a PowerShell script to create a nice report about distribution list memberships.
Microsoft Teams uses an array of policies to control the features available to end users. Group policy assignments make it easier to assign packages of policies to groups of users. Microsoft provides a set of policy packages out of the box, and organizations can create custom packages. That is, if they have the Teams Advanced Communications license. Demanding a special license for functionality which helps tenants manage Teams better seems excessive, especially as you could relatively easily recreate policy assignments with PowerShell.
A variety of methods exist to block access to a user's Entra ID account from a complete block to a conditional access policy. In this article, we examine the various methods and debate the worth of each approach. Conditional access policies are the cleanest and most effective long-term solution, but you need Entra ID P1 licenses. If you don't have those licenses, maybe one of the other approaches will work for you.