Exchange Online boasts a set of mailbox permissions that allow delegate access to some (or all) content. In this article, we describe how to notify mailbox owners when administrators assign new permissions over their mailbox. Naturally, the notification is via email, but there are some twists along the way.
This episode discusses Microsoft Teams Connect shared channels rolling out to public preview; Teams Meeting Room Device News; Third-party add-in support for Every Meeting Online; Upcoming changes to license re-assignment in Exchange Online and more roadmap news.
It's great to be able to run PowerShell scripts using Azure Automation. It's even better when you can create output files in SharePoint Online. In this article, we explain how to create a report of Microsoft 365 Groups subject to the Group expiration policy and generate an HTML report in SharePoint Online using an Azure Automation runbook. Running this kind of job in the background is a great way of processing intensive jobs while you get on with more important tasks.
One way to protect administrator mailboxes is not to use them. And if you want administrators to use separate mailboxes for their permissioned and non-permissioned activities, that's what you might do. However, we can be smarter and use transport rules to selectively block email sent to administrator mailboxes to dissuade internal people from sending email and blocking all but the most essential email coming in from external domains.
The Microsoft Graph PowerShell SDK is a good way to execute Microsoft Graph API queries from PowerShell scripts. In this article, we explain how to use cmdlets from the SDK with a Azure Automation runbook. The example we use is a script to send a welcome email to new employees.
Microsoft Defender for Office 365 (plan 2) contains the Threat Explorer feature. It's a useful way to investigate problematic messages which arrive in a tenant. The automated investigations feature can highlight messages containing malware by assembling evidence about warning signs in the message or its contents, and administrators can then action the recommendations up to and including the removal of messages already delivered to user mailboxes. Automating investigations is a good thing, if you afford Defender for Office 365 Plan 2.
As many organizations adapt legacy scripts to use app authentication instead of traditional service account credentials, security can be compromised if certain risks are overlooked. While app secrets can be great for testing code, there’s a reason they have an enforced expiry date - the longer a secret exists in production, the higher the risk it will become compromised. The methods described in this article will help build a good foundation for app authentication while keeping security top of mind when creating or updating automation scripts.
Attack Simulations are Microsoft’s foray into a crowded field of competitors who provide a service that trains users to recognize dangerous email with simulated Phishing or malware-infested messages. Microsoft has continually added features and functionality since they released Attack Simulations, including additional simulation types, different payloads, custom payloads, customizable training and more. The most recent upgrades are RBAC permissions and end user notifications. These two additions to Attack Simulation Training are a great incentive to deploy and adopt this functionality, as End User communications are the key enhancement that make this feature worthwhile for an organization.
Join myself and Paul Robichaux for this week's latest episode of the podcast to discuss a plethora of updates in Microsoft 365. Plus we're joined by Microsoft MVP Theresa Miller to discuss all things VDI with Microsoft 365. We chat about Azure Virtual Desktop, Citrix, VMware and much more, from the point of view of Microsoft 365 IT pros.
33 Comments
Azure Automation runbooks can run Exchange Online PowerShell code on sandbox machines. Is this a good way of getting work done? In this article, we examine how to create an Azure automation account, a RunAs account, and some runbooks for PowerShell code to run against Exchange Online and other Microsoft 365 data.
Exchange Online now supports SMTP Strict Transport Security (MTA-STS), a mechanism to help defend SMTP communications between mail servers. Microsoft 365 tenants can decide if they want to enable MTA-STS for their domain by publishing a DNS record and an MTA-STS policy. You don't have to use MTA-STS, but it's a good idea to consider the option.
In this week's episode, Paul and myself get together to discuss - a bit more Exchange again - but don't worry, it's only more patches. Plus, Microsoft adds a new product into the E3 plans that we think you'll like - and as usual, the best from the Roadmap and Message Center
