Tony Redmond
@office365itpros.com
Commentator and writer about #Microsoft365. Always looking for insight about how things work... Articles posted at https://office365itpros.com and https://practical365.com. And the Office 365 for IT Pros eBook at https://gum.co/O365IT/
The 18th monthly update for the Automating #Microsoft365 with #PowerShell eBook is now available for subscribers to download. You can get a standalone copy or buy the eBook as part of the Office 365 for IT Pros bundle. 400 pages of PowerShell!
office365itpros.com/2025/11/21/a...
office365itpros.com/2025/11/21/a...
Automating Microsoft 365 with PowerShell Dec 2025 Update
The December 2025 update (version 18) of the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download.
office365itpros.com
November 21, 2025 at 11:38 AM
The 18th monthly update for the Automating #Microsoft365 with #PowerShell eBook is now available for subscribers to download. You can get a standalone copy or buy the eBook as part of the Office 365 for IT Pros bundle. 400 pages of PowerShell!
office365itpros.com/2025/11/21/a...
office365itpros.com/2025/11/21/a...
#Microsoft365 tenants using Copilot chat (free or paid) can deploy a DLP policy to stop people using sensitive data (like SSNs or credit card numbers) in prompts. This adds to the existing policy to block access to sensitive files: office365itpros.com/2025/11/20/d...
New DLP Policy for Copilot Prompts Available in Preview
A new DLP policy for Copilot prompts monitors blocked sensitive information types like credit card numbers to stop their use in Copilot prompts.
office365itpros.com
November 20, 2025 at 2:37 PM
#Microsoft365 tenants using Copilot chat (free or paid) can deploy a DLP policy to stop people using sensitive data (like SSNs or credit card numbers) in prompts. This adds to the existing policy to block access to sensitive files: office365itpros.com/2025/11/20/d...
Personal view of day 1 of #Ignite2025: A very long keynote, long security lines, and some interesting #Microsoft 365 announcements, especially the bundling of Security #Copilot into E5:
office365itpros.com/2025/11/19/i...
office365itpros.com/2025/11/19/i...
Ignite 2025 KeyNote Delivers Microsoft 365 Announcements
The Ignite 2025 keynote was a marathon 150-minute event, but some interesting Microsoft 365 announcements emerged, mostly centered on AI.
office365itpros.com
November 19, 2025 at 2:16 PM
Personal view of day 1 of #Ignite2025: A very long keynote, long security lines, and some interesting #Microsoft 365 announcements, especially the bundling of Security #Copilot into E5:
office365itpros.com/2025/11/19/i...
office365itpros.com/2025/11/19/i...
Microsoft has launched an Exchange Admin API to help customers migrate from EWS. This is not a full-fledged REST API. It's more like a short-term wrapper API around Exchange Online cmdlets for a particular job.
office365itpros.com/2025/11/18/e...
#Microsoft365
office365itpros.com/2025/11/18/e...
#Microsoft365
Exchange Admin API to Close Gaps in EWS Code Migration
Microsoft launched the preview of the Exchange Admin API on November 17. The new API is intended to allow developers to migrate from EWS.
office365itpros.com
November 18, 2025 at 2:50 PM
Microsoft has launched an Exchange Admin API to help customers migrate from EWS. This is not a full-fledged REST API. It's more like a short-term wrapper API around Exchange Online cmdlets for a particular job.
office365itpros.com/2025/11/18/e...
#Microsoft365
office365itpros.com/2025/11/18/e...
#Microsoft365
Want to know more about the #EntraID apps and service principals in your #Microsoft365 tenant? Here's how to create an analysis with #PowerShell about what apps people are signing into, including the apps with the highest permissions...
practical365.com/service-prin...
practical365.com/service-prin...
Practical Graph: Creating a Service Principal Analysis for a Microsoft 365 Tenant
Understanding the set of registered and enterprise apps active in a MIcrosoft 365 tenant is important. Attackers can sneak in and plant an app ro exfiltrate or otherwise steal data. This article expla...
practical365.com
November 18, 2025 at 2:43 PM
Want to know more about the #EntraID apps and service principals in your #Microsoft365 tenant? Here's how to create an analysis with #PowerShell about what apps people are signing into, including the apps with the highest permissions...
practical365.com/service-prin...
practical365.com/service-prin...
#Entra Governance has a new workflow to remove inactive accounts, which is nice. What might be even nicer is a DIY #PowerShell version (not difficult). Here's how to track and delete down accounts that are not in active use: office365itpros.com/2025/11/17/r...
#Microsoft365
#Microsoft365
How to Remove Inactive User Accounts with PowerShell
The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts. Sounds good, but the same can be done with PowerShell.
office365itpros.com
November 17, 2025 at 8:17 AM
#Entra Governance has a new workflow to remove inactive accounts, which is nice. What might be even nicer is a DIY #PowerShell version (not difficult). Here's how to track and delete down accounts that are not in active use: office365itpros.com/2025/11/17/r...
#Microsoft365
#Microsoft365
In a Friday musing, I contemplate why anyone would want to have a temporary chat with #Microsoft365 #Copilot, and how while these chats don't leave user-accessible traces, they do leave compliance records.
office365itpros.com/2025/11/14/t...
office365itpros.com/2025/11/14/t...
Copilot’s Temporary Chat
A temporary chat with Microsoft 365 Copilot is one that forgets everything discussed in the conversation once the chat is over.
office365itpros.com
November 14, 2025 at 10:47 AM
In a Friday musing, I contemplate why anyone would want to have a temporary chat with #Microsoft365 #Copilot, and how while these chats don't leave user-accessible traces, they do leave compliance records.
office365itpros.com/2025/11/14/t...
office365itpros.com/2025/11/14/t...
Normally the #Office365 for IT Pros team does a good job of detecting changes in #MicrosoftTeams, but the updated path for emails captured by the send to channel feature passed us by. So in case you missed it too, here's the scene:
office365itpros.com/2025/11/13/e...
#Microsoft365
office365itpros.com/2025/11/13/e...
#Microsoft365
Email Sent to Teams Channels Has New SharePoint Location
In January 2025, Microsoft changed the SharePoint location for email sent to Teams channels. Apparently, this update improved security.
office365itpros.com
November 13, 2025 at 7:10 AM
Normally the #Office365 for IT Pros team does a good job of detecting changes in #MicrosoftTeams, but the updated path for emails captured by the send to channel feature passed us by. So in case you missed it too, here's the scene:
office365itpros.com/2025/11/13/e...
#Microsoft365
office365itpros.com/2025/11/13/e...
#Microsoft365
The challenge: find when the #Microsoft365 #Copilot Researcher Agent uses the Claude LLM instead of GPT5. The answer: imperfect audit data gives some insight, but not precise data, so some intitution must be used...
office365itpros.com/2025/11/12/a...
office365itpros.com/2025/11/12/a...
Auditing Claude Usage with the Copilot Researcher Agent
The question was asked if it was possible to identify use of the Claude LLM by the Copilot Researcher Agent. Audit records often help, so that's where we look.
office365itpros.com
November 12, 2025 at 10:23 AM
The challenge: find when the #Microsoft365 #Copilot Researcher Agent uses the Claude LLM instead of GPT5. The answer: imperfect audit data gives some insight, but not precise data, so some intitution must be used...
office365itpros.com/2025/11/12/a...
office365itpros.com/2025/11/12/a...
Use #PowerShell to query Entra ID logs via the Microsoft Graph to sniff out potentially unexpected sign-ins against utility accounts... Could be evidence that attackers are active against a #Microsoft365 tenant (or just poor admin behavior).
practical365.com/check-utilit...
practical365.com/check-utilit...
Practical Graph: How to Check Unexpected Sign-Ins Against Utility Accounts
Utility accounts exist in every Microsoft 365 tenant. These accounts are not intended for normal user activity and include accounts used for Exchange room and shared mailboxes and the break-glass or e...
practical365.com
November 11, 2025 at 5:10 PM
Use #PowerShell to query Entra ID logs via the Microsoft Graph to sniff out potentially unexpected sign-ins against utility accounts... Could be evidence that attackers are active against a #Microsoft365 tenant (or just poor admin behavior).
practical365.com/check-utilit...
practical365.com/check-utilit...
#EntraID now supports soft-deleted security groups, so here's a brief history to explain why only certain group types can be restored and a #PowerShell script to list and restore soft-deleted #Microsoft365 and security groups.
office365itpros.com/2025/11/11/s...
office365itpros.com/2025/11/11/s...
Soft-Deleted Security Groups Now Supported by Entra ID
Entra ID has long supported soft-deleted Microsoft 365 Groups. Now support is available for soft-deleted security groups in the Entra admin center & PowerShell.
office365itpros.com
November 11, 2025 at 9:10 AM
#EntraID now supports soft-deleted security groups, so here's a brief history to explain why only certain group types can be restored and a #PowerShell script to list and restore soft-deleted #Microsoft365 and security groups.
office365itpros.com/2025/11/11/s...
office365itpros.com/2025/11/11/s...
There's been a big ho-hah in security circles about the new ability in #MicrosoftTeams to start a chat with an email address. Those who think this is an issue might not have factored the controls to limit the feature. Here's the situation: office365itpros.com/2025/11/10/c...
#Microsoft365
#Microsoft365
Teams Chat with Email Address Feature Causes Some Heartburn
A new Teams feature allows users to initiate a chat with email address. This caused some commotion in the security community, but it's not that bad.
office365itpros.com
November 10, 2025 at 10:06 AM
There's been a big ho-hah in security circles about the new ability in #MicrosoftTeams to start a chat with an email address. Those who think this is an issue might not have factored the controls to limit the feature. Here's the situation: office365itpros.com/2025/11/10/c...
#Microsoft365
#Microsoft365
In a fun Friday exercise, I use #PowerShell to discover who uses emojis to react to #MicrosoftTeams messages. Not much business value, but a good example of how usefui audit data can be. office365itpros.com/2025/11/07/t...
#Microsoft365
#Microsoft365
Usage of Teams Reactions and Emojs - Analyze with PowerShell
This article explains how to use PowerShell to extract audit data to analyze the use of emojis as Teams reactions to chat and channel messages.
office365itpros.com
November 7, 2025 at 10:05 AM
In a fun Friday exercise, I use #PowerShell to discover who uses emojis to react to #MicrosoftTeams messages. Not much business value, but a good example of how usefui audit data can be. office365itpros.com/2025/11/07/t...
#Microsoft365
#Microsoft365
#EntraID now supports a last used date for authentication methods, so I've updated the #Microsoft365 user passwords and authentication report (#PowerShell) to surface this data:
office365itpros.com/2025/11/06/a...
office365itpros.com/2025/11/06/a...
V1.5 Password Report and Authentication Methods
The Microsoft 365 User Passwords and Authentication report now includes the last used date for authentication methods (when available).
office365itpros.com
November 6, 2025 at 10:55 AM
#EntraID now supports a last used date for authentication methods, so I've updated the #Microsoft365 user passwords and authentication report (#PowerShell) to surface this data:
office365itpros.com/2025/11/06/a...
office365itpros.com/2025/11/06/a...
There's no out-of-the-box report available to find unused proxy addresses for Exchange Online mail-enabled objects, but a PowerShell script to download historical message trace data to check every proxy address to see if they're used.
#PowerShell #Microsoft365
practical365.com/find-unused-...
#PowerShell #Microsoft365
practical365.com/find-unused-...
Finding Unused Proxy Addresses for Exchange Online Mail-Enabled Objects
A request came in about how to find unused proxy addresses for Exchange Online mail-enabled objects. There's no out-of-the-box report available for proxy address usage, but we can solve the problem by...
practical365.com
November 5, 2025 at 5:15 PM
There's no out-of-the-box report available to find unused proxy addresses for Exchange Online mail-enabled objects, but a PowerShell script to download historical message trace data to check every proxy address to see if they're used.
#PowerShell #Microsoft365
practical365.com/find-unused-...
#PowerShell #Microsoft365
practical365.com/find-unused-...
I've tried to like the #Microsoft365 companion apps but conclude that they're a waste of space that clutter the toolbar. Feel free to disagree, but these are apps that are now disabled on my PCs: office365itpros.com/2025/11/05/c...
Microsoft 365 Companion Apps Fail to Impress
Microsoft 365 Companion Apps are being deployed to Windows 11 PCs now. The apps don't add much value, so we discuss how to remove them,
office365itpros.com
November 5, 2025 at 2:21 PM
I've tried to like the #Microsoft365 companion apps but conclude that they're a waste of space that clutter the toolbar. Feel free to disagree, but these are apps that are now disabled on my PCs: office365itpros.com/2025/11/05/c...
Some recent rumors might lead you to believe that Microsoft is about to dump the "new" #Outlook to build a new AI-powered email client. Here's why I don't think this will happen: office365itpros.com/2025/11/04/n...
#Microsoft365
#Microsoft365
Microsoft Won't Dump New Outlook
A recent report says that new Microsoft leadership wants to reimagine Outlook. While this might be true, it doesn't mean that New Outlook is dead.
office365itpros.com
November 4, 2025 at 2:38 PM
Some recent rumors might lead you to believe that Microsoft is about to dump the "new" #Outlook to build a new AI-powered email client. Here's why I don't think this will happen: office365itpros.com/2025/11/04/n...
#Microsoft365
#Microsoft365
The 125th monthly update for the #Office365 for IT Pros eBook is available for subscribers to download. The announcement post explains all, including a wry look at the Microsoft FY26 Q1 results.
office365itpros.com/2025/11/03/o...
office365itpros.com/2025/11/03/o...
Office 365 for IT Pros November 2025 Update
The Office 365 for IT Pros Team is happy to announce the availability of the November 2025 update. Subscribers can download the PDF and EPUB files for update #125 from Gumroad.com. In other news, we c...
office365itpros.com
November 3, 2025 at 1:39 PM
The 125th monthly update for the #Office365 for IT Pros eBook is available for subscribers to download. The announcement post explains all, including a wry look at the Microsoft FY26 Q1 results.
office365itpros.com/2025/11/03/o...
office365itpros.com/2025/11/03/o...
Revised licensing terms for Microsoft Defender for #Office365 means that it's no longer required to have MDO P2 licenses for every user and shared mailbox - unless those mailboxes benefit from MDO. All explained here: office365itpros.com/2025/10/31/m...
#Microsoft365
#Microsoft365
New Guidance for MDO P2 Licensing Issued by Microsoft
Some inconsistencies in the MDO P2 service description and licensing terms exposed a need for tenants to license all mailboxes. Microsoft has changed the terms
office365itpros.com
October 31, 2025 at 8:55 AM
Revised licensing terms for Microsoft Defender for #Office365 means that it's no longer required to have MDO P2 licenses for every user and shared mailbox - unless those mailboxes benefit from MDO. All explained here: office365itpros.com/2025/10/31/m...
#Microsoft365
#Microsoft365
The #SharePoint site attestation policy is another mechanism to help #Microsoft365 tenants clean up digital debris from sites (so that #Copilot doesn't use the info). It works quite well, but will tenants use it?
office365itpros.com/2025/10/30/s...
office365itpros.com/2025/10/30/s...
Using the SharePoint Online Site Attestation Policy
The site attestation policy is designed to require site owners to make a positive statement that the settings of their site, including membership, are accurate.
office365itpros.com
October 30, 2025 at 9:37 AM
The #SharePoint site attestation policy is another mechanism to help #Microsoft365 tenants clean up digital debris from sites (so that #Copilot doesn't use the info). It works quite well, but will tenants use it?
office365itpros.com/2025/10/30/s...
office365itpros.com/2025/10/30/s...
#Microsoft365 Sensitivity labels have a new way of grouping. It's called a new dynamic architecture, but it's really just a new way to display labels in apps. Here's the story: office365itpros.com/2025/10/29/s...
Sensitivity Labels Groups Replace Parent-Child Arrangement
Microsoft announced the modernization of grouping for sensitivity labels to a new "dynamic architecture." It doesn't take much to be more dynamic than before
office365itpros.com
October 29, 2025 at 10:22 AM
#Microsoft365 Sensitivity labels have a new way of grouping. It's called a new dynamic architecture, but it's really just a new way to display labels in apps. Here's the story: office365itpros.com/2025/10/29/s...
#Microsoft365 tenants get too much spam, and some of that traffic gets delivered to Junk Email. Here's a script I wrote for @maryjofoley to divert the spam into quarantine. Not that MJF will ever implement #PowerShell (even written in Notepad).
practical365.com/analyze-junk...
practical365.com/analyze-junk...
Practical PowerShell: How to Analyze Junk Email and Intercept Traffic from Spammy Domains
Despite the best efforts of anti-spam solutions, some unwanted messages usually get through to user inboxes. This article explains how to analyze messages that end up in Junk Email and use the results...
practical365.com
October 28, 2025 at 10:50 AM
#Microsoft365 tenants get too much spam, and some of that traffic gets delivered to Junk Email. Here's a script I wrote for @maryjofoley to divert the spam into quarantine. Not that MJF will ever implement #PowerShell (even written in Notepad).
practical365.com/analyze-junk...
practical365.com/analyze-junk...
here's been a lot of internet hype about the #MicrosoftTeams feature to auto-set work locations. It's really not employee monitoring software, no matter what some think. Here's why: office365itpros.com/2025/10/28/t...
#Microsoft365
#Microsoft365
Automatic Update for Teams Work Locations Is Not a Problem
As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about employee monitoring.
office365itpros.com
October 28, 2025 at 10:47 AM
here's been a lot of internet hype about the #MicrosoftTeams feature to auto-set work locations. It's really not employee monitoring software, no matter what some think. Here's why: office365itpros.com/2025/10/28/t...
#Microsoft365
#Microsoft365
There was a bit of fuss last week when a French company reported that #MicrosoftTeams access tokens could be stolen and reused. Well yes, but only if you have a compromised workstation to play with surely?
office365itpros.com/2025/10/27/l...
#Microsoft365
office365itpros.com/2025/10/27/l...
#Microsoft365
Stealing Secrets from the Teams Local State File
Teams stores information in a local state file, including encrypted access tokens. A report explained how to extract and use those tokens. Is this important?
office365itpros.com
October 27, 2025 at 10:12 AM
There was a bit of fuss last week when a French company reported that #MicrosoftTeams access tokens could be stolen and reused. Well yes, but only if you have a compromised workstation to play with surely?
office365itpros.com/2025/10/27/l...
#Microsoft365
office365itpros.com/2025/10/27/l...
#Microsoft365
We all make mistakes - the good thing is to use the knowledge gained to reinforce good habits. Here's my latest experience of messing up by adding an #EntraID enterprise app without much thought: office365itpros.com/2025/10/24/e...
#Microsoft365
#Microsoft365
Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea
Enterprise apps can come from a variety of sources. Most are Microsoft 1st party apps, and the rest are ISV apps. It's easy to make a mistake and add an app.
office365itpros.com
October 24, 2025 at 9:31 AM
We all make mistakes - the good thing is to use the knowledge gained to reinforce good habits. Here's my latest experience of messing up by adding an #EntraID enterprise app without much thought: office365itpros.com/2025/10/24/e...
#Microsoft365
#Microsoft365