Category: Office 365

  • Blocking Screenshots in iOS Work Applications

    Blocking Screenshots in iOS Work Applications

    A new feature to Intune managed iOS devices, via App Protection Policies, is the ability to block screenshots (“screencapture” in Apple’s terminology). This has started to become available since the end of November 2024 and was mentioned in Message Center MC907517, though this article targeted developers and not administrators. Microsoft has released two new versions…

  • SSL Inspection and Microsoft 365

    SSL Inspection and Microsoft 365

    There are a number of features in Microsoft 365 that do not work if SSL Inspection (also known as TLS Interception) is enabled on your device or network provider. You need to disable the listed URLs that Microsoft provides in its documentation. The problem is there is a lot of disconnected documentation! This blog post…

  • Entra ID and Parental Consent

    Entra ID and Parental Consent

    For organizations that store the data of young adults and children, and in some legal regions, adults who cannot consent to their own legal affairs, you need to record the Age Group for the user, along with any Consent Provided in the case of Minors. There are three categories of Age Group in Entra ID…

  • SharePoint Org Assets Library Missing Read Permissions for “Everyone Except External Users”

    SharePoint Org Assets Library Missing Read Permissions for “Everyone Except External Users”

    A SharePoint Organization Assets Library allows you to have a central location for Office templates, fonts and images. Various Microsoft 365 apps show this location when in use, for example when creating a new document in Word, the organization templates library can be listed as a source of templates. To create an Organization Assets Library…

  • Seamless Office 365 Message Encryption (OME) Never Works

    Seamless Office 365 Message Encryption (OME) Never Works

    Microsoft 365 Purview Message Encryption, previously known as OME (Office Message Encryption) and before that Microsoft Rights Management, allows you to share protected email with anyone on any device. Users can exchange protected messages with other Microsoft 365 organizations, as well as third-parties using Outlook.com, Gmail, and other email services. The feature is part of…

  • Post Tenant To Tenant Migration Calendaring Issues

    Post Tenant To Tenant Migration Calendaring Issues

    When you perform a Microsoft 365 tenant to tenant (T2T) migration and run a migration that is either staged over some time or sometime after the migration has completed you cutover the domains from the old tenant to the new tenant (that is, you were doing a rebrand and the new tenant had a new…

  • More Frequent Quarantine Notifications in Exchange Online Protection

    More Frequent Quarantine Notifications in Exchange Online Protection

    Available from the end of April 2023 there is now an option to increase the notification interval to end users about items in the quarantine. The Microsoft 365 Quarantine is at https://security.microsoft.com/quarantine and though this is a good link to add corporate intranets, its also a useful one for users to remember and bookmark. Up…

  • What Is “Multifactor Authentication Trusted IPs”

    In Azure AD for location based conditional access rules you can select “Multifactor Authentication Trusted IPs” as a location. This short blog post outlines what this is. As an example of the use of this location, it could be used as follows in Conditional Access: The location selected in the above is “Multifactor Authentication Trusted…

  • Fixing the Display of Voicemail In Outlook

    Fixing the Display of Voicemail In Outlook

    Once upon a time voicemail in Office 365 was done in Exchange Online Unified Messaging, but that was retired early 2020. Voicemail is now provided by a service known as Cloud Voicemail but Outlook did not keep up to date if you have a newly created tenant and now when voicemail arrives in Outlook it…

  • Turn Off Self-Service Purchases in Microsoft 365

    Turn Off Self-Service Purchases in Microsoft 365

    Microsoft 365 has a route for users to buy their own products rather than products purchased and licenced by the company. This blog outlines how to turn this off. Install the MSCommerce PowerShell module with: Only PowerShell v5 is supported. You can install it into PowerShell v7 but it will not run. Then connect to…

  • Allowing “Phish” Training Emails in Exchange Online

    With the introduction of “Secure by Default” in Exchange Online, where you used to add IPs and other settings such as allow-lists to allow your phish training emails to get through to your users this will no longer work, and shortly it will no longer work to bypass the Exchange Online filters using mail flow…

  • Microsoft 365 – How To Enable A Progressive Web Application

    A Progressive Web Application (PWA) is an application that runs in a website which you can separately have an icon for on your desktop (Windows, Chromebook, Raspberry PI, Linux, Android and other operating systems). This icon can be pinned to the Start Menu (or equivalent) and starting it opens the web application in a separate…

  • Proxies and Firewalls and Installing Microsoft Office Subscription Software

    Proxies and Firewalls and Installing Microsoft Office Subscription Software

    Microsoft Office 365 client software (Word, Excel etc.) has been available as a subscription model for over ten years and using the Click-2-Run technology for all or most of that time, but I still see a lot of people who are unsure how it actually works, assuming its a standard installer they have used for…

  • Centrally Managing Microsoft 365 Apps Updates

    Centrally Managing Microsoft 365 Apps Updates

    It used to be the domain of 3rd party enterprise apps or Microsoft’s Configuration Manager to control the updates (or servicing) of your Microsoft Office apps (now called Microsoft 365 Apps). With recent additions to the Office Configuration Portal at https://config.office.com you can have central admin of updates including groups to deploy and in which…

  • Removing a Default Sensitivity Label

    In Microsoft 365 Sensitivity Labels you can have a label policy that requires that all content is labelled. If you enable this and then later decide this is not for you, you can republish your label policy and disable the default label and the require label policies. That is, your settings start like this: And…

  • Microsoft 365 From A Raspberry Pi 400 Personal Computer

    So my new computer arrived today, its a keyboard and a few cables, and as my first computer was a ZX Spectrum when I was 14, this brings back a few memories. But, is it usable today with services such as Microsoft 365? Lets see… First, the actual computer is in the keyboard, but its…

  • Enable EOP Enhanced Filtering for Mimecast Users

    Enable EOP Enhanced Filtering for Mimecast Users

    Enhanced Filtering is a feature of Exchange Online Protection (EOP) that allows EOP to skip back through the hops the messages has been sent through to work out the original sender. Take for example a message from SenderA.com to RecipientB.com where RecipientB.com uses Mimecast (or another cloud security provider). The MX record for RecipientB.com is…

  • Mail Flow To The Correct Exchange Online Connector

    In a multi-forest Exchange Server/Exchange Online (single tenant) configuration, you are likely to have multiple inbound connectors to receive email from the different on-premises environments. There are scenarios where it is important to ensure that the correct connector is used for the inbound message rather than any of your connectors. Here is one such example.…

  • Deploying Zoom Add-In To All Outlook Users

    With the sudden change in working practices, a (large) number of companies has start to use Zoom as their video conferencing software. Though this software is not from Microsoft, that does not stop an Office 365 or Exchange Server administrator helping their users out in terms of scheduling Zoom meetings via an add-in in Outlook.…

  • Register For Azure AD MFA From On-Premises Or Known Networks Only

    Register For Azure AD MFA From On-Premises Or Known Networks Only

    A long request within Azure AD/Office 365 has been the request to be able to register your security info from a known location or only on certain other conditions. Well it looks like this has appeared in Azure AD in the last few days!! Its visible under Azure AD > Conditional Access > New/Existing Policy…

  • Review and Audit Offensive Language in Office 365 Communications

    Review and Audit Offensive Language in Office 365 Communications

    A new feature as of May 2018 in Office 365 is to filter communications based upon the offensive language machine learning filter. This is part of the Supervision settings that have been available for a number of years. The Offensive Language model uses a combination of machine learning, artificial intelligence, and keywords to identify inappropriate…