news and know-how about microsoft, technology, cloud and more.

Use Azure AD app principal without user context

For an application registered in AAD to be able to run in application context only without a user context the "Company Administrator" role has to be assigned to the application in order to be able to access administrator endpoints for APIs like the Microsoft Graph. No additional permissions have to be assigned to the application after assigning this role.The assignment has to be done using PowerShell and looks like this: (the app registration has to be done beforehand)Install-Module AzureADConnect-AzureAD$app = Get-AzureADServicePrincipal -SearchString "your app name"$role = Get-AzureADDirectoryRole | Where-Object { $_.DisplayName -eq "Company Administrator" }Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $app.ObjectIdNote that you have to replace the string "your app name" with the name provided to your app registration. The script intalls (if not already installed) the AzureAD PowerShell module and uses the contained commandlets to get the service principal of the app registration by name, gets the Azure AD Directory Role "Company Administrator" and adds this role to the service principal of the app. After the role has been added, the app might, e.g., make queries to the user endpoint of the Microsoft Graph API to get properties from any users in the AAD.

Why we moved away from Exchange distribution groups to Office 365 groups

A very simple use case let us give up our Distribution lists. This article discusses why and how we did it and delivers tips how to improve your experience with Office 365 groups.
How can you replace old” distribution groups from a synced environment with new” Office 365 groups? And how to add, delete or modify email addresses to an Office 365 group? This article shows the steps.

Working With Office 365 Groups And Connectors article series at MVP Award Blog

Recently, the Microsoft MVP Award Program Blog published my three-part series about Working With Office 365 Groups And Connectors”. Read the articles online in the MVP blog here.

Gain access as delegated partner to another Office365 tenant with PowerShell

The goal was administer an Office365 tenant as delegated partner. But, currently I had difficulties to access another Office365 tenant in the Microsoft Partner Portal. When selecting a partner and opening the Office 365 admin center, not the partner tenant was opened but instead my own tenant. I didn’t figure out why this no longer was working. Anyway, I tried to use PowerShell instead…

MailTips in Exchange Online nutzen um sicherer zu kommunizieren

MailTips in Exchange Online können für unterschiedliche Dinge verwendet werden: gibt es eine DLP Policy, die den Benutzer warnt, bevor er sicherheitsrelevante Nachrichten versendet oder dies sogar verhindert oder auch einfache MailTips, die vor allem dazu dienen sollen, den Nachrichtenverlauf zu verbessern. Beispielsweise könnte ein MailTip dazu dienen den Absender zu informieren, dass er gerade an eine Verteilerliste mit mehr as 25 Empfängern sendet.

Skype for Business Policies im Griff haben-Teil 1

Skype for Business Online ist ein wichtiges Service von Office 365 mit dem professionelle Teamarbeit und Online Besprechungen sowie Web-und Videokonferenzen möglich sind. Im Unternehmensumfeld müssen die Berechtigungen und Features gut geplant werden, sehr oft werden dort andere Anforderungen an eine Implementierung gesetzt, als in der Standardkonfiguration vorgesehen sind. Wie man dennoch zur passenden Policy kommt, darum geht es in dierser Artikelserie.

Raise user awareness with a MailTip for external recipients in Exchange Online

Policy tips in Exchange Online can be used for a lot of things: warnings if a user sends confidential information to someone outside the organization if a proper DLP policy is in place or other useful things. One simple and effective MailTip is available for a while now and helps to raise user awareness in writing e-mails.