news and know-how about microsoft, technology, cloud and more.

Delegate365 changelog version 7.5-SignIn-Activities and GDPR module

The previous versions of Delegate365 brought major updates with the new reporting engine and over 80 reports. With Delegate365 version 7.5 there are more improvements coming as litigation hold for Shared Mailboxes, more reports and a new GDPR module. See the details here.

  • Important: If your current Delegate365 version was 7.3, you need to run a new Delegate365 setup once. Please see Delegate365-(Re)run the setup for a step-by-step manual. This step is necessary after the update to Delegate365 v7.5 was done. This step is NOT necessary if you have already been on Delegate365 version 7.4.
    You need to have a Global Administrator without MFA enabled to run the setup and to accept the new Delegate365 consent:
    So, after the setup, login with the Global Administrator and accept the new consent for all users in your tenant - otherwise no one can sign-in and use the Delegate365 app.
  • Report-Update: Exchange User forwarding: Users and Admins can configure email forwarding to another (internal or external) mailbox. If forwarding is set, the Exchange/User forwarding report informs about these forwards. Then, Admins get a list of all users within their OU's with information if email forwarding is activated and to what address, similar as here (the Excel output is already filtered in this sample).
  • [Updated May 4th:] OneDrive Report of a user includes a "shared only" option: In the users list, an Admin can generate a list of files of a user's OneDrive for Business storage. There's a new switch to show only files in that report that have been shared with other users- This reduces the report size and makes sense e.g. if a user leaves the organization and you want to inform the other users that there are shared files existing that will be lost if the user is deleted.
    By default, the "Only shared files" switch is set to Yes.
  • New report: Azure Active Directory Sign-in activity: As the name suggests, Admins get a report of successful and unsuccessful sign-in activities of their users for the last 30 days.
    When the report is generated, the list informs about users, status, location and apps that were used within your tenant. Scope-Admins see just their entitled data.
  • Tip: Visualize the Azure Active Directory Sign-in activity report with Microsoft Excel or Power-BI!
    Download the generated CSV or Excel-file and use it as data source. Here, you can create various interesting graphics with filters as needed, similar as in this sample with Power-BI here.
    This map powered by Bing, shows unsuccessful logins that were blocked by the Office 365 login system. With that data, you can generate reports as:
    - SignIn-failures
    - Successful logins
    - Logins by country
    - Logins by city
    - Logins by UPN
    - Logins by App
    - Logins by Devices
    ...and so on. The data can be used and filtered as needed, as e.g. to get an overview of the apps used, etc.
    So, Delegate365 reporting allows powerful statistics of all (entitled) sign-ins within your Office 365 tenant and even for Scope-Admins for their data.
  • New GDPR-module: Portal-Admins get a new module in the administration menu named GDPR. This allows to fulfill a user's request for the right to be forgotten in Delegate365.
    In Delegate365, the data sync operation automatically updates or deletes data from the Microsoft Office 365 tenant. So, deleted objects are deleted from the Delegate365 cache automatically without any additional effort. If a user requests that his personal data as the name, email address or other personal user properties shall be deleted from the Delegate365 audit logs (!), you as a Portal-Admin can follow that request here. Open the description in the GDPR page to get more information.
    This module works analogous to the report module. Portal-Admins can create a job to delete any personal user data from Delegate365's audit logs. One or more UPNs can be added and submitted in the GDPR form for execution.
    Once the deletion-job is executed (this happens within some minutes), personal data is anonymized in all Delegate365 audit logs. A user name is anonymized as DeletedUserxx (with a current number) and any personal data is cleared in all entries. There is a report generated for each user. If selected, an email is sent to the job owner as in the report module. The generated report informs when and how often the user data has been cleared in the Delegate365 audit logs. With this module, Delegate365 provides a process for the Portal-Admins to fulfill the user's right to be forgotten consistently.
  • Shared Mailboxes: New Hide from address list and Litigation Hold: These settings can now be controlled in Delegate365 by all Admins. Litigation Hold preserves items in the Recoverable Items folder in the user's mailbox and can take up to 60 minutes to take effect. Find more about setting Litigation Hold at Place a mailbox on Litigation Hold and In-Place Hold and Litigation Hold in Exchange 2016.
  • Resources: New Hide from address list and Litigation Hold: The same goes for resources: New Hide from address list and Litigation Hold.
  • Federated Resources fix: Federated resources have just two properties that can be successfully updated in the cloud. These are ResourceCapacity and LitigationHoldEnabled, while cloud resources that can be updated allow to modify ResourceCapacity, Department, Company, Alias, DisplayName, Name, HiddenFromAddressListsEnabled, and LitigationHoldEnabled. For federated resources, an update caused an error since read-only attributes would be updated. This has been fixed with this version.
    So, a synced resources can now be just edited as here - the remaining properties are disabled.
  • [Updated May 2nd:] Synced Users, enable or disable a UPN change: Changing the UPN can now be controlled in Delegate365. In former Delegate365 versions changing the UPN was always possible for federated users as a feature the Office 36 portal does not provide. Since most organizations using hybrid mode, they manage users only in the on-premises Active Directory as leading system. In that scenario, you want to disable UPN change in Delegate365. Delegate365 knows about each object (cloud) status and deactivates properties that cannot be edited automatically as shown below. Now, this feature can be controlled with a new Admin setting in administration / configuration / settings: "[x] Admins can change the User Principal Name of federated users".
    If set to Yes (which is the default setting), Admins can change the UPN of federated users in Delegate365 as before. If set to No, the UPN fields are disabled in Delegate365. This setting is valid instantly and controls the behavior of the user edit form as shown here. (Note, that the already existing switch "[x] Admins can change UPN" is valid for could users.)
    For federated users, the UPN change can now be controlled by Portal-Admins in Delegate365 with this version. By default, it's set to enable UPN change.
  • Direct link to Delegate365 changelog and articles: In the status line on each page bottom, you see the current Delegate365 version. Now, users can click on the version link to open the atwork blog automatically filtered for articles about Delegate365. The newest article is on top. The direct link is
    This helps to get an overview of the latest product news about Delegate365 quickly.

Delegate365 version 7.5 provides useful updates and new features. We hope you like them. The update time will be planned accordingly with our customers. New Delegate365 tenants will get this version automatically starting by begin of May.