Microsoft365

Sensitivity labels in Microsoft 365 are a crucial feature for organizations to protect and manage their data. These labels allow organizations to classify and safeguard sensitive information based on its level of confidentiality. By applying sensitivity labels, organizations can control access, encrypt data, apply policies, and track and monitor on sensitive information. Users can apply sensitivity labels to classify and protect their data. However, applications unfortunately cannot currently assign sensitivity labels. ...

Our Governance Toolkit 365 (GT365) provides information and automation solutions for a Microsoft 365 tenant. In order to use the functions, this app must be approved by an administrator. In addition, new solutions are constantly being added. Some of these also require new permissions. You can find out how you as an administrator can grant and renew these permissions here. GT365 requires an app “Governance Toolkit 365” that reads the data from the M365 tenant and collects it for further actions. An administrator must approve this app so that the functions can be used. There are the following functions that administrators can perform: ...

Microsoft Entra Privileged Identity Management (PIM) allows administrators to manage role assignments efficiently, ensuring that users have the necessary permissions only when needed. By following a few simple steps, administrators can make users eligible for specific roles, activate roles as required, and manage both built-in and custom roles. This process enhances security by minimizing the duration and scope of privileged access, making it a crucial tool for maintaining a secure and compliant environment. In this article, we explore how to read a user’s Microsoft Entra roles and history using PIM and the Microsoft Graph REST API. ...

In Delegate365, there exist two methods to configure Multi Factor Authentication (MFA) for users: the functions “Authentication methods (MFA)”, and “MFA (Legacy)”. See the difference here, and how to disable the “MFA (Legacy)” feature. Authentication Methods (MFA): This is Microsoft’s modern MFA setting method. Delegate365 allows you to remove authentication methods for a user, so the user will have to reconfigure their MFA if they are removed. MFA (Legacy): This method is deprecated, which is why we called it “Legacy.” It requires a service account without MFA to work, and will stop working after March 2025, see Important update: Deprecation of Azure AD PowerShell and MSOnline PowerShell modules. Therefore, this feature is only present for historical reasons. If it is not needed, we recommend disabling it as below. ...

A year ago, Microsoft announced the “Transition to List Flows as Admin V2 action from deprecated List Flows as Admin action” for Power Automate. Well, we were using the old API endpoint for working with flows in our own software until it stopped working recently. It took some time until we found workarounds or a successor. Also the PnP modules still are using the old API, and the endpoint address is currently not documented on any Microsoft website. Find it here! ...

Microsoft is rolling out the new Teams v2 client. This is now a Single Page Application (SPA), which means generated deep links no longer work. Unfortunately, this also affects the GT365 solution 09 and 11, e.g. to open the settings of a team and the management of members with a button. Here you can find out why this is the case and what workarounds are possible. This means that a direct link like https://teams.microsoft.com/v2/#/teamDashboard/[team-name]/[team-.id]/td.members now always leads to https://teams.microsoft.com/v2/ and the user ends up in the chat area. This is undesirable, but unfortunately cannot be changed because Microsoft no longer supports direct links in the Teams v2 client due to the new SPA architecture. For Governance Toolkit 365 customers, see also the news entry in the GT365 admin portal. ...

Utilizing Graph connectors simplifies the process of incorporating your data into Microsoft 365 search and Microsoft 365 Copilot, enhancing your experience with seamless integration. A fresh addition to Copilot’s capabilities is the Relevance Tuning feature, that significantly enhances Copilot’s functionality.. The Relevance Tuning feature allows for fine-tuning the relevance of search results, ensuring that Copilot delivers even more accurate and tailored responses. By leveraging this innovation, users can expect a marked improvement in the quality and precision of Copilot’s outputs. Administrators now have the power to assign importance weights to different properties within Graph connections. This customization means that search results can be fine-tuned to align closely with an organization’s unique requirements, making the discovery of relevant content more intuitive and efficient. Administrators can find out more about that topic at Microsoft Graph connectors overview for Microsoft Search. ...

In Part 2 of this series we look into setting up and managing applications in a Microsoft 365 tenant. In Part 1, I focused on how Azure AD applications can be used to provide secure access control to data and services. I demonstrated how to create an Azure AD application in the home tenant and the importance of integrating with Azure AD for centralized app registration, management, and security measures. In this article, I will dive deeper into the topic and exploring how to use and manage a multitenant app in foreign M365 tenants. So, let’s get started! ...

Microsoft Entra ID (or Azure AD) applications are cloud-based applications that can be integrated with Azure AD for authentication and authorization purposes. Using such applications provides a way to centrally manage and secure access to your cloud-based applications and services using Azure AD identities and credentials. This article is presented in two parts, exploring the practical implementation and functionality of apps across tenant boundaries. It provides an overview of how these apps operate and the details of permissions when used in a real-world setting. ...

Need to activate the Microsoft 365 sensitivity labels for Groups and Sites? This must be done with PowerShell. Find the current working script here. The article Assign sensitivity labels to Microsoft 365 groups in Microsoft Entra ID describes basically how to activate the Groups and Sites settings with Microsoft Beta Graph PowerShell: “…To apply published labels to groups, you must first enable the feature. These steps enable the feature in Microsoft Entra ID….”. My colleague Christoph Wilfing corrected and completed the script so that it optimizes module loading times and works in all cases. Thx Christoph! ...