Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?
Hidden Group and Hidden Group Membership
Hi everyone! I have come across a requirement where the client would like to use an excel spreadsheet, a service account and application registration to manage group membership for a confidential group. They would like to create a group from which the members cannot leave, see other team members and cannot see the group itself. Now, I have the concept of the flow with me but for the life of me, I cannot get around to finding/configuring a group that meets the requirement. Have you guys come across this sort of scenario? Group Configuration: Users should not be able to view the group Users should not be able to view members of the group Users should not be able to leave the group Thanks in advance.Office 365 Backup
Iam Looking For: Find a backup solution for our Office 365 data such as SharePoint/OneDrive content, e-mails, calendars, contacts, notes, tasks etc. ! The harddrives of the machine definitly need to be encrypted. Not sure of synology can do that reliably (LUKS?). Synology had some security issues in the past, but they might have been only relevant if they are exposed to the internet. I think we have two options: Backup in the office on encrypted drives with very restricted access (SSH?) Encrypt backup and upload it to S3 (not sure if there's a tool for that) I'm fine with both. Is there an open source tool that can mirror Office 365 on a local machine? (Linux) is the Synology tool proprietary?
Azure Sentinel Incident Severity Mapping
Hi, So Sentinel categorizes its incidents as "Low, Medium or High". However, a typical SOC might have incidents ranging from P1-P5. I'm curious how have other organizations mapped the 3 Sentinel severitys to the a typical incident priority rating of P1-P5 (so 5 categories). We'd like to automate the logging of Sentinel tickets in our ISMS system, but how to map 3 into 5 priorities? Thank you, SKOffice 365 Home DKIM Configuration
Hi, I have an Office 365 home account and have configured a personalised email address using GoDaddy. I have configured SPF on the GoDaddy Domain that appears to work. Is it possible to setup DKIM too for my configuration? All online instructions I have seen refer to Office 365 Business accounts and in particularly using the Admin Centre to configure this, (which Office Home doesn't have access to). Any help you can provide would be appreciated. Thanks in advance. Regards, SimonO365 - EU and China
Hi Worldwide Org - based in EU - they have a Tenant - and are about to migrate all users personal files from fileservers to OD4B - (into the EU data center) However there's a subset of users that resides in China - and apparently there's some China regulations saying data "must" reside inside China - (china users connection to the EU Tenant/OneDrive are very slow) so how do I solve this "architecture" in the best way possible? Multi-geo is not an option as China aren't supported. Does the Company create a SharePoint Farm in China and let the users in China have their OD4B on that - what about collaboration on documents, ediscovery etc. etc. between EU/China users in those scenarios? Does the company create a separate Tenant inside China and initiate the B2B capabilities in the EU tenant? How have others solved this?
Email alert when roles are adjusted
Hi all, I've had a look around but can't find anything up to date that would help my issue. What we're after is an email alert whenever a 365 role is changed (user added or removed). Looking in Defender, there's only an alert for an Exchange Administrator change. Is there anyone who has something in production that would do this job? Kind regards TomRestricted Content Discovery
SharePoint Advanced Management includes a feature called "Restricted Content Discovery" aka RCD. The FAQs mention that: Restricted Content Discovery only affects tenant-wide search (SharePoint home, Office.com, Bing) and Microsoft 365 Copilot But then it goes on to mention: Restricted Content Discovery doesn't remove content from the tenant search index. and: Restricted Content Discovery is a site-level property. I completely understand that its intended use is to give organisations time to review and/or audit permissions and deploy access controls while onboarding Copilot in a safe manner. My focus is custom search solutions and custom apps that use search and should respect the RCD property. Being a property and the content remains in the index, it could be interpreted that RCD feature only works in the named services i.e. SharePoint Home, Office.com, Bing and Microsoft Copilot and it does not apply in Micrsoft Search, custom organisation-wide Search solutions e.g. using PnP-Search, API calls using the Graph etc. Is that the case? Also can the property be queried and retrieved using the Search API or is it limited to PowerShell?
Can't use a SPN in a PowerBi dashboard to access SharePoint lists
Hoping you can help with an ongoing issue I have. I have a PowerBi dashboard I built using regular account to fetch some SharePoint lists and uploaded it to PowerBi for others to view Now in PowerBi portal I want to change the credential from my account to an SPN. I've read what feels like a thousand articles describing the process to create the SPN 99% all the same. Yet when I go into Powerbi portal, edit the semantic model for the dashboard, click edit credentials, select Service Principal put in the tenant ID the Service principal ID (yes using the app id, in fact I tried everything) the service principal key (the secret) and choose any privacy level it fails 100% of the time. Error is: Failed to update data source credentials: The credentials provided for the SharePoint source are invalid. Same error regardless of what privacy level I choose. I'm sure the secret is correct also. Just for fun I tried the Secret ID and the Object ID in place of the Application ID for the Service principal ID field. All failed same error. I'm sure the secret is correct also. The SPN has Graph sites.read.all, Graph user.read and SharePoint Sites.Read.All api permissions configured. All are consented. Everything seems right but gives me the error failed to retrieve oauth token 100% of the time. Am i missing something else? More API permissions maybe? Do i still need ot actually add the SPN to the Sharepoint site itself even though I has API permissions SharePoint Sites.Read.All? I've done days of research and all I find is lots of people with same or similar issue but not resolution. Is this a bug? Help me I'm desperate to get this fixed or I'm going to have to allow people to bypass MFA across my organization which I cant have.
