Recent Discussions
Regression: File hyperlinks with #Bookmark no longer work in Office 2601/2602
After updating to Office Version 2601/2602 (Current Channel / Current Channel Preview), file‑based hyperlinks that include a bookmark (e.g., C:\File.docx#Bookmark) no longer work. Office now rewrites the # as %23 and hands the link off to the default browser, which fails. This affects Excel, Word, PowerPoint, and Project. Rolling back to Version 2409 immediately restores correct behavior. I previously had a build newer than 2409 that supported both working file‑bookmark hyperlinks and Excel’s cell‑level dark mode, so this appears to be a regression introduced in the 2601+ hyperlink resolver rather than a local configuration issue. If anyone else is seeing this behavior, please upvote or comment so the engineering team can prioritize it. As noted, it is not just Excel, but that is the most pressing need for me.
I can't add an O365 email to Outlook desktop client but I can access it from the web
I can't add a O365 to Outlook desktop client but I can access from the web This a weird thing, whenever I try to add in Outlook from File > Add Account I get the message "Something went wrong and Outlook couldn't set up your account". From Control Panel > Mail > Email accounts > New > Manual Setup > here I put the email and gets stuck at "Searching for... Settings" and then " An encrypted connection to your email is not available, click Next to attempt using an unencrypted connection", so I do that and get the error "We're sorry we couldn't set up your account automatically. To try setting up the account yourself click Next" which is basically the same. Everything works fine in the browser, any ideas on this?
Copying column widths and row heights from one sheet to another
Hello everyone. I have to reformat a rubbish PDF i get sent everyday so i can make it legible. i have arranged the cell widths and heights and cut and pasted the data but there are 14 columns and as many as 30 rows. I have this information on PDF everyday. Is there a way i can automate this so my sheets are all the same looking?Exchange Decommissioning Set-Remotemailbox command
Hi all, I have a situation where someone was with a hybrid Exchange Server configuration was using scripts to provision accounts with Set-RemoteMailbox. Testing was being done with the recipient management using the exchange management and noticed mailboxes are being provisioned and working as expected without even running their set-remotemailbox commands and are curious if this is even needed anymore. So I guess my question is, at this stage where .\CleanupActiveDirectoryEMT.ps1 is the last thing to do, would set-remotemailbox still be necessary, and what would it be used for. I know usually you can just create an on-prem mailbox, synced and license, so I'm not sure if set-remotemailbox is required for new mailboxes or but I'm thinking it's for managing mailboxes that were previously migrated. Thanks for any input.Microsoft Extends DLP Policy for Copilot Protection to All Storage Locations
Microsoft has enhanced the DLP policy for Copilot to cover Office files held in any storage location instead of only Microsoft 365 locations like SharePoint Online and OneDrive for Business. The change is made in the Office augmentation loop, a little-known internal component that coordinates use of connected experiences by apps. Extending the DLP policy to cover all locations makes perfect sense. https://office365itpros.com/2026/02/24/dlp-policy-for-copilot-storage/Shortcuts appearing when using Option+arrow in Outlook on Chrome in Mac
luse Outlook on Chrome in my MacBook Pro. While typing an email, though, if I use Option tarrow left or right (to go back or forth between words), after a few words, the shortcut letters for the menus pop up, and stop what I'm doing. (See image.) It doesn't happen in any other window on Chrome. So it's not a Chrome thing. It's only when Outlook 365 is loaded. (Don't know if it happens in other 365 apps, as I only use Outlook, really.) Anyone experienced that? And, if so, is there a solution? I tried Outlook 365's setting, but nothing there. Thanks!Formula Help
I have a spreadsheet I use for bidding construction work. On items 1-40 the formula in cells G22-G65 work like they are supposed to. From G66 to G88 where the sheet stops, the formula returns #NAME?. I've checked the formula from G65 to G66 and below, and they appear to be correct. I can't figure out what the problem is. This is the formula that works. =IF(D65>0,'40'!Rate+$G$18,0) This is the formula that does not work. =IF(D66>0,'41'!Rate+$G$18,0) The '40' and '41' refer to individual sheets within the workbook that contain the data in the !Rate cell. I've been looking at this for hours and can't figure it out. Any help or advice would be great.
Functions and formulars
Hi all, yes I am struggling to find the right formular for a problem, or to get it to work. I have a number in cell B14, which i want to return a value in cell B13. if B14 gives a value between 30 and 49 (this is manually entered) the result in B13 should be Pink (the word not a coloured cell) and if B14 gives a value between 17 and 33 the result in B13 should be Purple plus a few more along these lines and if the B14 value is under 9 result should be Yellow I am frustrated... this used to be simple for me but its been a while and any help would be appreciated.Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/
Excel array question - spill VOWD based on forecast month
Hi, Can I have your help on a spilled question? I have the following table with information. Fore Month Jan-26 Feb-26 Mar-26 Apr-26 May-26 Jun-26 Jul-26 Aug-26 Sep-26 Oct-26 Nov-26 Dec-26 VOWD 2 - - - 3,983 15,203 11,779 2,083 - 1,742,162 1,696,156 116,267 1,162,366 - 2 - - 100,000 200,000 - - 500,000 650,000 300,000 - 466,000 - - 3 - - - 3,983 15,203 11,779 2,083 10,000 1,742,162 1,696,156 116,267 1,152,366 - 3 - - 100,000 200,000 - 250,000 250,000 650,000 - 400,000 450,000 - 100,000 4 - - - 2,000 15,203 11,779 2,083 10,000 1,742,162 1,696,156 116,267 152,366 2,000 4 - - 100,000 200,000 - 250,000 250,000 650,000 - 400,000 350,000 - 300,000 I would like to have a spilled array formula in VOWD column and the expected result is right there now. The logic is to grab the first 2 columns and sum up the amounts for the first two rows of data, and grab first three columns and sum up for the third and forth rows of data and etc. Thanks, Anna
Access Northwind Dev Ed - Error GetRandomPkValue
Just downloaded the newest MS Access and selected a new Northwind Dev Ed as the first DB to create. It fails to open due to an error in the code as it searched for a non existing function GetRandomPkValue... The purpose of the missing function is to return a random primary key value by passing in the variables for a query name and a field name and then it should return a "random" numerical ID from those possible based upon the passed in variables... My question is, Is the new Northwind Dev designed to fail on purpose or did I manage to download a corrupted incomplete version or???Architecting Microsoft 365 Environments for Multi-National Enterprises: Lessons from the Field
Introduction In today’s global economy, enterprises rely on Microsoft 365 to empower seamless collaboration across borders. However, deploying and securing multi-national M365 environments introduces complex technical, operational, and compliance challenges. With over two decades architecting cloud environments across the Americas, EMEA and APAC, I’ve led numerous deployments and migrations requiring hybrid identity resilience, data sovereignty compliance, and global operational continuity. This article presents field-tested lessons and strategic best practices to guide architects and IT leaders in designing robust, compliant, and scalable Microsoft 365 environments for multi-national operations. Key Challenges in Multi-National M365 Deployments 1. Hybrid Identity Complexity Managing synchronization between on-premises Active Directory and Azure AD becomes exponentially complex across regions. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity can introduce replication delays and login failures if not properly planned. Tip: Always assess latency impact on Kerberos authentication, token issuance, and Azure AD Connect synchronization cycles. 2. Data Residency and Compliance Many countries enforce strict data sovereignty laws restricting where personal and sensitive data can reside. Selecting tenant regions and enabling https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-multi-geo?view=o365-worldwide become critical to avoid compliance violations. Impact Example: A financial institution with European operations faced potential GDPR breaches until Multi-Geo was implemented to ensure Exchange Online and OneDrive data remained within EU boundaries. 3. Licensing and Cost Control Balancing E3, E5, and F3 licenses across countries with varying user roles and local currencies adds administrative and financial complexity. Best Practice: Implement https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-groups-assign, aligning assignments with security groups mapped to user personas. 4. Secure Collaboration Across Borders External sharing in SharePoint, OneDrive, and Teams federation introduces security risks if not precisely configured. Default sharing settings often exceed local compliance requirements, risking data leakage. Lesson Learned: Always validate external sharing policies against each country’s data protection laws and client contractual agreements. 5. Operational Support and SLA Alignment Global operations require support models beyond single-region business hours, demanding proactive incident response and escalation planning. Example: Implementing follow-the-sun support with regional admins trained on Microsoft 365 admin centers and PowerShell mitigates downtime risks. Strategic Solutions and Best Practices 1. Architect Hybrid Identity with Redundancy Deploy https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-staging-server in alternate datacenters. Implement Password Hash Sync to reduce dependency on VPN and WAN availability for authentication. 2. Utilize Microsoft 365 Multi-Geo Capabilities Leverage https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-multi-geo?view=o365-worldwide to meet data residency requirements per geography. Validate licensing implications and admin configurations for each satellite location. 3. Segment Licensing by User Persona Define clear user personas (executives, knowledge workers, frontline staff). Map license types accordingly, optimizing costs while ensuring productivity needs are met. Use https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-groups-assign for scalable management. 4. Design Conditional Access Policies by Geography Create https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition. Integrate with Intune compliance policies to block or limit access for non-compliant devices. 5. Implement a Global Governance Model Establish clear local vs. global admin roles to maintain accountability. Enforce https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure to control and audit privileged access. Lessons Learned from the Field Latency is a silent killer – Always test Microsoft Teams and OneDrive performance across regions before production rollouts. Communication is critical – Local IT teams must align early with global security and compliance strategies. Compliance first – Never assume Microsoft’s default data location suffices for local regulations. Cost optimization is ongoing – Conduct license audits and adjust assignments every six months. Conclusion Architecting Microsoft 365 for a multi-national enterprise demands strategic integration of compliance, hybrid identity resilience, secure collaboration, and cost optimization. Cloud success in a global enterprise is not an accident – it is architected. By applying these best practices validated against Microsoft recommendations and real-world deployments, organizations can empower global collaboration without sacrificing governance or security. About the Author Gonzalo Brown Ruiz is a Senior Office 365 Engineer with over 21 years architecting secure, compliant cloud environments across North America, Latin America, EMEA and APAC. He specializes in Microsoft Purview, Entra ID, Exchange Online, eDiscovery, and enterprise cloud security.Securing the Modern Workplace: Transitioning from Legacy Authentication to Conditional Access
Authored by: Gonzalo Brown Ruiz, Senior Microsoft 365 Engineer & Cloud Security Specialist Date: July 2025 Introduction In today’s threat landscape, legacy authentication is one of the weakest links in enterprise security. Protocols like POP, IMAP, SMTP Basic, and MAPI are inherently vulnerable — they don’t support modern authentication methods like MFA and are frequently targeted in credential stuffing and password spray attacks. Despite the known risks, many organizations still allow legacy authentication to persist for “just one app” or “just a few users.” This article outlines a real-world, enterprise-tested strategy for eliminating legacy authentication and implementing a Zero Trust-aligned Conditional Access model using Microsoft Entra ID. Why Legacy Authentication Must Die No support for MFA: Enables attackers to bypass the most critical security control Password spray heaven: Common vector for brute-force and scripted login attempts Audit blind spots: Limited logging and correlation in modern SIEM tools Blocks Zero Trust progress: Hinders enforcement of identity- and device-based policies Removing legacy auth isn’t a nice-to-have — it’s a prerequisite for a modern security strategy. Phase 1: Auditing Your Environment A successful transition starts with visibility. Before blocking anything, I led an environment-wide audit to identify: All sign-ins using legacy protocols (POP, IMAP, SMTP AUTH, MAPI) App IDs and service principals requesting basic auth Users with outdated clients (Office 2010/2013) Devices and applications integrated via PowerShell, Azure Sign-In Logs, and Workbooks Tools used: Microsoft 365 Sign-In Logs Conditional Access insights workbook PowerShell (Get-SignInLogs, Get-CASMailbox, etc.) Phase 2: Policy Design and Strategy The goal is not just to block — it’s to transform authentication securely and gradually. My Conditional Access strategy included: Blocking legacy authentication protocols while allowing scoped exceptions Report-only mode to assess potential impact Role-based access rules (admins, execs, vendors, apps) Geo-aware policies and MFA enforcement Service account handling and migration to Graph or Modern Auth-compatible apps Key considerations: Apps that support legacy auth only Delegates and shared mailbox access scenarios BYOD and conditional registration enforcement Phase 3: Staged Rollout and Enforcement A phased approach reduced friction: Pilot group enforcement (IT, InfoSec, willing users) Report-only monitoring across business units Clear communications to stakeholders and impacted users User education campaigns on legacy app retirement Gradual enforcement by department, geography, or risk tier We used Microsoft Entra’s built-in messaging and Service Health alerts to notify users of policy triggers. Phase 4: Monitoring, Tuning, and Incident Readiness Once policies were in place: Monitored Sign-in logs for policy match rates and unexpected denials Used Microsoft Defender for Identity to correlate legacy sign-in attempts Created alerts and response playbooks for blocked sign-in anomalies Results: 100% of all user and app traffic transitioned to Modern Auth Drastic reduction in brute force traffic from foreign IPs Fewer support tickets around password lockouts and MFA prompts Lessons Learned Report-only mode is your best friend. Avoids surprise outages. Communication beats configuration. Even a perfect policy fails if users are caught off guard. Legacy mail clients still exist in vendor tools and old mobile apps. Service accounts can break silently. Replace or modernize them early. CA exclusions are dangerous. Every exception must be time-bound and documented. Conclusion Eliminating legacy authentication is not just a policy update — it’s a cultural shift toward Zero Trust. By combining deep visibility, staged enforcement, and a user-centric approach, organizations can securely modernize their identity perimeter. Microsoft Entra Conditional Access is more than a policy engine — it is the architectural pillar of enterprise-grade identity security. Author’s Note: This article is based on my real-world experience designing and enforcing Conditional Access strategies across global hybrid environments with Microsoft 365 and Azure AD/Entra ID. Copyright © 2025 Gonzalo Brown Ruiz. All rights reserved.Building Enterprise-Grade DLP with Microsoft Purview in Hybrid & Multi-Cloud Environments
Authored by: Gonzalo Brown Ruiz, Senior Microsoft 365 Engineer & Cloud Security Specialist Date: July 2025 Introduction Data is the lifeblood of every modern organization, yet it remains one of the most exposed assets. As organizations embrace hybrid and multi-cloud models, traditional endpoint or email-only DLP solutions no longer provide sufficient protection. The explosion of data across Exchange, SharePoint, Teams, OneDrive, and third-party SaaS applications introduces new risks and compliance challenges. Microsoft Purview Data Loss Prevention (DLP) provides a powerful solution that unifies data governance, sensitivity labeling, and policy enforcement across your cloud ecosystem. However, building an enterprise-grade DLP strategy goes far beyond enabling policies. Why Traditional DLP Fails in Modern Environments Traditional DLP approaches often: Protect only endpoints or email without covering cloud services Lack integration with data classification and labeling frameworks Generate excessive false positives due to generic rule sets Create operational friction for end users In hybrid environments with Teams, SharePoint, and OneDrive, these limitations lead to fragmented coverage, compliance blind spots, and user workarounds that expose sensitive data. The Microsoft Purview Advantage Microsoft Purview DLP offers: Unified policy management across Exchange Online, SharePoint, Teams, and OneDrive Integration with Sensitivity Labels for data classification and encryption Real-time policy tips that educate users without blocking productivity Built-in compliance manager integration for audit readiness When architected properly, Purview becomes a strategic enabler of data governance and compliance rather than just a security checkbox. Key Components of an Enterprise-Grade DLP Strategy 1. Data Classification and Labeling Implement Sensitivity Labels with auto-labeling policies to classify and protect sensitive data at scale. 2. Policy Scoping and Exceptions Handling Design DLP policies that balance security with operational needs, incorporating exceptions for justified business processes. 3. Insider Risk Management Integration Correlate DLP events with insider risk signals to identify intentional or accidental data misuse. 4. Audit, Reporting, and Compliance Evidence Configure alerting, detailed reporting, and data residency mapping to fulfill regulatory and internal audit requirements. Implementation Framework: Your Step-by-Step Guide 1. Preparation Conduct a data inventory and sensitivity assessment Identify regulatory and contractual compliance obligations Engage business stakeholders for adoption readiness 2. Pilot Deployment Roll out policies to a controlled user group Review policy matches and refine rules to minimize false positives Provide targeted user training on policy tips and data handling expectations 3. Full Deployment Scale DLP policies across workloads (Exchange, SharePoint, Teams, OneDrive) Implement automated remediation actions with user notifications and audit logs 4. Optimization and Continuous Improvement Review policy match reports regularly to fine-tune thresholds and rules Incorporate feedback from security, compliance, and end users Integrate with eDiscovery workflows for legal readiness Best Practices and Lessons Learned Start with monitor-only policies to baseline activity before enforcing blocks Combine DLP with Sensitivity Labels and encryption policies for holistic protection Regularly educate users on data classification and handling standards Create clear governance structures for DLP ownership and policy management Balance security controls with user productivity to avoid shadow IT workarounds Conclusion Data Loss Prevention is no longer optional – it is a critical enabler of trust, compliance, and operational excellence. By architecting Microsoft Purview DLP as part of an enterprise data governance strategy, organizations can protect their most valuable asset – data – while empowering users to work securely and efficiently. Author’s Note: This article is based on my extensive professional experience designing and implementing Microsoft Purview DLP solutions for global enterprises across hybrid and multi-cloud environments. Copyright © 2025 Gonzalo Brown Ruiz. All rights reserved.
Events
You’re passionate about what you do, and we’re passionate about empowering your potential. Microsoft 365 Community Conference - is your chance to keep up with AI, build game-changing skills, and take...
In-Person
Recent Blogs
- Query modern Excel workbooks stored locally on your device using Microsoft 365 Copilot Chat, on Windows and Mac.Feb 24, 2026
- AI isn’t a side conversation at the Microsoft 365 Community Conference—it’s at the center of how work is changing. The Copilot, Agents, & Copilot Services Sessions are designed for anyone who wants t...Feb 20, 2026
