Talking Microsoft 365 Compliance at the European SharePoint Conference
Paul Robichaux and I led a session about Microsoft 365 Compliance at the European SharePoint Conference in Dublin on December 2, 2025. During the session, we discussed how intelligent versioning works and its value in saving storage, priority cleanup and its ability to delete files even if the files are under retention hold, and the recent revamp of the Purview eDiscovery solution. We were thrilled at the attendance. Here’s what happened. https://office365itpros.com/2025/12/03/microsoft-365-compliance-espc/
DSPM for AI Data Risk Assessment Question
Hello everyone, my team is creating a POC for DSPM for AI in order to be ready for actual implementations. We have encountered some unexpected issues that we have found no conclusive answers to in the official articles. Everything that follows is related to the Data Risk Assessment feature that comes with DSPM for AI and its sharepoint site scanning features. First of all, does the assessment feature use both built-in and custom SITs? If this is the case, we need to take into account any custom data types in an actual implementation. Secondly, we have noticed that no assessment type (including the default one) reads all the sites found in the sharepoint admin center. We have noticed that one of them is probably the root site as its format is https://<domain name>/ while every other site looks like https://<domain name>/sites/<site name>, another one was most likely created by an application and there are some that do not appear in the list but do appear in the assessment results. All of these sites except the "root" seem to be up and running, although some show the "request access" page when opening. Third, we have not found a conclusive answer as to what is the difference between the site and item level scan. This is because, item level scan finds and scans even less sites. The configuration is as follows: Default Assessment: All users, All sites (default option) -> Finds 17/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0. Site Level Assessment: All users, All sites (default option) -> Finds 11/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0. Item Level Assessment: All users, No All Sites option. Finds 8/19 sites ->Scans 4/19 sites and items scanned do not match the number of items reported to be on the sites in the sharepoint admin center. The issue is that the number of reported unscanned items is 0. To sum this up, my team's questions are the following: Does this solution use custom SITs in addition to built-in ones? What extra configuration is required to scan ALL sharepoint sites for sensitive info using the Data Risk Assessments? What added value does the Item Level scan provide? Is any extra configuration besides the enterprise app creation required for Item Level scanning on all sites Thank you all in advance!App-Only Authentication for SharePoint Online PowerShell
The latest versions of the SharePoint Online PowerShell module support app-only authentication (certificate-based authentication) for the Connect-SPOService cmdlet. In other words, applications can now connect to SharePoint Online to run administrative cmdlets by presenting a registered Entra ID app and an X.509 certificate instead of the credentials for a human SharePoint administrator. It’s a good change, even if I still prefer using the Graph APIs for SharePoint automation. https://office365itpros.com/2025/12/02/app-only-authentication-spo/
SharePoint sync issues when opening from File Explorer
Hi there, Some users in my company are having issues with files not syncing with SharePoint when they save them and are also unable to concurrently edit files. They open the files via File Explorer and the 'autosave' functionality is disabled. Enabling autosave prompts them to save as a new copy. These users have recently switched to a new laptop running Windows 11 (previous laptop was Windows 10) and had no sync issues when using the old laptop. If the user first opens Excel/Word and then uses the File menu to open the document then the autosave is enabled and the file syncs with SharePoint. Here are some of the troubleshooting steps I've tried: stopping the sync and starting it again unlinking the pc and re-syncing the SharePoint site uninstalling and re-installing OneDrive Has anyone come across this issue or know of a fix that I haven't tried yet? Regards, Steve
restrict external services using assigned\delegated api permissions to single files
I have an ongoing issue where my customers want to use external services to perform tasks, but those services require access to SharePoint. Of course the complete security non minded service providers say they need sites.readwrite.all permissions. I'm not going to give them access to read and write every single one of my internal SharePoint sites when they only need access to one file. Ridiculous in this day and age with so many data breaches happening. Now i have used the sites.selected to some success to limit this but it's still all the site. How can I get this down to file or folder level within a site? Has to be something we can do.
Getting Started with Copilot Studio: Your PAA & FAQ Guide
What is Microsoft Copilot Studio? Microsoft Copilot Studio is a low-code, graphical tool within the Power Platform used for building and conversational bots. It empowers users, even those without extensive technical backgrounds, to create sophisticated logic and connect to various data sources and services using prebuilt or custom plugins. Is Copilot Studio easy to use for beginners? Yes Copilot Studio is designed to be easy for beginners. You only need to describe the agent you want in plain language to start creating it. The platform uses a graphical, low-code interface that streamlines the process of defining instructions, knowledge sources (like documents), and conversation triggers, making it accessible to most users. What is the difference between Microsoft 365 Copilot and Copilot Studio? Microsoft 365 Copilot is an AI assistant that integrates across Microsoft 365 apps (Word, Excel, Teams, etc.) to enhance productivity. Copilot Studio, conversely, is a development platform used to build customised AI agents that are tailored to specific business goals or data sources. Copilot is the agent you use; Copilot Studio is the tool you use to build or extend agents. Do end-users need a specific license to use a Copilot I create? Yes, licensing for end-users depends on how and where the custom copilot is deployed. While development often requires a Power Platform or Azure subscription deploying the bot across an organization may require specific Copilot licenses for the end-users accessing the agent. Check the official Microsoft licensing documentation for your specific scenario. How can I add SharePoint data as a knowledge source for my Copilot? You can connect your Copilot agent to SharePoint data using the generative answers feature in Copilot Studio. The agent can search documents stored in a SharePoint document library. Be aware that there can sometimes be nuances with how attachments versus core document libraries are indexed, which the community is actively discussing in the forums. We hope this formatted FAQ helps you quickly find the information you need! If you have more questions, please use the discussion board to connect with the community.
Connect-SPOService not working in PowerShell 7
Hi all, I'm having some issues getting Connect-SPOService working in PowerShell 7 (7.2.4). It works fine in Windows PowerShell (5.1.22), however it will always generate errors when trying to us it in PS 7 which I've listed below. Firstly if I open Windows PS, I can use it straight away, however if I open PS 7, I have to import the module in order to use it. I guess I can fix this with a profile adjustment, but is there a reason why this would be the case? Secondly even when it's been imported, if I try to connect with the following, I get an error: Connect-SPOService -Url https://***-admin.sharepoint.com Connect-SPOService: No valid OAuth 2.0 authentication session exists Never seen this before in Windows PS and I'm not sure how to resolve it so I tried connecting with this instead. Still got an error but a different one this time: Connect-SPOService -Url https://***-admin.sharepoint.com -Credential ***@***.com Connect-SPOService: The sign-in name or password does not match one in the Microsoft account system. I know these are the right credientials as again they work fine in Windows PS. This lead me to think that something still wasn't being imported correctly into PS 7, so I had a look at the modes, and I noticed that the ExportedCommands don't appear when Get-Module is run in PS 7, but again they do in Windows PS. I'm guessing this could be part of the issue but I'm not sure how to resolve it. From what I can see everything appears fine, but I'm sure I'm missing something here. I've tried setting my ExecutionPolicy to unrestricted in case that was the problem, however it didn't appear to change anything. If anyone has seen this before or could provide any help it would be greatly appreciated. I realise that I could just use Windows PS, but it feels like PS 7 is the way forward and it would be nice to better understand why this is happening. Many thanks in advance.
