User Profile
VasilMichev
MVP
Joined 10 years ago
User Widgets
Recent Discussions
Re: Need to Purge DiscoveryHolds Data from Archive Mailbox in Exchange Online
You cannot purge items in DiscoveryHolds directly, best you can do is cleanup duplicates via: Start-ManagedFolderAssistant user@domain.com -HoldCleanup And you should check for org-wide holds. They will not appear under the InPlaceHolds property on the mailbox, and the fact that you have some exclusions therein does not mean that other org-wide holds are not in play. Moreover, the ComplianceTagHoldApplied property value confirms that you have at least one retention policy/label acting on the mailbox. So check via: Get-OrganizationConfig | fl InPlaceHolds and take the necessary actions. Refer to this article for more info: https://learn.microsoft.com/en-us/purview/ediscovery-identify-a-hold-on-an-exchange-online-mailbox10Views0likes0CommentsRe: Require approval from IT to join a Team and/or Shared Channels
The only way I could think of making this happen is by disabling team creation and taking over the management of existing teams by removing any owners. Features such as information barriers will not work with your requirements.24Views0likes0CommentsRe: Break-glass Account Prompted for Authenticator App Despite Exclusions
Did you exclude it from SSPR? This thread summarizes the possible reasons why an account is being prompted: https://learn.microsoft.com/en-us/answers/questions/645850/what-are-the-services-settings-that-can-cause-mfa34Views0likes0CommentsRe: Unable to change primary SMTP of a group
What you are describing sound like an issue with the dual-write process between Exchange Online and Entra, unfortunately we have no way to troubleshoot such issues, afaik. You can try removing/re-adding the alias to "trick" it, and if that doesn't help, best open a support case.37Views1like0CommentsRe: O365 Group email settings
To update the AutoSubscribeNewMembers property via the Graph, you must use a separate request with just said property, see the note here: https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0&tabs=http Keep in mind that said setting does not apply retroactively to existing members of the group. For such, you need to manually adjust the "subscribers" list, which afaik is still only possible via PowerShell. The IsSubscribedByMail property cannot be set by the Graph API however, only via Exchange Online PowerShell at the Add-UnifiedGroupLinks cmdlet. Graph can only "read" said property.48Views0likes0CommentsRe: Update Dynamic Distribution List
You can ignore anything after this bit: ((((((((((((((((((((((((((Company -eq 'Contoso') -and (CustomAttribute4 -eq 'City'))) -and (((((CustomAttribute7 -eq 'Group') -or (CustomAttribute7 -eq 'Contractor'))) -or (CustomAttribute7 -eq 'Permanent'))))) -and (((RecipientType -eq 'UserMailbox') -or (((RecipientType -eq 'MailUser') -and (CustomAttribute12 -ne 'Excluded'))))))) as it will be added back after you make the changes. For the above, cleanup the parenthesis, and make sure the correct grouping is used between the individual clauses, then append another -or with the desired changes.51Views0likes0CommentsRe: M365 Exchange - delete Calendar entries
There's a built-in cmdlet for that: https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/remove-calendarevents?view=exchange-ps The important bit is that the account must still exist. If that's not the case, you cannot really cancel the meetings, best you can do is remove any instances of them. I have a sample script that does just that here: https://michev.info/blog/post/6300/how-to-remove-meetings-from-all-microsoft-365-mailboxes-via-the-graph-api66Views0likes0CommentsRe: Security Score in Security Admin center not updating
Some items do not get updated in real time, you might need to wait for the tool to do its data collection first. The documentation mentions 24-48h, but your mileage will vary. Give it few days, if you are still seeing issues best open a support case and report this.204Views0likes1CommentRe: Content Explorer does not show Access Controlled Encrypted files
SPO/ODFB's support for sensitivity labels comes with some limitations, as detailed here: https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files#limitations Basically, it cannot "reason" over data that is labelled/encrypted outside of it. Now, if you are not seeing any entries at all in Content explorer, across all your SPO/ODFB sites, this is probably some backend issue. I had something similar happen in my tenant for ExO items, eventually it got fixed.39Views0likes0CommentsRe: Can I add a co-organiser to a meeting that someone without the owner doing it
Unfortunately, no, only the meeting organizer can do that. As an admin you can cancel the meeting instances/series (see https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/remove-calendarevents?view=exchange-ps ) then have someone else recreate them. Well, as a global admin you can reset the credentials/access the user's mailbox, but that of course comes with some serious implications.27Views1like0CommentsRe: 403 Error: Application access policy not found, -Global scope not available in tenant
Which version of the Teams module are you using and what permissions does your user have? The switch is available for me, tested in few of my tenants Alternative approach would be to assign the policy to users individually, which you can easily automate via PowerShell. The downside of this approach is that it might take some time, or even fail, in larger orgs. Here's an example, just in case: https://learn.microsoft.com/en-us/powershell/module/microsoftteams/grant-csapplicationaccesspolicy?view=teams-ps#assign-an-application-access-policy-to-all-users-in-the-tenant71Views0likes2CommentsRe: The term 'Get-MessageTraceV2' is not recognized as a name of a cmdlet
The way Exchange PowerShell works is by downloading the cmdlet definitions, as per the roles assigned to the current user. Thus, you will not find the Get-MessageTraceV2 cmdlet within the ExchangeOnlineManagement, but within the temporary module created upon connecting, i.e. tmpEXO_y4vgef2c.4jr. Of course, you also need to check the permissions, for any given cmdlet you can find out which roles are appropriate via: Get-ManagementRole -Cmdlet Get-MessageTraceV2 In the case of managed identities/service principals, you must that both the API permissions and the Exchange role are assigned. Lastly, Get-MessageTraceV2 is currently not available in GOV or any other instance, apart from the "standard" one.45Views0likes0CommentsRe: You can check whether a person has read the email
Is this a question or a statement? :) You can use the Graph API or EWS to check the read status of a message, see my answer in this thread: https://learn.microsoft.com/en-us/answers/questions/1664535/tracking-read-status-of-email-messages-in-exchange (ignore the "accepted" answer, message trace does NOT give you this data)58Views0likes1Comment
Recent Blog Articles
No content to show