User Profile
VasilMichev
MVP
Joined 10 years ago
User Widgets
Recent Discussions
Re: Content Explorer does not show Access Controlled Encrypted files
SPO/ODFB's support for sensitivity labels comes with some limitations, as detailed here: https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files#limitations Basically, it cannot "reason" over data that is labelled/encrypted outside of it. Now, if you are not seeing any entries at all in Content explorer, across all your SPO/ODFB sites, this is probably some backend issue. I had something similar happen in my tenant for ExO items, eventually it got fixed.9Views0likes0CommentsRe: Can I add a co-organiser to a meeting that someone without the owner doing it
Unfortunately, no, only the meeting organizer can do that. As an admin you can cancel the meeting instances/series (see https://learn.microsoft.com/en-us/powershell/module/exchangepowershell/remove-calendarevents?view=exchange-ps ) then have someone else recreate them. Well, as a global admin you can reset the credentials/access the user's mailbox, but that of course comes with some serious implications.12Views0likes0CommentsRe: 403 Error: Application access policy not found, -Global scope not available in tenant
Which version of the Teams module are you using and what permissions does your user have? The switch is available for me, tested in few of my tenants Alternative approach would be to assign the policy to users individually, which you can easily automate via PowerShell. The downside of this approach is that it might take some time, or even fail, in larger orgs. Here's an example, just in case: https://learn.microsoft.com/en-us/powershell/module/microsoftteams/grant-csapplicationaccesspolicy?view=teams-ps#assign-an-application-access-policy-to-all-users-in-the-tenant12Views0likes2CommentsRe: The term 'Get-MessageTraceV2' is not recognized as a name of a cmdlet
The way Exchange PowerShell works is by downloading the cmdlet definitions, as per the roles assigned to the current user. Thus, you will not find the Get-MessageTraceV2 cmdlet within the ExchangeOnlineManagement, but within the temporary module created upon connecting, i.e. tmpEXO_y4vgef2c.4jr. Of course, you also need to check the permissions, for any given cmdlet you can find out which roles are appropriate via: Get-ManagementRole -Cmdlet Get-MessageTraceV2 In the case of managed identities/service principals, you must that both the API permissions and the Exchange role are assigned. Lastly, Get-MessageTraceV2 is currently not available in GOV or any other instance, apart from the "standard" one.18Views0likes0CommentsRe: You can check whether a person has read the email
Is this a question or a statement? :) You can use the Graph API or EWS to check the read status of a message, see my answer in this thread: https://learn.microsoft.com/en-us/answers/questions/1664535/tracking-read-status-of-email-messages-in-exchange (ignore the "accepted" answer, message trace does NOT give you this data)32Views0likes1CommentRe: Is it possible to prevent Microsoft Purview from being applied to M365 within the tenant?
The majority of features included within Purview need to be configured first, before they take effect in any given tenant. There are also some features that use a "secure by default" approach, meaning you get a default set of policies/configuration, but you can toggle those off as needed. Still, it's best to verify things in a test/dev environment first.30Views0likes0CommentsRe: Migrating on-prem functional shared mailboxes to 365
If you still have users (and mailboxes?) on both sides, it's best to go the first route, as it preserves interoperability. If all the mailboxes are already in the cloud and you don't care about what object type remains on-premises for the shared mailbox, you can do the recreation. It does not cover the content of the mailboxes though, and I'm assuming you'd want to keep that. Which means either manual export/import, third-party tool or getting back to the first scenario :)35Views1like0CommentsRe: Granting App ability to change group memberships by making it an owner?
I don't recall ever seeing a mention in the documentation about any scenario in which the app/service principal is assigned as an owner of another object, say a group or another SP... as long as it works for your use case, go for it. The alternative would be to try to scope the permissions via Administrtive units, which is still subject to tons of limitations.15Views1like0CommentsRe: Poor reporting capability
There's the URL protection report, but it covers 90 days max, so if you are not exporting the data to another repository, it wont help you cover historical events. Audit logs also contain some events you can query for this info, though in general they're harder to work with compared to reports or hunting. And again, limited in coverage, unless you have the Audit premium addon.15Views0likes0CommentsRe: Outlook turn off mail notifications when changing permssions.
I believe this is on by default when "sharing" via the webmail/OWA and the new Outlook client, with no option to disable it. You can however control whether a notification email is sent when adding permissions via PowerShell as an admin. Not that that helps you :) Anyway, it might be better if you post this on the Feedback forum: https://feedbackportal.microsoft.com/feedback/forum/89a8afa3-2e1c-ec11-b6e7-0022481f847218Views1like0Comments
Recent Blog Articles
No content to show