User Profile
Decomplexity
Brass Contributor
Joined Apr 18, 2020
User Widgets
Recent Discussions
Outlook App on phone : distribution lists and distribution groups
A client uses distribution lists (DLs, aka Outlook Contact Groups) to send mailshots Bcc: to external contacts who are members of their club. There are 21 distribution lists, each with typically 300 addressees; some members are in more than one list. They update the lists and add or remove lists using Windows Outlook. A few of the lists are nested, with several child lists being mailable from a parent list as well as individually. All fine. Client happy. They now wish to mailshot from phones as well as from Windows desktop. But Outlook Android and iOS apps don’t support DLs*, whether created on the phone or synched from Exchange. They find Outlook on the Web clunky to use with a phone screen. And the eventual solution must be manageable from Outlook and not need the Exchange Admin Centre (EAC) or Powershell. They were advised (in Microsoft documentation I think) to switch to ‘Microsoft 365 Groups’ which ARE supported by the Outlook app. But Microsoft 365 Groups themselves – with their own Sharepoint site and group calendar as well as mail – are clearly for team-working and collaboration, and managing 21 of them just to distribute mail is NOT the most elegant solution and don't resemble DLs at all. And Microsoft 365 Groups cannot apparently be nested. MSFT has made the wrong assumption that a DL has been superseded by a Group – that a Group contains everything a DL does and more. And that is the problem: Groups with or without Sharepoint libraries and Calendars are clearly designed for Teams. But ‘Traditional’ DLs are also used for mailshots to customers, suppliers and so on. Does anyone want their customers to receive an introductory email saying “Welcome to the XYZ Group…use the group to share messages and files, and to coordinate group events” ? And ‘traditional’ DLs are maintained via Windows Outlook (or Outlook on the web) by clerical staff who should not (and do not want to) be exposed to the fearsome technicalities of EAC or Microsoft 365 AC. Distribution groups (NB not DLs!) sound a more promising solution, but there is no obvious way to create one in Windows Outlook: Groups Yes, but Distribution Groups No. If a Distribution Group is created in EAC, it is then necessary to go via Delivery Management to restrict the specified sender. To resemble sending Bcc: to a DL, there needs to be one nominated sender, and the recipient must be able to reply to the sender but not to see anyone else to whom the email has been distributed (and hence not be able to reply to them). If any of this functionality is available with a Distribution Groups, perhaps someone can enlighten me. My client is now seriously testing WhatsApp, on the basis that even though broadcast lists (=Bcc DLs) are only supported on a single phone, this is an improvement on the Outlook app that doesn’t support them at all. (WhatsApp Groups, =Cc: DLs, are synched over up to 4 devices, including Windows PCs) Since there seems to be nothing relevant in the MSFT Roadmap for the mobile app, suggestions please? * if this is a restriction of EAS, MSFT seems to have been forgotten that much – perhaps most – phone use is now on WiFi-enabled broadband where the bandwidth and latency constraints should not be a problem.2.1KViews1like0CommentsV2 endpoint issues as V1 token
I believe V2 AUTHZ endpoints issue V1 access tokens if the client's scope items are for an API that is only V1 compliant (e.g. Graph). But does it mean that, for example, the token merely has the V1 claim fields and not the V2 ones, or that the V2 endpoint behaves exactly like a V1 endpoint in that it ignores client scopes and acts as if 'resource' was specified (i.e. selects all the static permissions specified for that client in AAD)More than one ClientSecret or even ClientID per website - best practice?
If a website uses OAuth2 to authenticate on several pages (Contact page, PayPal IPN call-back, purchase notification to buyer and so on), is it regarded as best practice to use different ClientSecrets on each such page or even (if more granular permissions were needed) different app (Client) IDs as well?MFA for an individual account converted to a shared account
If a Microsoft 365 Business individual account that has MFA enabled is converted to a shared account, does the shared account inherit the MFA settings (are they are technically still operable on the ‘anchor’ account from which it came?) And since: Admin Center => Org Settings => Multi-factor authentication => Configure Multi-factor authentication lists shared accounts as well as individual accounts, how is a shared account used with MFA since its automatic and hidden password is never used to log on (i.e. the linked individual accounts log on with MFA instead)?1.5KViews0likes3CommentsRe: MFA for one email account with several users
Thx Pablomcse It is clearly helps traceability to have only one Authenticator registration per email account. We looked at the more elegant solution of converting the present support mail accounts (one for each group of four) to shared mail accounts but this entails adding three chargeable licences per shared mailbox (i.e. per group) and there are many groups! However, when we were prototyping the steps involved in converting a group mailbox to such a shared mailbox, we observed that the MFA ‘enable’ screen that lists all the mailboxes (with Display name / User name / Multifactor authentication status) displays shared mailboxes as well as ‘normal’ ones. DAK the purpose of this since a shared mailbox cannot be logged on to directly but only entered via one of the members assigned to it (which in turn was logged on with its own credentials and MFA) ?96KViews0likes0CommentsMFA for one email account with several users
Client runs four shifts with support staff who work from home. Each group of four team members has a single 365 mailbox, and usage passes from one team member to another as the shifts change. For each group, client wants to implement 2FA with Authenticator on the phones of each team member, i.e. four phones authenticating one email account. But this used to be barred for business (‘work and school’) accounts. DAK what is the current position (and is this documented anywhere?), and if it is still barred what is the best way forward?Solved
Recent Blog Articles
No content to show