Microsoft Graph: Private channel SharePoint site URL naming appears to have changed
š Question We are creating private channels using the Microsoft Graph API: POST https://graph.microsoft.com/v1.0/teams/{team-id}/channels With the following payload: { "@odata.type": "#microsoft.graph.channel", "displayName": "Project-Channel-001", "description": "Sample private channel for testing", "membershipType": "private", "members": [ { "@odata.type": "#microsoft.graph.aadUserConversationMember", "******@odata.bind": "https://graph.microsoft.com/v1.0/users/{user-id}", "roles": ["owner"] } ] } š Observed Behavior When the private channel is created, the associated SharePoint site is provisioned automatically (as expected). However, the URL format appears to have changed. Previously observed behavior: https://{tenant}.sharepoint.com/sites/ProjectTeamURL-Project-Channel-001 Current behavior: https://{tenant}.sharepoint.com/sites/ProjectTeamName-Project-Channel-001 ā Impact This change introduces several issues: Breaks deterministic URL generation logic Produces longer and less predictable URLs Introduces dependency on display name, which is mutable and may contain unexpected characters Impacts existing automation and integrations relying on the previous pattern ā Questions Has there been a recent change in how SharePoint site URLs are generated for private channels? Is this behavior intentional and documented, or a regression? Is there any way (via Graph or otherwise) to: Control the generated SharePoint site URL, or Retrieve the final site URL deterministically without relying on pattern assumptions? Is the previous {ParentTeamUrl}-{ChannelName} format still expected in some scenarios, or has it been deprecated? š§Ŗ Additional Notes This behavior is observed when creating channels via Microsoft Graph (v1.0) The issue is reproducible across multiple test scenarios š Any clarification from Microsoft or others encountering this would be appreciated.Restricting App Creation of SharePoint Online Sites
This article discusses the use of restricted site creation for third-party Entra ID apps. The feature has an allow or deny list to identify apps that can create new SharePoint Online sites. Controlling the set of apps that can create new sites contributes to limiting site sprawl and makes sure that every site has a real function. First-party apps like Teams are unaffected. https://office365itpros.com/2026/04/02/restricted-site-creation-apps/Microsoft 365 & Power Platform Community call
š” Microsoft 365 & Power Platform Development bi-weekly community call focuses on different use cases and features within the Microsoft 365 and Power Platform - across Microsoft 365 Copilot, Copilot Studio, SharePoint, Power Apps and more. š Looking to catch up on the latest news and updates, including cool community demos, this call is for you! š On 9th of April we'll have following agenda: Copilot prompt of the week CommunityDays.org update Microsoft 365 Maturity model Latest on PnP Framework and Core SDK extension Latest on PnP PowerShell Latest on script samples Latest Copilot pro dev samples Latest on Power Platform samples Picture time with the Together Mode! Fabian Hutzli (die Mobiliar) ā How to govern Sites.Selected Access Ejaz Hussain (Advania UK) ā How to trigger an authenticated Power Automate flow from a SharePoint document library Nello dāAndrea (die Mobiliar) ā Making SPFx upgrades smooth and easy with Claude Code š Download recurrent invite from https://aka.ms/community/m365-powerplat-dev-call-invite š & šŗ Join the Microsoft Teams meeting live at https://aka.ms/community/m365-powerplat-dev-call-join š See you in the call! š” Building something cool for Microsoft 365 or Power Platform (Copilot, SharePoint, Power Apps, etc)? We are always looking for presenters - Volunteer for a community call demo at https://aka.ms/community/request/demo š Resources: Previous community call recordings and demos from the Microsoft Community Learning YouTube channel at https://aka.ms/community/youtube Microsoft 365 & Power Platform samples from Microsoft and community - https://aka.ms/community/samples Microsoft 365 & Power Platform community details - https://aka.ms/community/home š§” Sharing is caring!
Intune ā Unable to reliably validate application installation status via Microsoft Graph APIs
Hi Everyone, I am working on application deployment and validation using Microsoft Intune, and I am trying to implement an automated validation step to confirm whether applications are successfully installed. My primary requirement Verify application installation status Confirm perādevice installation status Validate installation for specific Intuneāmanaged devices Use Graph APIs as part of an automation workflow APIs tested so far 1ļøā£ App installation status per device (NOT working / not usable) I initially tried using the documented API: HTTP GET https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/{mobileAppId}/deviceStatuses Issue: This API is not working for us It either returns no data or behaves as if it is not a valid / usable endpoint It does not return reliable installation status Hence, we cannot use this API for validation in automation At this point, deviceStatuses is not usable as a primary source of truth in our environment. 2ļøā£ Detected Apps (secondary confirmation only) We are also using the Detected Apps API: HTTP GET /deviceManagement/managedDevices/{deviceId}/detectedApps This does work, however: It only confirms app presence It does not confirm Intune assignment or installation intent We are using it strictly as a secondary confirmation, not a primary validation method 3ļøā£ Intune internal API observed via browser inspection We also tested the API that appears to be used internally by the Intune portal: HTTP GET https://graph.microsoft.com/beta/users/{user-id}/mobileAppIntentAndStates/{device-id} Observations: The API returns data However, installState frequently shows unknown The Intune portal shows a different and final status (Installed / Failed / Pending) This makes the API unreliable for automation It appears to be troubleshootingāoriented, not intended for reporting or validation Questions I am looking for guidance on Is deviceStatuses known to be unreliable, tenantādependent, or effectively unsupported? What is the recommended API to retrieve actual app installation status per device? Are there any v1.0 APIs available for: Deviceālevel app installation status? Userālevel app installation validation? What is Microsoftās recommended best practice to validate Intuneāinstalled applications via automation? Is there official documentation that clearly explains: Which API should be used for reporting vs troubleshooting Expected delays or data inconsistencies between Graph APIs and the Intune portal Goal The goal is to build a reliable and supported automationābased validation mechanism to confirm that Intuneādeployed applications are successfully installed on target devices. Any official guidance, confirmation of known limitations, or alternative approaches would be very helpful. Thanks in advance for your support.I built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.
Allow addition of members to mail-enabled security groups via Graph API
Previously one could add members to mail-enabled security groups via Graph API. But turns out that was a bug, and it was fixed some weeks ago removing this functionality. Would it be possible to allow add-remove of members in mail-enabled security groups via Graph API?Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/
Disable incessant nagware popups
I don't know about everyone else, but I am sick and tired of the nagware pop ups in Word, Excel, PowerPoint, Outlook, etc. Every single product harasses me with pop ups trying to tell me "hey, did you know this feature was here?", "you can do this if you click that", "let me hold your hand through using products you've used for decades even though you don't want daddy Microslop to do that". This is a prime example. I keep getting the same ones again and again and again and everything I've read indicates they should only appear once. But they don't. They keep coming back like a psychotic stalker ex who wants alimony even though you were never married. How do I get this nagware to stop?!The Sad State of Microsoft Graph and Other APIs
Some Microsoft MVPs have expressed a strong opinion that Microsoft isnāt doing enough to develop and enhance the Microsoft Graph APIs across Microsoft 365. Problems include inconsistency in implementation, undocumented APIs, assembly clashes, missing coverage, and APIs that never come out of beta. It seems like Microsoft doesnāt dedicate sufficient attention to this important topic. What do you think? https://office365itpros.com/2026/03/18/microsoft-graph-issues/
