Automating CRUD operations in MS Places
Hi, Has anyone been able to automate CRUD operations in MS Places yet? Given that the Places API calls support user access tokens only currently and Application access tokens isn't yet supported? We were able to do Get operations using App tokens but when run anything to modify, For Ex: Create a building using Set-Placev3 cmdlet it gives error. When raised an MS ticket they confirmed that the calls doesn't support application tokens yet.. We have a showstopper kind of situation.
Scoping application Crestron to access only room mailboxes of resourcetype Workspace
We got a requirement for to enable application Crestron to be able to access Workspace resourcetype Room mailboxes only. So, we thought of directly tieing the application to these mailboxes over the usual way of assigning it to a group because we had to create a group just for to maintain this delegation. Below are the steps we performed: #Create management scope Connect-ExchangeOnline New-ManagementScope -Name "Workspace Mailboxes" ` -RecipientRestrictionFilter "((RecipientTypeDetails -eq 'RoomMailbox') -and (ResourceType -eq 'Workspace'))" #Assign the management scope to Roles New-ManagementRoleAssignment ` -App "<AppID>" ` -Role "Application Calendars.ReadWrite" ` -CustomResourceScope "Workspace Mailboxes" ` -Name "MyApp-WorkspaceOnly" New-ManagementRoleAssignment ` -App "<AppID>" ` -Role "Application MailboxSettings.Read" ` -CustomResourceScope "Workspace Mailboxes" ` -Name "MyApp-WorkspaceOnly-Settings" #Verified the assignment via: Get-ManagementRoleAssignment -App "<AppID>" | ft Name, Role, CustomResourceScope Name Role CustomResourceScope ---- ---- ------------------- MyApp-WorkspaceOnly Application Calendars.ReadWrite Workspace Mailboxes MyApp-WorkspaceOnly-Settings Application MailboxSettings.Read Workspace Mailboxes Tested the scope of the assignment with a non-workspace mailbox and a workspace mailbox, the scope resulted false for non-workspace mailbox and true for a workspace mailbox. Later, admin consented for API permissions Calendars.ReadWrite, Mailboxsettings.Read & User.Read.All and generated an application secret with validity of 180 days to the application team and shared the secret key. ISSUE: When application team tested the access from Crestron application for a workspace mailbox it is resulting in Authentication Failed. This is the actual issue. In order to test whether this is happening because of scope , performed the below steps: $TenantId = "<TenantID>" $AppId = "<AppID>" $ClientSecret = "<ClientSecret>" $Body = @{ grant_type = "client_credentials" client_id = $AppId client_secret = $ClientSecret scope = "https://graph.microsoft.com/.default" } $TokenRequest = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" ` -Method POST -Body $Body $AccessToken = $TokenRequest.access_token $WorkspaceMailbox = "<email address removed for privacy reasons>" Invoke-RestMethod ` -Uri "https://graph.microsoft.com/v1.0/users/$WorkspaceMailbox/events" ` -Headers @{Authorization = "Bearer $AccessToken"} The expected results for this test was to receive Workspace mailbox → Returns events. Non-Workspace mailbox → Should return 403 Forbidden. However, it resulted events in both the cases, when dug further I realised that Graph API will override the management scopes created at Exchange level, so need guidance on how we can take this further.
How to grant access to SharePoint subsite with no Owners
Hello! Can someone advise how I can add a user to a SharePoint site with no Owners/Members or Admins? It is a Classic SharePoint subsite so I cannot modify any settings using the SharePoint Admin Centre so I need to find a script or a method of some sort to allow me to add a user account to the site to then be able to review it/decommission it etc.? TIA!Microsoft Ignite 2025: Top Security Innovations You Need to Know
🤖 Security & AI -The Big Story This Year 2025 marks a turning point for cybersecurity. Rapid adoption of AI across enterprises has unlocked innovation but introduced new risks. AI agents are now part of everyday workflows-automating tasks and interacting with sensitive data—creating new attack surfaces that traditional security models cannot fully address. Threat actors are leveraging AI to accelerate attacks, making speed and automation critical for defense. Organizations need solutions that deliver visibility, governance, and proactive risk management for both human and machine identities. Microsoft Ignite 2025 reflects this shift with announcements focused on securing AI at scale, extending Zero Trust principles to AI agents, and embedding intelligent automation into security operations. As a Senior Cybersecurity Solution Architect, I’ve curated the top security announcements from Microsoft Ignite 2025 to help you stay ahead of evolving threats and understand the latest innovations in enterprise security. Agent 365: Control Plane for AI Agents Agent 365 is a centralized platform that gives organizations full visibility, governance, and risk management over AI agents across Microsoft and third-party ecosystems. Why it matters: Unmanaged AI agents can introduce compliance gaps and security risks. Agent 365 ensures full lifecycle control. Key Features: Complete agent registry and discovery Access control and conditional policies Visualization of agent interactions and risk posture Built-in integration with Defender, Entra, and Purview Available via the Frontier Program Microsoft Agent 365: The control plane for AI agents Deep dive blog on Agent 365 Entra Agent ID: Zero Trust for AI Identities Microsoft Entra is the identity and access management suite (covering Azure AD, permissions, and secure access). Entra Agent ID extends Zero Trust identity principles to AI agents, ensuring they are governed like human identities. Why it matters: Unmanaged or over-privileged AI agents can create major security gaps. Agent ID enforces identity governance on AI agents and reduces automation risks. Key Features: Provides unique identities for AI agents Lifecycle governance and sponsorship for agents Conditional access policies applied to agent activity Integrated with open SDKs/APIs for third‑party platforms Microsoft Entra Agent ID Overview Entra Ignite 2025 announcements Public Preview details Security Copilot Expansion Security Copilot is Microsoft’s AI assistant for security teams, now expanded to automate threat hunting, phishing triage, identity risk remediation, and compliance tasks. Why it matters: Security teams face alert fatigue and resource constraints. Copilot accelerates response and reduces manual effort. Key Features: 12 new Microsoft-built agents across Defender, Entra, Intune, and Purview. 30+ partner-built agents available in the Microsoft Security Store. Automates threat hunting, phishing triage, identity risk remediation, and compliance tasks. Included for Microsoft 365 E5 customers at no extra cost. Security Copilot inclusion in Microsoft 365 E5 Security Copilot Ignite blog Security Dashboard for AI A unified dashboard for CISOs and risk leaders to monitor AI risks, aggregate signals from Microsoft security services, and assign tasks via Security Copilot - included at no extra cost. Why it matters: Provides a single pane of glass for AI risk management, improving visibility and decision-making. Key Features: Aggregates signals from Entra, Defender, and Purview Supports natural language queries for risk insights Enables task assignment via Security Copilot Ignite Session: Securing AI at Scale Microsoft Security Blog Microsoft Defender Innovations Microsoft Defender serves as Microsoft’s CNAPP solution, offering comprehensive, AI-driven threat protection that spans endpoints, email, cloud workloads, and SIEM/SOAR integrations. Why It Matters Modern attacks target multi-cloud environments and software supply chains. These innovations provide proactive defense, reduce breach risks before exploitation, and extend protection beyond Microsoft ecosystems-helping organizations secure endpoints, identities, and workloads at scale. Key Features: Predictive Shielding: Proactively hardens attack paths before adversaries pivot. Automatic Attack Disruption: Extended to AWS, Okta, and Proofpoint via Sentinel. Supply Chain Security: Defender for Cloud now integrates with GitHub Advanced Security. What’s new in Microsoft Defender at Ignite Defender for Cloud innovations Global Secure Access & AI Gateway Part of Microsoft Entra’s secure access portfolio, providing secure connectivity and inspection for web and AI traffic. Why it matters: Protects against lateral movement and AI-specific threats while maintaining secure connectivity. Key Features: TLS inspection, URL/file filtering AI Prompt Injection protection Private access for domain controllers to prevent lateral movement attacks. Learn about Secure Web and AI Gateway for agents Microsoft Entra: What’s new in secure access on the AI frontier Purview Enhancements Microsoft Purview is the data governance and compliance platform, ensuring sensitive data is classified, protected, and monitored. Why it matters: Ensures sensitive data remains protected and compliant in AI-driven environments. Key Features: AI Observability: Monitor agent activities and prevent sensitive data leakage. Compliance Guardrails: Communication compliance for AI interactions. Expanded DSPM: Data Security Posture Management for AI workloads. Announcing new Microsoft Purview capabilities to protect GenAI agents Intune Updates Microsoft Intune is a cloud-based endpoint device management solution that secures apps, devices, and data across platforms. It simplifies endpoint security management and accelerates response to device risks using AI. Why it matters: Endpoint security is critical as organizations manage diverse devices in hybrid environments. These updates reduce complexity, speed up remediation, and leverage AI-driven automation-helping security teams stay ahead of evolving threats. Key Features: Security Copilot agents automate policy reviews, device offboarding, and risk-based remediation. Enhanced remote management for Windows Recovery Environment (WinRE). Policy Configuration Agent in Intune lets IT admins create and validate policies with natural language What’s new in Microsoft Intune at Ignite Your guide to Intune at Ignite Closing Thoughts Microsoft Ignite 2025 signals the start of an AI-driven security era. From visibility and governance for AI agents to Zero Trust for machine identities, automation in security operations, and stronger compliance for AI workloads-these innovations empower organizations to anticipate threats, simplify governance, and accelerate secure AI adoption without compromising compliance or control. 📘 Full Coverage: Microsoft Ignite 2025 Book of NewsExchange database dismounted due to NTFS file extent limit reached – unexpected outage
Hi everyone, We experienced a serious outage on our Exchange 2016 server recently, and I wanted to share what we found during the root cause analysis – in case it helps someone else avoid the same scenario. Summary: After digging deep, we discovered that the issue was caused by the NTFS file system hitting its internal file extent limit on the .edb file. Once this threshold was reached, the database could no longer grow, and the system dismounted the database unexpectedly. No prior warning, just service interruption. Details: The .edb was around 1.2 TB in size. This isn’t a limit on database size itself — it’s about how fragmented the file is on disk. Once NTFS couldn’t track any more extents, the database stopped working. Microsoft doesn’t publish a clear fix for this; only scattered references to similar behavior in past cases. What we did: Created a fresh, clean database. Manually moved user mailboxes into the new DB. The old database couldn't be mounted anymore, so we brought the system live without historical mail – just to maintain continuity. We're now working on extracting data from the unmounted .edb using third-party tools. Looking for thoughts: Has anyone else hit the NTFS extent wall with Exchange? How do you monitor extent growth proactively? Did switching to ReFS solve this for you long-term? Open to any input or similar experiences – appreciate it in advance. Thanks!add user to SharePoint group via PowerShell error
Hi, I'm trying to use PowerShell to add a user to an existing SharePoint group. I ran the following to connect to the SharePoint site: Connect-SPOService -Url https://site1-admin.sharepoint.com This prompts me to login, password and MFA code. Afterwards I type in the following to add a user: Add-SPOUser -Site https://site1-admin.sharepoint.com/sites/company -Group "Company Info Members" -LoginName mailto:email address removed for privacy reasons There is a SharePoint group with the name "Company Info Members", which I want to add mailto:email address removed for privacy reasons to. But I get the following error: Add-SPOUser : Unknown Error At line:1 char:1 + Add-SPOUser -Site https://site1-admin.sharepoint.com/s ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-SPOUser], ServerException + FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.AddSP OUser I was wondering what could be causing this error. I searched for the error on Copilot and it suggested I use "PnP.PowerShell". But I'm having some issues installing this app. I was wondering if there are any suggestions I could do? Thanks! Jason
Unusual behaviour on my PC. Access to all Microsoft services blocked.
One Drive does not connect. Microsoft.com loads on Chrome & Firefox but the link to the Microsoft account login page is dead. Outlook.com does not load at all. Connect to VPN (same country) and access to all Microsoft services reappears. Disconnect from VPN, connect to mobile hotspot (different ISP) and problem appears again. Reinstalled windows and problem persists. Wiped HDD and installed Linux and the unusual behaviour continues on Firefox and Chromium. Weird! All other devices on broadband and mobile internet are behaving normally. Any ideas? Curse? Nation-State?
