admin
1452 TopicsBest practices for Power Automate with service account
We had a colleague leave who had their work email address and account connected to MANY Power Automate flows, SharePoint, OneDrive, Forms, Excel, etc. We are looking to create a recommendation / best practices for a single account that will be used by the I.T. department for use in Power Automate, etc. We will have colleagues in the I.T. department have access to SharePoint sites (maybe a security issue? do we EACH get our OWN accounts then?) and Power Automate We'd have to have it setup as an email enabled account so we'd have to pay instead of a service account. Other thoughts?203KViews5likes40CommentsMoving Office 365 Mailboxes to IMAP Servers - What’s the Best Approach
I’ve recently been looking into scenarios where organizations need to move mailboxes from Microsoft 365 to IMAP based email servers, and I noticed this is still a common requirement in many migrations. In most cases, the challenge is not just moving emails, but making sure everything like folder structure, old emails, and user data stays intact without creating too much disruption for users. From what I’ve seen, doing this manually can get very complex, especially when there are multiple mailboxes or large data volumes involved. That’s where migration tools usually come into the picture. Most tools simplify things by handling: 1. Secure connection to Microsoft 365 accounts 2. Bulk mailbox migration 3. Preserving folder hierarchy 4. Reducing downtime during the move 5. Avoiding duplicate data issues One thing I’ve noticed is that running a small pilot migration first always helps. It gives a clear idea of how the actual migration will behave before moving all users. Has anyone here worked on Office 365 to IMAP migration at scale? Would be good to know what approaches or tools worked best in your case and what challenges you faced during the process.127Views0likes2CommentsI built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.3KViews2likes2CommentsMicrosoft Blocks Graph Access to Non-IPM Folders
An app written to fetch details of Copilot interactions from the TeamsMessagesData folder suddenly stopped working when the Graph refused to return items. The 403 forbidden error can’t be argued with. Fortunately, the aiInteractionHistory API fills the gap, even if the API does not return the full text of Copilot responses. That information is available, but you’ll need to use eDiscovery to get it. https://office365itpros.com/2026/06/18/copilot-interaction-app/40Views0likes0CommentsSensitivity label "Certificate Error"
When applying Sensitivity Labels in Microsoft Office applications, we receive the following certificate warning: "The certificate issuer for this site is untrusted or unknown. Do you wish to proceed?" We have already excluded the required Microsoft Azure URLs from the firewall and disabled SSL/TLS inspection, but the issue still persists. Observations: 1.On the same domain-joined computer, when signed in with a local user account, Sensitivity Labels work correctly without any errors. 2.When signed in with a domain user account, the certificate warning appears while applying or accessing Sensitivity Labels. Could you please help us identify the root cause and provide a solution? Your assistance in troubleshooting this issue would be greatly appreciated.41Views0likes1CommentNo licenses or products showing on my newly created standard business account
Yesterday, more than a day and a half from now, I created a Microsoft 365 business standard account, started the one month free trial. "bought" it for 3 accounts. Linked it to my domain. Then i started noticing some issues: - I couldn't log in to outlook, it said error 500, too many redirections. - I tried to create two accounts for my two workers, but no licenses were showing. I created their accounts without licenses, then I checked the licenses list and product list and they are both empty. Maybe I'm doing something wrong, but I expected to see there the apps that are "included" with the subscription. I think that's also why I can't log in to outlook. - I can't go into "my sign ins or security information" , they both go to a blank page. - And I thought the process of linking my domain to Microsoft 365 was done, because it said "the configuration is completed", but whenever I check on "domains", the domain shows in state "configuration incomplete", then after clicking on that domain and into "continue configuration ", it goes again to "configuration is complete" (but in domains, still it shows "configuration incomplete". I called support yesterday, but got no response on any of the 3 tries. Today I got a response, they told me they raised a ticket with my issues, but even though they say it could take from 30 minutes to a full day, it's been almost 18 hours and still I got no response. I'm inclined to not trust the help service because the responder kept telling me a notification would be sent to my email even after I explained to him multiple times that one of the things that wasn't working was outlook.1.9KViews0likes5CommentsMicrosoft to Delete Unlicensed OneDrive for Business Accounts
Microsoft will delete unlicensed OneDrive for Business accounts that aren’t paid for (to be archived) after July 2026. Up to now, it’s been possible to leave unpaid-for accounts linger in Microsoft 365 archive until retention policies and holds expire. Now, tenants must decide which accounts they wish to keep and pay for. Unpaid accounts will be removed, even if retention policies or eDiscovery holds apply to their content. https://office365itpros.com/2026/06/12/unlicensed-onedrive-for-business-2/56Views0likes0CommentsRestricting Access is The Most Important Step in a Microsoft 365 Copilot Deployment
I was asked what the most important step is in the deployment of Microsoft 365 Copilot. It’s a good question. Put simply, restricted access is the answer. That is, restricting Copilot access to information stored in Microsoft 365 locations until your tenant is ready for unrestricted Copilot search and retrieval. The fortunate thing is that tools exist today to make it relatively easy to establish guardrails for Copilot, which is exactly what you need to do. https://office365itpros.com/2026/06/10/microsoft-365-copilot-prep/54Views0likes0CommentsHow to Find Inactive (Stale) User Accounts
Inactive accounts can soak up a lot of paid-for but unused product licenses. With increases for Microsoft 365 licenses due to come into effect from 1 July 2026, it’s time to find and remove unused licenses from inactive user accounts. We discuss two approaches by using the Microsoft 365 Licensing Report or a PowerShell script that assesses inactivity based on sign-in dates and refresh token baselines. https://office365itpros.com/2026/06/09/find-inactive-accounts/65Views0likes0CommentsMicrosoft Wants PowerShell Developers to Change How They Download Microsoft Modules
A Microsoft blog describes some changes for PowerShell developers in terms of installing modules and the role of the Microsoft Artifact Registry (MAR). In a nutshell, Microsoft intends the MAR to be the go-to place to download first-party PowerShell modules and other artifacts. This solves the problem of potentially compromised modules found in the PowerShell Gallery, but MAR can’t work if it doesn’t contain the modules people use. https://office365itpros.com/2026/06/05/microsoft-artifact-registry/41Views0likes0Comments