ERROR: "Bad Request - Request Too Long" When Signing In To Microsoft 365 Using Work Profiles
When the following conditions are true: Using the latest version of Microsoft Edge browser. When the browser is signed in to any Microsoft 365 account. When browsing to any Microsoft 365 website. I receive the following browser error: Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long. When I sign in to any Work Profile, no matter the account/tenant, the moment I browse to any Microsoft 365 page i.e. any website that redirects via: https://login.microsoftonline.com/, I receive the error above e.g. https://office.com, https://admin.microsoft.com, https://portal.azure.com etc. If I sign-out from the Work Profile, everything works fine (i.e. I am presented with the usual Microsoft 365 sign-in dialogue for username and password, then 2FA code, then the expected page appears), if I then sign-in > browse > error ... sign-out, works fine, sign-in, error etc. ... consistently repeatable. Using 'Browse as Guest' or any 'Personal' or 'Work Profile' without signing in works fine. TROUBLESHOOTING ALREADY CARRIED OUT Deleted/recreated all profiles. Signed in / out multiple accounts on multiple tenants. Sync options > all, some, none. 'Automatic sign in on Microsoft Edge' enabled & disabled. 'Allow single sign-on for work or school sites using this profile' enabled & disabled. 'Automatic profile switching' all options on & all off. Deleted all cache/cookies, from all time in all profiles. Reset settings in all profiles. Completely uninstalled/reinstalled Microsoft Edge (i.e. Safe Mode > delete all files > all profile data> all temp files > all registry entries). Q1 What could cause this error, only when the Work Profile is signed-in? Q2 Aside from syncing settings, how would signing-in to the Work Profile effect OATH requests to https://login.microsoftonline.com/? Q3 Has anybody experienced this or something like this before? Q4 Are there any troubleshooting steps I haven't tried?Mastering Agent Governance in Microsoft 365
The "Mastering Agent Governance in Microsoft 365" series is based on the Administering and Governing Agents whitepaper published by Microsoft and designed to educate IT leaders, compliance officers, and decision-makers about the importance of governance for AI agents in Microsoft 365, particularly in highly regulated industries like Healthcare and Life Sciences (HLS). The six-episode series cover the growing role of agents, the risks of unmanaged agents, and the strategic importance of governance frameworks. Empowering innovation while protecting patient data and ensuring compliance In the age of AI-powered productivity, agents—automated digital assistants built with tools like Microsoft 365 Copilot, SharePoint, and Copilot Studio—are transforming how work gets done. From streamlining clinical documentation to automating regulatory reporting, agents are becoming indispensable in Healthcare and Life Sciences (HLS). But with great power comes great responsibility. Why Governance Can’t Be an Afterthought In highly regulated industries like HLS, where data sensitivity and compliance are paramount, the rise of autonomous agents introduces new risks: Unauthorized data access could expose protected health information (PHI). Unmonitored agent behavior could lead to regulatory violations. Lack of lifecycle controls could result in outdated or insecure agents operating in production environments. Agent governance isn’t just an IT concern—it’s a business imperative. It ensures that innovation doesn’t outpace compliance, and that every agent deployed aligns with organizational policies, security standards, and regulatory frameworks like HIPAA, GDPR, and FDA 21 CFR Part 11. Understanding the Agent Landscape Microsoft 365 supports a spectrum of agent creators: End Users using SharePoint or Copilot templates to automate simple tasks. Makers building more complex agents in Copilot Studio. Developers crafting sophisticated, enterprise-grade agents with Azure AI and Teams Toolkit. Each persona requires a different level of oversight. For example, a clinical researcher using SharePoint to build a data retrieval agent may need minimal governance, while a developer building a patient-facing chatbot must adhere to strict data protection and validation protocols. Governance in Action Microsoft provides a layered governance model: Tool Controls: Define what agent creators can do within tools like Copilot Studio and SharePoint. Content Controls: Ensure agents only access data they’re authorized to use, leveraging Microsoft Purview for sensitivity labeling and DLP. Agent Management: Monitor usage, enforce lifecycle policies, and block non-compliant agents via the Microsoft 365 Admin Center. This framework allows organizations to empower innovation while maintaining control—critical in environments where patient safety and regulatory compliance are non-negotiable. The Business Case for Governance For HLS organizations, agent governance delivers tangible benefits: Reduced compliance risk through proactive policy enforcement. Improved operational efficiency by enabling safe automation. Greater trust from patients, regulators, and internal stakeholders. In short, governance is the foundation that allows agents to scale safely and sustainably.Search and Purge using the Security and Compliance PowerShell cmdlets
Welcome back to the series of blogs covering search and purge in Microsoft Purview eDiscovery! If you are new to this series, please first visit the blog post in our series that you can find here: Search and Purge workflow in the new modern eDiscovery experience. Also please ensure you read in full the Microsoft Learn documentation on this topic as I will not be covering some of the steps in full (permissions, releasing holds, all limitations): Find and delete email messages in eDiscovery | Microsoft Learn So as a reminder, E3/G3 customers must use the Security and Compliance PowerShell cmdlets to execute the purge operation. Searches can continue to be created using the New-ComplianceSearch cmdlet and then run the newly created search using the Start-ComplianceSearch cmdlet. Once a search has run, the statistics can be reviewed before executing the New-ComplianceSearchAction cmdlet with the Purge switch to remove the item from the targeted locations. However, some organizations may want to initially run the search, review statistics and export an item report in the new user experience before using the New-ComplianceSearchAction cmdlet to purge the items from the mailbox. Create the case, if you will be using the new Content Search case you can skip this step. However, if you want to create a new case to host the search, you must create the case via PowerShell. This ensures any searches created within the case in the Purview portal will support the PowerShell based purge command. Use the Connect-IPPSession command to connect to Security and Compliance PowerShell before running the following command to create a new case. New-ComplianceCase “Test Case” Select the new Purview Content Search case or the new case you created in step 1 and create a new Search Within your new search use the Add Sources option to search for and select the mailboxes containing the item to be purged by adding them to the Data sources of your newly created search. Note: Make sure only Exchange mailboxes are selected as you can only purge items contained within Exchange Mailboxes. If you added both the mailbox and associated sites, you can remove the sites using the 3 dot menu next to the data source under User Options. Alternatively, use the manage sources button to remove the sites associated with the data source. Within Condition builder define the conditions required to target the item you wish to purge. In this example, I am targeting an email with a specific subject, from a specific sender, on a specific day. To help me understand the estimated number of items that would be returned by the search I can run a statistics job first to give me confidence that the query is correct. I do this by selecting Run Query from the search itself. Then I can select Statistics and Run Query to trigger the Statistics job. Note, you can view the progress of the job via the Process Manager Once completed I can view the Statistics to confirm the query looks accurate and returning the numbers I was expecting. If I want to further verify that the items returned by the search is what I am looking for, I can run a Sample job to review a sample of the items matching the search query Once the Sample job is completed, I can review samples for locations with hits to determine if this is indeed the items I want to purge. If I need to go further and generate a report of the items that match the search (not just statistics and sampling) I can run an export to generate a report for the items that match the search criteria. Note: It is important to run the export report to review the results that purge action will remove from the mailbox. This will ensure that we purge only the items of interest. Download the report for the export job via the Process Manager or the Export tab to review the items that were a match Note: If very few locations have hits it is recommended to reduce the scope of your search by updating the data sources to include only the locations with hits. Switch back to the cmdlet and use Get-ComplianceSearch cmdlet as below, ensure the query is as you specified in the Purview Portal Get-ComplianceSearch -Identity "My search and purge" | fl As the search hasn’t be run yet in PowerShell – the Items count is 0 and the JobEndTime is not set - the search needs to be re-run via PS as per the example shown below Start-ComplianceSearch "My search and purge" Give it a few minutes to complete and use Get-ComplianceSearch to check the status of the search, if the status is not “Completed” and JobEndTime is not set you may need to give it more time Check the search returned the same results once it has finished running Get-ComplianceSearch -Identity "My search and purge" | fl name,status,searchtype,items,searchstatistics CRITICAL: It is important to make sure the Items count match the number of items returned in the item report generated from the Purview Portal. If the number of items returned in PowerShell do not match, then do not continue with the purge action. Issue the purge command using the New-ComplianceSearchAction cmdlet New-ComplianceSearchAction -SearchName "My search and purge" -Purge -PurgeType HardDelete Once completed check the status of the purge command to confirm that the items have been deleted Get-ComplianceSearchAction "My search and purge_purge" | fl Now that the purge operation has been completed successfully, it has been removed from the target mailbox and is no longer accessible by the user.Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether caused by account compromise, misconfiguration, or shadow IT, outbound spam can damage your domain’s reputation, trigger blacklists, and even lead to service throttling from Microsoft. What Is Outbound Spam? Outbound spam refers to unwanted or malicious messages sent from inside your organization to external recipients. These messages can originate from: Compromised accounts Misused shared mailboxes Automation scripts or connectors Forwarding loops Outbound spam can place your domain on blocklists, reduce deliverability, and ultimately erode trust in your brand Tools Used: Microsoft Defender + Exchange Online Protection Microsoft 365 includes built-in outbound protection via: Exchange Online Protection (EOP) for all tenants Microsoft Defender for Office 365 for advanced protection and insights Step-by-Step: Configuring Outbound Spam Protection in EOP Create and Apply Outbound Spam Policies Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → Threat Policies → Anti-Spam Policies Select ->Create Policy → Outbound Spam Filter Policy Give the policy a clear name Apply granular scoping by selecting users, groups, or domains based on risk level Configure outbound spam policies in EOP Message limits sections Section configures the limits for outbound email messages from Exchange Online Set an external message limit Maximum number of external recipients a user can send messages to in a one-hour period Set an internal message limit Maximum number of internal recipients a user can send messages to in a one-hour period Set a daily message limit The maximum total number of recipients per day This limit encompasses both internal and external recipients Valid value is 0 to 10000 Restriction placed on users who reach the message limit Restrict the user from sending mail until the following day Email notifications are sent, and the user is unable to send any more messages until the following day, based on UTC time Restrict the user from sending mail User can't send email until they're removed from Restricted users by an admin After an admin removes the user from the list, the user won't be restricted again for that day limit reset to zero No action, alert only Email notifications are sent Forwarding rules section controls automatic email forwarding by Exchange Online mailboxes to external recipients Automatic - System-controlled - system to manage the automatic forwarding of email messages to external recipients On - Forwarding is enabled: Automatic external email forwarding isn't disabled by the policy Off - Forwarding is disabled: All automatic external email forwarding is disabled by the policy Disabling only automatic forwarding messages to external addresses Outbound spam policies don't affect the forwarding of messages between internal users Notifications section You can configure additional recipients who should receive copies and notifications of suspicious outbound email messages Send a copy of suspicious outbound messages that exceed these limits to these users and groups Specify users or groups within your organization who should receive copies of outbound email messages that exceed the defined sending limits Setting adds the specified recipients to the bcc field of suspicious outbound messages Setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies Notify these users and groups if a sender is blocked due to sending outbound spam Allow you to configure who should receive a notification when a sender is blocked for sending outbound spam This setting is in the process of being deprecated from outbound spam policies Strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users Remove blocked users from the Restricted entities page Email & collaboration > Review > Restricted entities The user is restricted from sending email, but they can still receive email. Alert settings for Restricted users Automatically notifies admins when users are blocked from sending email Email & collaboration > Policies & rules > Alert policy Search Policy Name: User restricted from sending email Managing outbound spam is more than configuring a few switches—it's about having a layered defense posture. Microsoft Defender for Office 365 and Exchange Online Protection give you the visibility, automation, and control to protect both inbound and outbound mail traffic Managing outbound spam isn’t just about setting limits—it’s about shaping a layered, intelligent policy landscape Detects malicious senders Alerts admins in real time Automatically blocks abuse Protects domain trust and email deliverability With Microsoft Defender for Office 365 and EOP, you have everything you need to build a resilient outbound protection framework
Users is AD synced, but not able to sync passsword
Hi, we use Entra ID Sync from on premises AD to Entra. In Entra users are shown as synced For some reason it is not possible, that the password that is set up in AD is synced to entra. Furthermore I am able to reset password in admin center On the other hand in Entra itself I cannot change the password How do I fix this. Problem is, that user must change passwords 2x times, first in AD and second in Admincenter. Last is needed so he can use Teams etc. I cheched the Entra ID Sync, but that works fine from what I can judge. Password write back is disabled
Not able to logon office 365 account or change it
If I want to logon to my Office 365 account I have to enter my emailaddress. Its is an @.onmicrosoft.com account. Entering password is ok, but then I am have to verify my phone number. The last two digits are shown, but clicking on this phone number I am getting an error like: 399287. There is no way of resetting this. I already contacted helpdesk but they cannot solve this problem. I have a bussniess account and I need some help about this. Every time I want to reset or want to make a change the account I am stuck in this error screen (endless loop). Please help me.
Lost Macros
Hi, I was speaking to a tech support person in chat and they sent me here after poking around on my computer. I have lost my Macros in EXCEL 365 twice. The first time Excel froze and I had to start excel. the second time was last night. There was some sort of update on my computer over night. It didn't seem to affect Excel as I was able to continue working on it this morning. But when I went to apply a macro they were all gone. I am not very tech savvy but I read something that said it could be retrieved if I went to a folder called XLSTART but when I went there the folder was empty. I want my macros back as they took hours to make and get them right. I also want to ensure that this won't happen again. I am not sure if antivirus software has anything to do with this. I just know I never had this problem with older versions of excel. PLEASE HELP! I can't get any work done if I am constantly trying to rewrite macros.
Force Domain takeover
Hello, Trying to add a custom domain to a new tenant gives me the error "We have confirmed that you own ***, but we cannot add it to this tenant at this time. The domain is already added to a different Office 365 tenant: **** We no longer have access to the different tenant, how can I remove or takeover the domain to use in the new tenant. Tried https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/domains-admin-takeover to no avail. Also used the PowerShell command for takeover force without success. How can I speedily resolve this? Thanks
