Using Graph Delta Queries with Entra ID Groups
Delta queries are a Microsoft Graph mechanism to allow applications to query resources to find objects that have changed since a baseline was established. The technique is most useful for applications that need to synchronize a local store with online content. It’s not an appropriate method to use for reporting changes to Entra ID groups because knowing that an object changed doesn’t mean much by itself. https://office365itpros.com/2026/06/25/graph-delta-queries-entra-id-groups/
Sharepoint versioning bug with tables
Hi, So i have discovered a bug with the versioning in my sharepoint sitepage. When i edit a random piece of text ie. the title, in a text webpart with a table inside. The table shows up as changed in the version history of the sitepage. Below is an example of the issue. Here i've changed the title from "TitleChange" to "Title" and nothing else. The tables however still show as if they were changed. The first 2 tables are created with the built in tool in the text webpart, but the bottom 2 tables were created in word and then copied over to sharepoint. And as you can see the last table does not change as its suppose to, but the 3. table does. I figure its because something happens when you merge cells. So sharepoint does some sort of formatting that changes nothing but shows as changed. It only affects the table either when its made in sharepoint (1. & 2. table) or have merged cells (3. table), but not when its copied from word and has no merged cells. I've tried taking the html out and compared the before and after using powershell, but theres no change there. So can i stop this from happening or is there perhaps some sort of work around, so the tables dont show up as changed when they're infact not?News Posts created via PnP PowerShell using a Page Template don't reflect in News Webpart Properly
I've created some News Posts via PnP PowerShell based on a Page Template which has a single image and some sample text. I then update the text via PowerShell and publish the changes. Everything looks great on the News Post, but when I go into the News Web Part it doesn't show the image (just a placeholder image) and shows the original sample text from the Template and not the text I updated. If I then go into the News Post, Edit and click on Update news (with or without making any changes to the page), the News Webpart then picks up the image and text correctly. $newsTemplate = Get-PnPPage "Templates/News-Template.aspx" $pageName = $newsTemplate.Save("MyNewsPost.aspx") $clientPage = Get-PnPPage -Identity $pageName Set-PnPPageTextPart -Page $pageName -InstanceId $clientPage.Controls[1].InstanceId -Text "Text I want to display in the News Post" Set-PnPPage -Identity $clientPage.Name -Title "Title Of News Post" -PromoteAs NewsArticle -CommentsEnabled:$false -Publish Any ideas on whether this is a known bug? Or is there something that I'm not doing? What it looks like in the News Webpart after initial creation via PowerShell. Note the placeholder image and text from the Page Template. What it looks like in the News Webpart when I go into the News Post, click on Edit, then click on Update news. News Webpart now picks up the image and my text correctly.The Grief and Joys of New PowerShell Releases
A new version of the Microsoft Graph PowerShell SDK (V2.38) is available, as is a new version of the Exchange Online Management module. They don’t work well together. It’s annoying and beyond frustrating that two critical PowerShell modules in the Microsoft 365 ecosystem cannot work together. If anything, the situation is getting worse. On the upside, I found out about two cmdlets that I might never use – but who knows! https://office365itpros.com/2026/06/22/powershell-woes-and-cmdlets/I built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.
SharePoint Library Help Needed
I have a SharePoint Library where I would like to implement these requirements below and would appreciate your advise: Folders were created at the library level, which looks like the image below. I do not want people to be able to create any folders or upload documents or folders at the library level, but rather only when they open the folders. I have disabled folder creation and created a PowerApps form, so that users can only upload document, edit documents, view details of the documents when they open any of the folders., but I cannot seem to find the Power Apps form when I open any of the folders and try to upload a document or view a document or edit the document details. 2. I have a choice column called Fiscal Year which has options as = FY22, FY 23, FY24, FY25, FY26. By March 2026, I would like to create an automate flow which will auto create FY27 and remove FY22 from the choice, so that the choice column is always limited to only 5 years.Primer: Finding Sensitivity Labels with PowerShell
Three cmdlets exist to fetch sensitivity labels. One is in the Exchange Online module; the others are powered by Graph APIs. What are the differences between each method and how can you make sure that the set of sensitivity labels fetched by PowerShell is the full set of available labels? These and other questions are investigated in this article. https://office365itpros.com/2026/06/11/sensitivity-label-ps/
Powershell Entra and General Forum Layout Questions
Hello, I am returning to PowerShell, and it seems a lot has changed. I need to create some Security Groups in MS Entra and would like to know the best way to do so. I have a .csv file for the groups. Also, what is the best way to display the topic titles as a list in this forum? At this moment, I have to go scroll through pages of posts, and it's not easy. I used to like the old formats that let you see all the thread titles. ThanksHow to Find Inactive (Stale) User Accounts
Inactive accounts can soak up a lot of paid-for but unused product licenses. With increases for Microsoft 365 licenses due to come into effect from 1 July 2026, it’s time to find and remove unused licenses from inactive user accounts. We discuss two approaches by using the Microsoft 365 Licensing Report or a PowerShell script that assesses inactivity based on sign-in dates and refresh token baselines. https://office365itpros.com/2026/06/09/find-inactive-accounts/Microsoft Wants PowerShell Developers to Change How They Download Microsoft Modules
A Microsoft blog describes some changes for PowerShell developers in terms of installing modules and the role of the Microsoft Artifact Registry (MAR). In a nutshell, Microsoft intends the MAR to be the go-to place to download first-party PowerShell modules and other artifacts. This solves the problem of potentially compromised modules found in the PowerShell Gallery, but MAR can’t work if it doesn’t contain the modules people use. https://office365itpros.com/2026/06/05/microsoft-artifact-registry/
