How to Find Inactive (Stale) User Accounts
Inactive accounts can soak up a lot of paid-for but unused product licenses. With increases for Microsoft 365 licenses due to come into effect from 1 July 2026, it’s time to find and remove unused licenses from inactive user accounts. We discuss two approaches by using the Microsoft 365 Licensing Report or a PowerShell script that assesses inactivity based on sign-in dates and refresh token baselines. https://office365itpros.com/2026/06/09/find-inactive-accounts/Microsoft Wants PowerShell Developers to Change How They Download Microsoft Modules
A Microsoft blog describes some changes for PowerShell developers in terms of installing modules and the role of the Microsoft Artifact Registry (MAR). In a nutshell, Microsoft intends the MAR to be the go-to place to download first-party PowerShell modules and other artifacts. This solves the problem of potentially compromised modules found in the PowerShell Gallery, but MAR can’t work if it doesn’t contain the modules people use. https://office365itpros.com/2026/06/05/microsoft-artifact-registry/Sending a Welcome Message to New Employees Part 2
Recently, I wrote about how to use PowerShell to send a welcome email to new employees together with attached ICS files for corporate events. Although new employees can add the ICS files to their calendars (so the solution works), simply inviting employees to attend those events by updating the participant list with PowerShell is an easier and better approach. This article explains how to find calendar events, update participant lists, and update events with the Microsoft Graph PowerShell SDK. https://office365itpros.com/2026/05/27/new-employee-email2/Reporting Usage Patterns for Room Mailboxes
A recent post on the EHLO blog discusses how to find whether room mailboxes are active. I've been down this path before and created a PowerShell script to analyze the usage of room mailboxes. In this article, I explain some of the finer points about the topic, including whether to use Exchange Online PowerShell or the Graph Places API to find room mailboxes, the permissions required to retrieve event data from the room mailboxes, and what has to be done to run the check on an ongoing basis. https://office365itpros.com/2026/05/26/room-mailboxes-usage/How to Send a Welcome Message to New Employees with Attachments for Calendar Events
ICS files are a useful method to send information about calendar events between different IT systems. This article discusses using PowerShell to create ICS files for Teams Online meetings as part of a project to send welcome messages to new employees that contain information about upcoming corporate events that the new people might like to attend. Suffice to say that formatting the ICS files to Outlook’s satisfaction takes some effort. https://office365itpros.com/2026/05/25/online-meeting-ics-files/Use a SharePoint List to Store Weekly Open Tasks Statistics
Creating a PowerShell script to send details of open tasks to users for follow up is a good thing. Storing open task statistics in a list for analysis of open task burndown over time is even better. This article describes how to update the script that sends email about open tasks to add the code necessary to use a list in a SharePoint Online site to store details about open tasks. https://office365itpros.com/2026/05/21/open-task-statistics-planner/Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/Including Costs in a Microsoft 365 Licensing Report
This article describes how to include user license costs in a Microsoft 365 tenant licensing report created with the Microsoft Graph PowerShell SDK. The report includes annual costs for all licenses assigned to each user plus an overall licensing summary for the tenant. It even reports how effective the tenant is at assigning licenses! https://practical365.com/report-user-license-costs/Understanding How Graph Permissions for Groups Work
Understanding the set of Graph permissions required by apps can be challenging. In this article we discuss how the Group.Read.All and GroupMember.Real.All permissions work and why you should choose one permission over the other so that you respect the principle of least permission when it comes to assigning Graph permissions to your apps and PowerShell scripts. Experience of reviewing scripts shows that too many people use Group.Read.All without needing to. Don't over-permission your scripts! https://office365itpros.com/2026/05/13/graph-permissions-groups/How Do I Target the Azure VPN Client in a Conditional Access Policy?
I am using the Azure VPN Client to connect users to an Azure VPN Gateway using their Entra ID credentials to authenticate. I want to target this application with a CA policy that requires MFA every time it connects. The problem is that I don't see the applications in my Enterprise Apps and all of my searching says that it won't appear because it was "pre-certified" by Microsoft. In the Gateway setup I used the Audience GUID of c632b3df-fb67-4d84-bdcf-b95ad541b5c8. And this is working as expected. The only solution that I have found for targeting the Azure VPN Client app is to create a Service Principal using that Audience GUID. This seems like a bit of a hack, so I am posting here to see if there are any other methods that I am missing to target this app when it doesn't appear in my Enterprise Apps list.
