User Profile
chagedorn
Brass Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Report all active users in tenant and their installed integrated apps
Our security team has requested that we block the install of any Copilot apps until our AI policy is in place. Before we do this, I'd like to know what apps from Microsoft 365 admin center > Settings > Integrated apps > Available apps are currently installed by our users. I don't see any way that the UI offers this capability, so I believe it will be PowerShell. I did already run the following script, but it returns only 2 apps, which are apps we have deployed to our users. It's possible our 2600 users haven't installed anything else, but not probable. Install-Module O365CentralizedAddInDeployment Import-Module -Name O365CentralizedAddInDeployment Connect-OrganizationAddInService Get-OrganizationAddIn If the above isn't possible, it would also be useful to find a script that would give me a list of users who have a given app (from 365 Integrated apps > Available apps) installed, such as CopilotForce or Microsoft Copilot Studio.Re: Purview DLP Override Email Notification for Admins
Thank you so much for the thorough explanation. If I go to Purview > Solution > DLP > Alerts, all I see are alert results with a time range and the option to Export. If I go to Purview > Solutions > DLP > Policies, I can click "Create policy", but this is obviously just a new DLP policy, not an Alert policy. Now if I click Alerts from the top navigation and get redirected to Defender, this is where I see "New Alert Policy". However, when I create a new alert there, I do not see an activity for override. The closest activity I can find is "DLP policy match", and if I choose that, I can't get to a point where I can find a subcategory or action for a user overriding the policy. Do you see an override action in your "Activity is..." dropdown menu?570Views0likes0CommentsPurview DLP Override Email Notification for Admins
We know that our admins can go into the alerts in Purview and see if a user has chosen to override a DLP policy, but is there a way to set up email notification to individuals when a user clicks Override in the policy tip and chooses to override the block? So, in the attached "Override window.png" file, once they click the Override button, security admins are alerted via email immediately?1.1KViews0likes5CommentsDLP policy tips differ between Outlook desktop and OWA
Is it expected behavior that the policy tips we get in an Outlook desktop message are different than the policy tips we get in an Outlook web message? We have a DLP policy set up for SSNs, targeting the Exchange location right now, and policy tips are enabled. I've attached images, but in Outlook desktop, we get two lines in the policy tip and in Outlook web we get four lines in the policy tip. Please advise. Is this expected or is something wonky?206Views0likes0CommentsOrganizer / Presenter stuck in meeting
I've seen a few other posts about this happening to others, but no solution was provided. It seems to be a bit of a flukey thing, but we still would like some type of fix, if it's available. A Teams meeting was created in Outlook. Someone (we'll call him Alex) created a Teams meeting for their manager (we'll call her Heather). So, Alex was in Heather's Outlook calendar and created the Teams meeting on Heather's behalf. Heather is the organizer/presenter of the meeting. In the meeting Heather is presenting and running into problems, so she clicks the Leave button, but the attendees could still see and hear Heather and Heather could still hear the attendees, even though her Teams meeting window closed and was gone. Ultimately, the only way Heather could get out of the meeting was to do a hard reboot of her machine. I've read of other people getting "stuck" in this same manner and they also couldn't do anything but reboot. Ending the task in Task Manager didn't work. Someone even uninstalled and reinstalled Teams and the problem still arises. Any ideas? The only thing we have in our back pocket to try if it happens again, is this suggestion of clearing the app cache from an "independent advisor" circa 2021: 1. Quit Microsoft Teams. 2. Delete files in the following folder path. “~/Library/Application Support/Microsoft/Teams/ 3. Restart Microsoft Teams.621Views0likes1CommentUsing on prem AD security group for DLP
Our compliance team is testing DLP in our environment and has run into a hiccup. It seems when they use a security group with a source of Windows Server AD for the Scope of Exchange, SharePoint, OneDrive and Teams, the policy does not work (see attachment DLP_WindowsServerAD group.png for example of what I mean by source). When using an on prem AD group for scope, users are still able to send SSNs or CC#s in Teams messages or emails, for example. However, when they use a security group with a source of Cloud for the Scope, the policy does work (see attachment DLP_Cloud group.png for example). To clarify where I'm talking about, when you're editing a DLP, click Next twice and you're on the Choose where to apply the policy page. Here you click Edit in the far right column to set which groups are in scope for the given policy (see attachment DLP_scope.png). Is this expected behavior, for DLP to have an issue using groups from on prem AD to scope the policy?576Views1like1CommentRe: Teams Apps (MS apps) use First Name instead of Display Name
However it's not the Display Name that needs to be edited. We have changed the Display Name to be what the user wants, but sometimes apps in Teams decide to use the First Name value instead of the Display Name value. The First Name value is their birth name since First Name is established by our HR system. But if they don't identify as that first name anymore, they'd rather it not be used. So, I'm just seeing if I can do anything at all to help - like ask Microsoft if there is some magical way of requesting Microsoft apps to use Display Name instead of First Name.13KViews2likes1CommentRe: Site Access "Request for" General vs site name
I figured out half the issue. General is showing up in the "Request for" column because the guest user was given a link to the team's General channel SharePoint library Url. I still don't understand why I receive an error when I try to Approve that request to the General library Url.595Views0likes0CommentsSite Access "Request for" General vs site name
I'm logged in with my global admin account, which is also site admin for the given site, as well as an owner of the site. The admins group is set up to receive site access requests. My account has all the permissions it needs. The problem seems to either be the fact that it's a guest user requesting access (unlikely as the site has other guest users in it and is set up to be able to share with guest users) or the way in which they're accessing the site. When I look at the access requests for this given site (a Team site), I see a guest user with the "Request for" column value "General" and I see a local user with "Request for" listed as the site name (Revenue Recognition External). In my screenshot the top account is a guest user and the bottom account is my user account. As site admin, when I click Approve for the guest user (with "Request for" = General), I get the error "Request approval failed" (screenshot attached). When I click Approve for the user account (with "Request for" = site name), approval is granted. These aren't the only accounts this has happened with; another guest user with Request for set to General also failed approval and other local users with Request for the site name approved without issue. It doesn't appear to be a guest user issue because I'm able to add them to the site / team and they can access it without a problem. It seems to be an issue with how they're initially accessing the site, perhaps? Why would "Request for" be set to "General" for them instead of the site name? Anyone run into anything like this?660Views0likes1CommentViva Engage: report with annual total posts?
Is there a report anywhere that can give me either an Engage community's total number of posts/announcements or the total number of posts/announcements for the calendar year? The closest I can find is the Usage report for Engage in the 365 admin center and that one goes back 180 days.SolvedAccess to Viva Engage in Teams but not to Yammer/Engage web portal?
I believe the answer to this is no, but I wanted to confirm with the experts. Is it possible to set it up so users can access the Viva Engage app in Teams, but cannot access the Engage/Yammer web portal?Solved2.8KViews2likes7CommentsForm with Group/Team ownership does not send email notification to Group inbox
We have a Microsoft Forms survey with the Owner being a 365 group / Team. In the settings of the form under Response receipts we have enabled "Get email notification for each response" (see attachment MS Forms_email notification setting.png). However, email notifications are not being sent to the group's shared mailbox. I see that you can edit the group's email settings as a 365 global administrator by going to the group's settings and selecting "Send copies of team emails and events to team members' inboxes", but this is not an option for us. They want only the team's owners to receive the emails sent to the group's mailbox, not all members of the team. The ask is this: when a form is submitted, 2 people receive an email notification that a new response was received. I do not see that the form can have more than 1 owner. Is that correct? If that is the case, the only workaround I see is this: Create form as an individual (instead of a group/team) Form has 1 owner (unless I learn that we can have more than 1 owner) Enable setting on form "Get email notification of each response" Set up a rule in the form owner's email inbox that forwards all form receipt email notices to the other person who needs to be notified.Solved4.6KViews0likes6CommentsRe: Access to Viva Engage in Teams but not to Yammer/Engage web portal?
Thank you for everyone's feedback. It's what I expected and we're looking at another option. The situation is that we have frontline workers who use "point of sale" laptops in retail stores that have customer data on them. Our security team sees Engage as a vulnerability for these machines because employees could potentially log into Engage with a personal account or they could switch to an external network other than our organization's Engage network. This is risky since those machines have customer data. I believe the person asking me this question about blocking the web version of Engage while allowing the Teams Engage app thought that this would help control that vulnerability, but you can still switch external networks via the Teams Engage app. So, what we're testing now is locking down the external network settings to see if this solves it. I know that it removes the "Browse external networks" link, but I don't know what it does for those who are already members of a different Engage network.2.3KViews0likes1CommentGuest users with Accepted invite status with No Groups or SP
We are working on cleaning up our list of guest users in our 365 tenant and I've come across about 150 guest users who have an Invitation State of "Accepted", but they are not a member of any group and they do not have access to any SharePoint sites. My assumption is that at one point in the past they accepted an invitation to a group or SharePoint site, thus the reason their Invitation State is "Accepted", but since then that membership/access has been revoked. Can anyone confirm this? OR can anyone lead me to a Powershell script that can give me the following info for guest users: Invitation State, Last login, 365 Group membership, SharePoint group membership? Ultimately my question is how does a guest user have an Invitation State of Accepted, but then does not have access to anything?676Views0likes0CommentsSharegate Manage tool: Can you customize text in Ask Owner(s) email
In the Sharegate Manage portal, you can click the Teams with guests or shared links to review button, select the given group(s), and then click the Ask owner(s) button. This sends an email to owners that looks something like the attached example. Is it possible to edit any part of the default text "Please review the guest within this team as soon as possible" or the signature "Your IT Admin"? In particular, they want to change "as soon as possible" to "by April 1" or "within 14 days" and the "Your IT Admin" signature to "Your ESO Team", for example. We'll most likely end up sending the emails from the Policies section > External sharing review, but the email verbiage is the same from either location. I've attached screenshots of the two ways of sending the email notification for reference.775Views0likes0CommentsRe: Automated notification to Owners of 365 Groups with Guests
Answering my own question here. We're going to use our Sharegate management tool for this. There's an External sharing review feature under Policies that allows you to send either an email or Teams chatbot message to the Owners of groups with guests and it includes the name of the group, as well as the number and names of the guests.706Views0likes0CommentsAutomated notification to Owners of 365 Groups with Guests
The ask: Is there a way to send a custom notification (email) to all of the owners of all of our 365 groups that have guest users? I have an Excel spreadsheet that lists all 365 Groups with Guest users, the Owner(s) of each group, the # of guest users in the group and the apps used for that group. I believe what our security and governance department is looking for is a way to email the owner and say, for example, "You are an Owner of the 365 group IT - Support and this group has 3 guest users. Please reply and provide justification for access granted to the guest(s) and/or remove the guest access if it is no longer needed."762Views0likes1CommentUsers to accept Usage Policy for Teams?
This is related to a feature in Yammer that we would like to apply to Teams, if possible. In the Yammer admin center, you can add verbiage for a Usage Policy and there is a checkbox "Require users to accept policy during sign up and after any changes are made to the policy". This means when someone opens Yammer (or Viva Engage in Teams), a pop up window displays with the Usage Policy text and a button "I accept" that they must click before proceeding to Yammer/Engage. My question is, is this same type of functionality available in Teams? Can we make it so when someone opens their Teams client, a pop up window displays with a policy they must accept? If this isn't possible, is there some other way to display a policy in the Teams app somewhere that everyone would see?Solved1.3KViews0likes2Comments
Recent Blog Articles
No content to show