The rapid and widespread rollout of Microsoft 365 Copilot has created a governance challenge for organizations. Features are often enabled before corresponding controls are available, leaving administrators struggling to manage where and how Copilot appears. This article addresses that gap, the lack of centralized governance by outlining how to regain control, standardize deployment, and prevent…
Month: October 2025
Governing access to app stores in Microsoft 365 apps
Introduction Within Microsoft 365, users can extend app functionality directly from built‑in app stores. Outlook add‑ins, Teams apps, and Office extensions for Word, Excel, PowerPoint, and OneNote provide powerful integration options but also introduce governance and compliance risks if unmanaged. By default, users can access Microsoft and third‑party apps freely through these app stores, allowing…
Configure Browser Policy to Preserve OneDrive and SharePoint Web Performance and Offline Capability needed for upcoming Chromium versions
Introduction Modern collaboration tools such as OneDrive and SharePoint depend on efficient browser communication to deliver both online and offline functionality. When specific content delivery endpoints are blocked by browser policies, users may experience reduced performance or complete loss of offline file access. Configuring the correct browser policies ensures seamless integration between the browser and…
Balancing Control and Convenience: Preventing Edge Password Sync on Unmanaged Devices
Introduction Password managers have become a default convenience in modern browsers, including Microsoft Edge. Microsoft now recommends enabling the built-in password manager as part of the Edge Security Baseline, allowing credentials to roam securely across devices. However, in enterprise environments, this roaming capability may become a security concern, especially when users sign into Edge from…
Conditional Access Baseline October 2025 (v2025-10) Available on GitHub
Over the past years, I’ve been maintaining a Conditional Access baseline that organizations can use as a starting point when implementing or reviewing their own Conditional Access policies in Microsoft Entra ID. The latest version v2025-10 (October 2025) is now available on GitHub:👉 https://github.com/kennethvs/cabaseline202510 This baseline contains a collection of policies that together form a…
Configuring Conditional Access for Guest Users: Allowing Only Office 365 and Essential Apps
Introduction Configuring Conditional Access (CA) for guest users can be challenging when you want to strictly limit access to Office 365 and a few essential Microsoft services. Many Entra administrators have encountered scenarios where applying a “block all resources” policy breaks necessary functionality such as managing authentication methods, accepting invitations, or accessing user profile pages….