The rapid and widespread rollout of Microsoft 365 Copilot has created a governance challenge for organizations. Features are often enabled before corresponding controls are available, leaving administrators struggling to manage where and how Copilot appears. This article addresses that gap, the lack of centralized governance by outlining how to regain control, standardize deployment, and prevent…
Category: Office 365
Governing access to app stores in Microsoft 365 apps
Introduction Within Microsoft 365, users can extend app functionality directly from built‑in app stores. Outlook add‑ins, Teams apps, and Office extensions for Word, Excel, PowerPoint, and OneNote provide powerful integration options but also introduce governance and compliance risks if unmanaged. By default, users can access Microsoft and third‑party apps freely through these app stores, allowing…
A first look at the Microsoft 365 Apps admin center
The Microsoft 365 Apps admin center, available via https://config.office.com provides a portal where admins can manage Microsoft 365 Apps for Enterprise. Microsoft 365 Apps for enterprise is a subscription that comes with premium apps like Word, Excel, PowerPoint, Outlook, Teams, Publisher, and Access (Publisher and Access are only available on PC). The apps can be…
Defining more granularity for your Conditional Access App Enforced Restrictions using Sensitivity Labels
In June this year I wrote an article about: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions, the article explains how you can use Azure AD Conditional Access to restrict downloading and printing within SharePoint Online/OneDrive and Outlook Web Access (OWA). Within that article we used a…
Enabling Plus Addressing in Office 365 Exchange Online
In December 2019 Microsoft included support for Plus Addressing in their roadmap (ID 59441) for Office 365. In the meantime this feature is released but needs to be enabled before it can be used. What is Plus Addressing? Plus addressing has been available for a while now in other email services like Google Gmail. It…
Are you already synchronizing your Message Center messages to Planner? Here is why you should
Microsoft 365 changes regularly, changes are implemented almost on a daily basis and as an Admin responsible for the service you must be aware of which changes are coming to your tenant. In order to inform administrators Microsoft uses the Message Center. From within the message center administrative users are also automatically subscribed to weekly…
Microsoft is making changes related to automatic email forwarding for ATP customers, here is what you need to know
In February this year I blogged about Stopping automatic email forwarding in your Exchange Online environment in a controlled way providing a structural way to disable automatic email forwarding within your organization, while still allowing exceptions. This week Microsoft announced through the message center (MC220853) they are rolling out the External Email Forwarding Controls functionality…
How to prevent your users from downloading and installing Office via the Office portals
If your goal is to restrict the usage of Office applications on non-managed devices and only allow Web access in limited mode (as explained in my article: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions) you might ask yourself if you want the Office applications to be…
Self Service Purchasing for Power Platform, Visio and Project, should you keep it enabled or disable the functionality?
In October 2019, Microsoft announced that it would enable end users to buy and manage their own licenses within their corporate account. At that time this “feature” was announced for the Power Platform: PowerApps, Flow (now Power Automate) and Power BI. After that announcement Microsoft received critical feedback from tenant administrators where eventually Microsoft allowed…
Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP
In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the following article: “Recommended settings for EOP and Office 365 ATP security“. When implementing the settings in the article you either have the option to go for a “Standard” or “Strict” security level,…
Office 365 Advanced Threat Protection (ATP) deep dive
Around 5 years ago (April 2015) Microsoft announced Exchange Online Advanced Threat Protection (ATP), which was renamed to Office 365 Advanced Threat Protection around a year later. By using Office 365 Advanced Threat Protection you can add additional protection to the email filtering service available in Office 365 called Exchange Online Protection (EOP). In this…
Ask yourself if you still really need ADFS
In Q1 2017 Microsoft released the Pass Through Authentication (PTA) functionality as part of Azure AD connect. With the release of Azure Active Directory (Azure AD) Pass-through Authentication allowed for your users to sign in to both on-premises and cloud-based applications using the same passwords without the need to implement a Active Directory Federation Services…