We recommend assigning at least two owners to every Microsoft Teams site. This prevents the team from becoming “ownerless” if one owner leaves, ensuring settings and permissions can still be managed. Multiple owners share responsibilities and help maintain continuity, especially in larger teams, but having too many can create confusion.
Combine the power of Entra ID Conditional Access and Defender for Cloud Apps Conditional Access policies to gain even more control over how apps in your tenant can be accessed. A common scenario would be to block access from Tor/Botnet/Anonymous Proxy networks as there’s really no use-cases for end-users to
Many customers using Microsoft Teams request teams restricted to internal members, without guest account access. Teams’ behavior is very often controlled by SharePoint or Microsoft 365 Group settings and a typical team user may not know anything about these settings. We recommend building your own app or automation to ensure
Recently, I’ve assisted a customer with uplifting their security around Enterprise Applications. This is an area we see many of our customers struggle with as by default, Microsoft lets users register apps all by themselves. This leads to a sprawl of registered apps that may or may not still be
As demonstrated previously, numerous technical configurations are available to support effective Microsoft 365 Governance. In this post, we will examine several minor adjustments that have the potential to significantly influence our user’s behavior. When receiving mail from external partners, by default our users must know that the mail is received
Many customers using Microsoft Teams request teams restricted to internal members, without guest account access. Teams’ behavior is very often controlled by SharePoint or Microsoft 365 Group settings and a typical team user may not know anything about these settings. We recommend building your own app or automation to ensure
During our Microsoft 365 Governance workshops with customers, a common question is how to handle inactive teams. Our primary recommendation is to implement automated processes for archiving inactive teams, team owners can also archive a team themselves. The team’s conversations and files will be set to read-only and remain searchable.
Back in September Microsoft has recently teaset App Management Policies in Microsoft Entra ID UI, which let you set tenant-wide restrictions on how applications and service principals can be configured from the UI – for example restricting certificate lifetimes, blocking new passwords/secrets, enforcing valid URI formats, etc. (as it looks like for now
You can email a Teams channel using its email address. Once set up, anyone in the team can reply. To see a channel email, you must select use the option Get email address on the channel itself. You may use this email address as the recipient address in Outlook. Any
When you select Share on a file in Teams, it is actually shared in SharePoint. The default options selected can be changed, and when we run our Microsoft 365 Governance workshops this is often a required action for a lot of customers. By default SharePoint will show these option when
A frequently discussed topic during our Microsoft 365 governance workshops is the appropriate retention period for chat messages within Teams. Some customers prefer that chat messages are deleted after a predefined period rather than being retained for an extended time. In this post, we will examine how to efficiently delete
As explained in Part one, a common Microsoft 365 Governance workshop question is how to use the Sync to OneDrive and Add shortcut to OneDrive features, both found under the Files tab in Teams channels. We recommend using only Add shortcut to OneDrive and disabling Sync. However, here we’ll also
A common inquiry that arises during our Microsoft 365 Governance workshop concerns the use of the Sync to OneDrive feature in Teams and the Add shortcut to OneDrive option. Both functionalities are accessible from the Files tab within a Teams channel. We normally recommend using Add shortcut to OneDrive instead
We are starting to see the Unlock Teams Premium prompt, on more tenants, and at the same time we are now also starting to get the question on our Microsoft 365 Governance workshops. Teams Premium is not the only license that users can do self-service/trials set up and purchase on.
A new policy setting has been introduced in Microsoft 365 Apps for Enterprise that governs the ability of Word, Excel, and PowerPoint to create new files using non-Cloud locations, such as local or network drives. When this policy is enabled, users will be restricted to Cloud Locations for the Save
In my previous blogposts I’ve shown some of Azure Arc’s features, and interesting capabilities. All super cool ways to securely interact with your machines, regardless of where they are hosted. However, so far, I’ve glanced over a problem: How do you get started with onboarding machines? In Part 1 of
Introduction Microsoft Purview is Microsoft’s unified data governance, compliance, and risk platform. It lets you discover, classify, label, protect, retain, and monitor data across Microsoft 365, On-Premises, multicloud, and SaaS sources. It centralizes policies (like sensitivity labels) to enforce consistent security and compliance. During our Governance workshops, we initiate the
Today we secure our tenants using conditional access or security defaults, but in the old days many tenants were configured to use Legacy per-user Multi-Factor Authentication (MFA). It is recommended that per-user Microsoft Entra multifactor authentication should not be enabled or enforced when Conditional Access policies are in use. Convert
With the recent generally available Entra ID functionality into Bicep while I was on vacation, I couldn’t wait to get back and try it out. Specifically, I wanted to see if using this functionality would allow for some level of Infrastructure as code (IaC) to good ol’ Active Directory when
In 2022 we wrote a post about SharePoint and OneDrive integration with Microsoft Entra B2B. As of 2025, the information in this post remains relevant for tenants created before June 2023; tenants provisioned after that date have Entra B2B integration enabled by default. Now, only one command is needed instead
A common question in our Microsoft 365 governance workshops is whether to allow the OneDrive client to sync with other organizations. If needed, modern managed Windows computers can restrict OneDrive syncing to specific Entra ID tenants only. Previously, we used a Group Policy Object (GPO) to restrict OneDrive access to
On updated tenants, external file sharing is now enabled in both 1:1 and group chats. MC1102790 Roadmap ID 492625 When this feature is not enabled you will not see an attach file option when chatting with an external user. To share a file, you must first share the file from
After reading about cross-tenant quirks in sensitivity labels, I got curious: how are these labels stored in a .DOCX file—and can they be removed without encryption? Short answer: yes, and it’s surprisingly easy.
Recently we ran into a fun experience when adjusting the Cross-Cloud meetings within the Teams Admin Center which caused Entra ID Cross-Tenant Access Settings to be changed. This behavior didn’t seem to be documented anywhere and did cause some head-scratching before we figured out why B2B invitations weren’t automatically being
Enable Change tracking and inventory from Azure ARC Introduction To be able to see inventory and change tracking information when we have added our non-Azure machines to Azure ARC, we must enable the change tracking and inventory solution on our Log Analytics workspace. This will give us an insight into
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
