Copilot Chat comes to Microsoft 365 apps
In this blog, we take a closer look at CVE-2025-55241, a critical Entra ID flaw that briefly allowed attackers to impersonate Global Admins across any tenant, no phishing or passwords required. While Microsoft moved fast to patch the issue, it exposed how deeply legacy code can undermine modern security efforts. We’ll break down what happened, why it matters, and what admins should do now to stay protected.
Many examples of how to report inactive guest accounts are available on the internet, but they're all flawed because they make decisions based on the last sign in. That's a shortsighted method because it doesn't take guest activity into account. This article explains how to combine audit data with sign-in data to create an enhanced view of guest account activity so that intelligent decisions can be made to keep or retain the accounts.
On this episode of the Practical 365 Podcast, Steve and Paul discuss Copilot Chat integration into Office apps, AI generated workslop, and why many pilot programs for AI (including Copilot) don't get off the ground.
Microsoft's Alex Simons came to the TEC 2025 conference to talk about the future of Entra ID, a lot of which hangs on the use of AI in components like the Entra agents that are now in preview. The idea of using agents to relieve hard-pressed human administrators is great, but only if those agents do more than a skilled human administrator can do, and that's not the case so far.
Microsoft Teams Phone has improved over the years, but missed call reporting in call queues remains a gap. In this blog, Martin Heusser shows how to use Microsoft Graph and PowerShell to build a custom report that captures missed and answered calls, complete with caller info and agent details. Until Microsoft adds shared call history natively, this DIY approach is a solid workaround.
Many PowerShell scripts need to run on a scheduled basis or have to process large amounts of data. Azure Automation runbooks are a good way to handle both types of task. This article describes three important and practical steps to improve writing PowerShell code for Azure Automation.
In this episode of the Practical 365 Podcast, Steve Goodman and Paul Robichaux discuss the newest features and changes in Microsoft 365 Copilot Studio, examine an open-source solution, Jan, which enables running large language models locally for privacy-friendly AI, and reflect on Microsoft’s recent change in its remote work policy.
A reader question asked if it was possible to find the last app accessed by a user. Of course, anything is possible with PowerShell, but how? In this article, we explore using the Entra ID sign-in logs and Microsoft 365 audit log as sources for finding the desired information. Some performance issues emerge, so we end up running the code in Azure Automation.
Microsoft is rolling out Phase 2 of Azure services MFA enforcement starting October 1, 2025. This update requires MFA for all Azure Resource Manager operations. In this article, we dive into what you need to do to comply with the new enforcement requirements.
Auditing Attack Surface Reduction (ASR) rules can generate overwhelming data. In this blog, we walk through the different ways of verifying the audit results, different types of exclusions, and provide an advanced KQL that surfaces detailed information.
In this blog, we explore practical ways to optimize SharePoint Online performance for large document libraries. From avoiding the 5,000-item list view threshold to using PnP PowerShell and Microsoft Graph API for bulk updates, you'll learn how to keep your libraries fast, responsive, and scalable.
A reader asked if it's possible to analyze the external meeting participants for Teams online events. The information is available through the Events Graph API, and some PowerShell code written using the Graph PowerShell SDK quickly extracts events to analyze and determine the set of external domains meeting participants come from.
