Scripting

Creating a Teams “New Channel” notification

One of my customers recently asked for a solution to checking a particular Microsoft Team multiple times a day for new channel additions.  In their organization, someone is responsible for creating a new channel every time new item for review is published, and then all of the communications, files, and data related to that item is stored in that particular time.… [ Continue reading ]

Information

WhoAmI for Office 365

If you’ve ever struggled to find out who your current session is logged in as when you connected to Office 365, here’s a tidbit to shed some light on it:

(Get-PSSession |?{$_.ComputerName -like “*outlook.com”})[0].RunSpace.ConnectionInfo.Credential.UserName… [ Continue reading ]

Information

Calculating your Daily Export for the Security & Compliance Center

One of the lesser-known boundaries of Office 365’s Security & Compliance Center is that we only allow 2TB per day export volume.  When we talk about exports, we’re talking about the idea of taking content that has been identified via a content search mechanism (content search, eDiscovery case search, etc) and then staged for download.… [ Continue reading ]

Scripting

Searching the Office 365 Unified Audit Log for Specific Activities, Sites, and Users

Last week, I was working with a large government customer in a consolidated tenant (read: all agencies in a single, centrally-managed tenant).  One of the questions that was presented was how to search and filter the audit log for entries relating to the following categories:

  • Files shared by an agency or department’s users
  • Files accessed in an agency’s SharePoint site collection

To that end, I based together this script. … [ Continue reading ]

Configuration

Alerting on OneDrive Deleted Item Activity

I had a customer recently raise some questions about how to provide further enhancements and protections around their OneDrive for Business deployments.  Suppose this scenario exists:

  • Users are site collection administrators over their OneDrive for Business sites (default configuration)
  • Retention policies are configured, but may only be configured to provide a very minimal amount of data protection (such as 90 days from creation or last modification of data) due to organizational legal compliance
  • No retention policies are in effect for the target data (as all the data we’re concerned with is technically older than 90 day creation or last modified date)
  • Malicious or disgruntled user deletes OneDrive data
    • Deletes data in OneDrive
    • Empties recycle bin
    • Empties second stage recycle bin

At this point, for any data older than 90 days, it is lost.… [ Continue reading ]