M365

Microsoft 365 Admins: July 2025 Brings Major Retirements, Game-Changing Features & Critical Actions – Here’s Your Definitive Guide

by

Alright admins, deep breath. July is rolling in hot with some of the biggest Microsoft 365 updates, retirements, and must-do tasks of the year. Whether you’re wrangling SharePoint, securing sensitive data, or prepping Teams for your org, this month has something that will definitely land on your radar and maybe on your weekend schedule if you don’t plan ahead.

Consider this your field guide to navigate July 2025 without missing a beat.

July at a Glance

CategoryCount
🔻 Retirements7
🆕 New Features11
🔧 Enhancements8
🔄 Changes in Functionality5
⚠️ Action Needed7

Retirements: Say Goodbye to These

  1. Microsoft 365 Business Premium & Office 365 E1 Grants for Non-Profits
    Retiring July 1, 2025 — Non-profits must move to Microsoft 365 Business Basic grants or discounted plans.
    ➡️ Learn more
  2. Viva Engage Private Content Mode
    Retiring June 30, 2025 — All tenants will lose access to Private Content Mode across Viva Engage, Teams, and Outlook.
    ➡️ Details
  3. Monitor Action in Defender Safe Attachments Policies
    Gone Early-July 2025 — Monitor mode will be switched to Block; evaluate Safe Attachments settings now.
    ➡️ More info
  4. SharePoint Alerts
    Phased retirement starts July 2025 — Power Automate or SharePoint Rules recommended as replacements.
    ➡️ Guidance
  5. OneNote .DOC Export Option
    Ending July 28, 2025 — Shift to modern formats like .docx now.
    ➡️ Message Center
  6. Organization Data Type in Excel
    Retiring July 31, 2025 — Switch to Get Data > From Power BI or custom data types via add-ins.
    ➡️ Learn more
  7. TLS 1.1 & Older on Fabric Platform
    Deprecated July 31, 2025 — Update systems to TLS 1.2+ to avoid data connectivity issues.
    ➡️ Blog post

New Features: Hot Off the Press

  • Native Forms in SharePoint Libraries — Build forms directly inside document libraries for smoother file uploads.
    ➡️ Roadmap
  • Cold File Scanning for Sensitive Info — Microsoft Purview now scans old, untouched files in SharePoint/OneDrive.
    ➡️ Details
  • Unit-Level Backup Deletion in Microsoft 365 Backup — Delete backups for specific OneDrive, SharePoint, or Exchange units.
    ➡️ Roadmap
  • External Chat File Attachments in Teams — Finally attach files in 1:1 and group chats with external users.
    ➡️ Message Center
  • Detailed Audit Logs for Screen Sharing in Teams — Gain full transparency over Give/Take Control and sharing events.
    ➡️ Read more
  • Facilitator Agent in Teams — Automated meeting summaries and real-time note collaboration (Copilot license required).
    ➡️ Details
  • Multi-Admin Notifications for M365 Backup — Configure centralized alerts for backup events.
    ➡️ Roadmap
  • AI Posture Management in Purview — Manage security of AI activity across Copilot and other AI apps.
    ➡️ Message Center
  • Drag & Drop Between Accounts in New Outlook — Attach emails/files across accounts or shared mailboxes seamlessly.
    ➡️ Details
  • Network-Level Detection of AI Activity in Insider Risk Management — Identify sensitive data shared with cloud/AI apps.
    ➡️ Message Center
  • Scoped AD Domain Access in Defender for Identity — Apply RBAC at the AD domain level for tighter security.
    ➡️ Details

Enhancements: Small Changes, Big Impact

  • Attachment Previews in Purview Content Explorer — View flagged attachments directly in the console.
    ➡️ Details
  • Recording & Transcription by Default in Teams Calls — Enabled by default for new tenants and global policies.
    ➡️ More info
  • New Outlook: S/MIME Signature Inheritance Setting — Control signature behavior in replies via NoSignOnReply.
    ➡️ Message Center
  • User Activity Timeline in Purview Compliance Portal — See flagged user interactions on a single timeline.
    ➡️ Details
  • IRM + Data Security Investigation Integration — Launch investigations faster with combined tools.
    ➡️ Message Center
  • Secure by Default Settings in Microsoft 365 — Block legacy auth and enforce admin consent by default.
    ➡️ Details
  • Best Practice Dashboard Expansion in Teams Admin Center — Monitor new meeting-related issues.
    ➡️ Read more
  • On-Demand File Classification — Discover/classify old files in SharePoint/OneDrive (pay-as-you-go).
    ➡️ Details

Existing Functionality Changes: Adjust Your Ops

  • Teams Live Event Assistance Becomes Paid — LEAP moves under Unified as a paid service on July 1, 2025.
    ➡️ More info
  • Insider Risk Policy Limits Increased — Up to 100 total active policies across templates.
    ➡️ Roadmap
  • Outlook Blocks More File Types — .library-ms and .search-ms added to the blocked list.
    ➡️ Details
  • Improved B2B Guest Sign-In — Guests redirected to their home org’s sign-in page for clarity.
    ➡️ Message Center
  • Unified Teams App Management Paused — Rollout delay with updates expected by late July.
    ➡️ Details

Action Needed: Don’t Procrastinate

  • Azure AD PowerShell Retirement After July 1 — Migrate scripts to Microsoft Graph or Entra PowerShell ASAP.
    ➡️ Details
  • DNS Provision Change — Update automation scripts to retrieve MX records via Graph API to avoid mail flow issues.
    ➡️ Message Center
  • Classic Teams App Retirement — All users must move to New Teams or web app by July 1, 2025.
    ➡️ Details
  • Reshare SharePoint Content Post-Entra B2B — External users lose access to pre-integration OTP shares. Reshare content now.
    ➡️ Message Center
  • Teams Android Devices Must Update Apps — Move to supported versions by Dec 31, 2025, to enable modern auth.
    ➡️ Details
  • Graph Beta API Permissions Update — Adjust apps to use new permissions for device management by July 31, 2025.
    ➡️ Message Center

Final Thoughts

July 2025 is a make-or-break month for Microsoft 365 admins. There’s a mountain of changes, but staying ahead means no late-night incidents, no broken workflows, and definitely no panicked calls from leadership.

Bookmark this guide, share it with your team, and start planning now. Because in IT, the only thing worse than unexpected downtime is knowing you could’ve avoided it.

Thank you for stopping by. ✌️

The Hidden Threat in Plain Sight: Understanding and Securing Exchange Online’s Direct Send

by

In the ever-evolving world of cloud security, sometimes it’s not the new, complex exploits that catch us off guard, it’s the overlooked features hiding in plain sight. One such feature in Exchange Online is Direct Send, a capability designed for convenience but now actively exploited by attackers to bypass security controls.

Let’s pull back the curtain and take a deep dive into what Direct Send is, how it’s being misused, and what you can do to shut the door on this attack vector.

What Is Direct Send in Exchange Online?

Direct Send is a feature that allows internal devices or applications (like printers, scanners, or legacy tools) to send emails through Microsoft 365 without authentication.

It works by leveraging the tenant’s smart host, typically in the format:

tenantname.mail.protection.outlook.com

Originally designed to help internal tools send alerts or reports to internal mailboxes, Direct Send does not require credentials or tokens. That’s the convenience. But therein lies the danger.

Key Detail: Direct Send only works for recipients within the same tenant, it won’t deliver mail to external domains.

How Direct Send Becomes a Security Risk

While Direct Send serves a legitimate purpose, it becomes a security liability because anyone with the right tenant domain and smart host format can spoof an internal sender. No login. No breach. Just open SMTP.

All an attacker needs is:

  • A valid tenant domain (easy to scrape from public records or previous breaches)
  • The smart host address (easily guessable)
  • An internal email format (like first.last@company.com)

With that, they can send spoofed emails that appear to come from inside the organization, bypassing both Microsoft’s and third-party email filters that trust internal traffic.

Real-World Abuse: How Attackers Exploit Direct Send

During a recent threat campaign observed across several U.S.-based organizations, attackers used PowerShell to exploit Direct Send, sending emails that looked like internal alerts, complete with subject lines like “New Missed Fax-msg” or “Voicemail received.”

Here’s a sample PowerShell command used:

Send-MailMessage -SmtpServer company-com.mail.protection.outlook.com `
  -To joe@company.com -From joe@company.com `
  -Subject "New Missed Fax-msg" `
  -Body "You have received a call! Click the link to listen." -BodyAsHtml

Since the emails originated from Microsoft’s infrastructure, many filters saw them as internal-to-internal traffic. This allowed them to sneak past SPF, DKIM, and DMARC checks, especially in tenants with lax anti-spoofing policies.

How to Detect Direct Send Abuse

You’ll need to dig into message headers and behavioral signals to spot these threats:

Message Header Indicators

  • Received headers showing external IPs sending to your smart host.
  • Authentication-Results failing SPF, DKIM, or DMARC checks.
  • X-MS-Exchange-CrossTenant-Id not matching your tenant.
  • SPF record mismatch or missing smart host entry.

Behavioral Indicators

  • A user “emailing themselves.”
  • Emails sent via PowerShell or unknown user agents.
  • Unusual IP addresses or geolocations.
  • Suspicious links, QR codes, or file attachments.

Remember, not all Direct Send traffic is malicious, context matters.

How to Disable or Control Direct Send

Microsoft now allows you to disable Direct Send entirely using a single command in PowerShell:

Connect-ExchangeOnline
Set-OrganizationConfig -RejectDirectSend $true

To verify:

Get-OrganizationConfig | Select-Object Identity, RejectDirectSend

Pro Tip: Disabling this feature won’t affect authenticated SMTP relay or Microsoft 365 apps, it only blocks unauthenticated Direct Send.

More details here: Microsoft’s announcement on Direct Send controls

Best Practices to Secure Your Tenant

Here’s a checklist to keep Direct Send from becoming your weakest link:

  • Disable Direct Send with RejectDirectSend = $true
  • Enforce DMARC with a strict policy (p=reject)
  • Flag unauthenticated internal emails for review or quarantine
  • Enable Anti-Spoofing Policies in Exchange Online Protection (EOP)
  • Enforce known IPs in SPF records to reduce spoofing
  • Educate users on phishing threats, especially QR code–based quishing
  • MFA + Conditional Access for all users

Final Thoughts

Direct Send was designed with good intentions but in the wrong hands, it becomes a fast-track lane for phishing campaigns. The good news? You now have the awareness and the tools to defend against it.

Don’t let this quiet feature become a noisy headline for your security team. Audit your tenant, close the loopholes, and stay vigilant.

Thanks for stopping by. ✌️

Microsoft SharePoint Premium: Getting the Most Out of SharePoint Advanced Management

by

Let’s be real—managing SharePoint at scale is no walk in the park. When you’ve got thousands of users, sprawling document libraries, and security risks lurking around every corner, the last thing you need is more complexity. Enter Microsoft SharePoint Premium, specifically its SharePoint Advanced Management capabilities, designed to bring order to the chaos.

But is it just another fancy add-on, or does it actually make your life easier? Let’s break it down.

Site Lifecycle Policies: Keeping SharePoint Tidy

Without oversight, SharePoint sites tend to pile up like old emails in an unchecked inbox. That’s where Site Lifecycle Policies come in.

  • Inactive SharePoint Sites Policy – Automatically detects and archives (or deletes) sites that haven’t been used in a while. Think of it as digital housekeeping that prevents clutter.
  • Site Ownership Policy – Ever had a SharePoint site where no one knows who’s in charge? This policy ensures every site has a designated owner—and prompts them to confirm ownership periodically.

These policies save IT teams from sifting through forgotten sites and guessing which ones are still relevant.

Data Access Governance (DAG) Insights: Who’s Seeing What?

Ever worry that sensitive data is floating around where it shouldn’t be? DAG Insights help IT admins spot and control broad access issues.

  • “Everyone Except External Users” (EEEU) Insights – This permission group sounds harmless, but it can sometimes overexpose data internally. DAG Insights help admins quickly identify and correct these cases.
  • Sharing Links & Sensitivity Labels – Visibility into which files are shared externally (and with what sensitivity labels) ensures sensitive documents don’t end up in the wrong hands.
  • PowerShell: Permission State Report – Need an exhaustive report on who has access to what? This PowerShell tool provides a deep dive across SharePoint, OneDrive, and specific files.
  • Sharing Links Report – Helps admins monitor and manage shared links across the organization, reducing unnecessary exposure.

Site Access Reviews: Keeping Permissions in Check

Permissions in SharePoint can get complicated fast. The Site Access Review feature ensures that access stays intentional and secure. Admins can set up periodic reviews, prompting site owners to confirm who still needs access—and who doesn’t.

It’s like a spring cleaning for permissions, reducing security risks and keeping data locked down to the right people.

PowerShell: Restricted Content Discovery (RCD)

Sometimes, sensitive data ends up where it shouldn’t be. With Restricted Content Discovery (RCD), admins can scan SharePoint and OneDrive for files that shouldn’t be widely accessible. This helps with compliance and security audits—before problems arise.

Restricted Access Control (RAC): Locking Down Sensitive Sites

Some SharePoint sites contain data that only a select few should ever see. Restricted Access Control (RAC) ensures that even if a user has general access to SharePoint, they won’t automatically see certain sensitive sites.

This applies to both SharePoint and OneDrive, providing an extra layer of control where it’s needed most.

Recent Admin Actions & Change History: Who Did What?

Admins make changes all the time—adjusting permissions, creating new policies, modifying access levels. Recent Admin Actions and Change History provide a log of what’s been modified, making it easier to track down unexpected issues or roll back unintended changes.

Block Download Policy: Extra Security for Sensitive Content

Not all files should be downloadable—especially sensitive reports or confidential recordings. The Block Download Policy lets admins restrict downloads from SharePoint, OneDrive, and even Teams recordings. Users can still view the content online but can’t save a local copy, reducing the risk of data leaks.

Should You Upgrade?

If you’re a small team with a handful of SharePoint sites, Advanced Management might feel like overkill. But for organizations juggling hundreds (or thousands) of users, it’s the difference between smooth operations and constant headaches.

So, if your team is spending way too much time managing permissions, cleaning up inactive sites, or chasing security risks, upgrading to SharePoint Premium’s Advanced Management might just be the smartest move you make.

At the very least, it’s worth a test drive—because who doesn’t want a smoother, safer, and smarter SharePoint experience?

Thanks for stopping by. ✌

How SharePoint Advanced Management Prepares Your Organization for Microsoft Copilot

by

Introduction

Microsoft Copilot is revolutionizing the way organizations interact with data, leveraging AI to deliver intelligent insights and automation. However, for Copilot to function effectively, it requires a well-structured and secure data environment. SharePoint Advanced Management (SAM) provides essential tools to optimize, secure, and manage SharePoint content, ensuring your organization is Copilot-ready.

This post explores how SAM enhances permissions management, content governance, data accuracy, privacy, and security to maximize the benefits of Microsoft Copilot.

Accidental Oversharing – Taming the Wild West of Permissions

One of the biggest risks in any SharePoint environment is accidental oversharing of sensitive information. SAM helps organizations identify and remediate these risks through features such as:

  • Access Reviews: Automated reports highlight excessive or outdated permissions, enabling administrators to take corrective action.
  • Sharing Controls: Policies can be enforced to restrict sharing of certain file types or limit external sharing.
  • Auditing and Reporting: Advanced logging provides visibility into sharing activities, ensuring compliance with security policies.

By leveraging these tools, organizations can mitigate security risks, ensuring that only the right users have access to the right content, an essential step before enabling Copilot.

Minimize Your Content Governance Footprint – Streamlining for Efficiency

Microsoft Copilot’s efficiency is directly tied to the quality and relevance of the data it processes. Organizations with cluttered SharePoint environments may experience degraded performance and unnecessary costs. SAM offers capabilities to reduce redundant, obsolete, and trivial (ROT) content through:

  • Data Lifecycle Management: Policies that automate archiving or deletion of outdated content.
  • Content Insights: Identifies and flags low-value content, enabling administrators to focus on high-priority data.
  • Retention Labels: Ensures only necessary content is retained, reducing Copilot’s processing burden.

A leaner, well-structured SharePoint environment not only improves Copilot’s efficiency but also enhances its ability to provide accurate and relevant responses.

Improve Copilot Response Quality – Feeding Copilot the Right Data

Copilot’s output quality depends on the integrity of the data it analyzes. SAM helps improve content relevance and accuracy through:

  • Metadata Enrichment: Standardizes data classification, making it easier for Copilot to extract meaningful insights.
  • Duplicate Content Detection: Reduces information overload by identifying and consolidating redundant documents.
  • Content Curation Tools: Helps teams maintain well-organized libraries, ensuring Copilot pulls from authoritative and up-to-date sources.

By cleaning up SharePoint content, organizations can ensure Copilot provides more precise, actionable responses to users.

Control Content Access by Copilot – Ensuring Data Privacy and Compliance

As organizations integrate Copilot into their workflows, maintaining control over which content Copilot can access is crucial for privacy and regulatory compliance. SAM provides several features to manage Copilot’s data access:

  • Sensitivity Labels: Prevents Copilot from analyzing or referencing classified documents.
  • Conditional Access Policies: Restricts Copilot’s access based on location, device, or role.
  • Permissions Management: Ensures that Copilot can only interact with approved datasets, reducing the risk of data leakage.

These tools help organizations align Copilot usage with internal and external compliance requirements, protecting sensitive business information.

Ensure Data Safety for Business-Critical Sites – Protecting Your Crown Jewels

Certain SharePoint sites contain mission-critical data that require enhanced security and governance. SAM enables organizations to fortify these high-value sites by:

  • Access Reviews for Critical Sites: Periodically verifies that only authorized users retain access.
  • Advanced Threat Protection: Detects and prevents unauthorized access attempts.
  • Lifecycle Management: Ensures outdated or irrelevant data is systematically archived or deleted.

By implementing these controls, organizations can protect their most valuable digital assets while maintaining Copilot readiness.

Conclusion

Preparing for Microsoft Copilot requires more than just enabling AI-powered tools, it demands a well-governed, secure, and optimized SharePoint environment. SharePoint Advanced Management provides the essential capabilities to streamline content, secure sensitive data, and enhance permissions management, ensuring Copilot delivers accurate and efficient insights. By leveraging SAM, organizations can maximize the value of Copilot while maintaining security and compliance.

Start preparing your SharePoint environment today to unlock the full potential of Microsoft Copilot!

Thanks for stopping by. ✌

Office 365 – Export Email Addresses and UPN of O365 users with PowerShell

by

I will go over steps on how to export the list of users with their UPN, Object ID, primary SMTP address and Alias email address.

The Get-AzureADUser cmdlet comes in handy to pull all the user details in this scenario. The Mail attribute contains the Primary SMTP address of the user and the Primary SMTP address and Alias email address are stored in the ProxyAddresses attribute in Azure AD. The ProxyAddresses attribute is a multi-value property. The Primary SMTP address can be easily identified as it is in this format, SMTP:user@emaple.com The upper-case SMTP denotes that it the primary email address.

When an object is synced from on-premise Active Directory to Azure AD, the values in the proxyAddresses attribute in AD are compared with Azure AD rules and then populated in Azure AD. So, the values of the proxyAddresses attribute in AD may not match the ProxyAddresses attribute in AzureAD.

Export all users to csv file

The below script will pull all Azure AD users,

Connect-AzureAD

$Output = @() #create an empty array

$AzureADUsers = Get-AzureADUser -All $true | Select DisplayName,UserprincipalName,ObjectId,Mail,ProxyAddresses #Get all Azure AD users

ForEach ($User in $AzureADUsers)
{
	$Output += New-Object PSObject -property $([ordered]@{ #fetch user detail and add to $output
		UserName = $User.DisplayName
		UserprincipalName = $User.UserprincipalName
		UserId = $User.objectId
		SMTPAddress = $User.Mail
		AliasSMTPAddresses = ($User.ProxyAddresses | Where-object {$_ -clike 'smtp:*'} | ForEach-Object {$_ -replace 'smtp:',''}) -join ','
		
	})
}
$Output | Export-csv "C:\tmp\O365Users_$((Get-Date).ToString("MMddyyyy_HHmmss")).csv" -NoTypeInformation -Encoding UTF8 #Export users to csv file

Output file,

csv output

Thank you for stopping by.✌