M365 – Page 2 – A Cloud Guy

Microsoft 365 Admins: September 2025 Retirements, Security Shifts, and Copilot Usage Insights – Here’s Your Definitive Guide

September 5, 2025September 1, 2025 by Kumaran

September 2025 is shaping up to be one of the most impactful months for Microsoft 365 admins this year. From long-awaited retirements (farewell, Classic eDiscovery and Azure AD Graph API) to robust new features (Progressive Alert Scoring, SharePoint smart tagging, and Copilot usage metering), this month is packed with changes that demand action and attention.

Whether you’re in charge of compliance, identity, collaboration, or cloud security, this comprehensive guide gives you what you need to stay one step ahead.

September at a Glance

Category	Count
🔻 Retirements	9
🆕 New Features	13
🔧 Enhancements	10
🔄 Changes in Functionality	4
⚠️ Action Required	6

Retirements: Legacy Features You Can Let Go

1. Classic Message Trace (Exchange Online)

Sep 1, 2025 – Legacy UI and cmdlets (Get-MessageTrace, Get-MessageTraceDetail) retired.
Do this: Update to Get-MessageTraceV2 and use the modern EAC interface.
🔗 Ref

2. Client Access Rules (Exchange Online)

Sep 1, 2025 – Deprecated in favor of Conditional Access with Continuous Access Evaluation.
Do this: Migrate access controls to Entra Conditional Access.
🔗 Ref

3. Classic eDiscovery (Premium)

Sep 1, 2025 – Fully removed from Purview.
Do this: Move to Unified eDiscovery for better search and case handling.
🔗 Ref

4. Mobile Devices Page in Outlook Web

Sep 9, 2025 – Removed from OWA and New Outlook.
Do this: Use the My Account portal or native device management tools.
🔗 Ref

5. Cognitive Services & Azure ML in Power BI

Sep 15, 2025 – AI features being pulled in favor of Microsoft Fabric AutoML.
Do this: Transition to Microsoft Fabric for ML workloads.
🔗 Ref

6. Microsoft To Do Ends Support for iOS 16/macOS 12

Mid-Sep 2025 – No updates for outdated devices.
Do this: Update org device baselines to iOS 17 / macOS 13+.
🔗 Ref

7. Defender for Cloud Apps: Sub-Domains Visibility

Sep 22, 2025 – Low-use feature retired.
🔗 Ref

8. Legacy MFA & SSPR Method Management

Sep 30, 2025 – Management of authentication methods moves to the unified policy.
Do this: Transition to converged authentication methods now.
🔗 Ref

9. Azure AD Graph API

Early Sep 2025 – All apps must migrate to Microsoft Graph.
Do this: Use Entra admin center’s Recommendations tab to identify affected apps.
🔗 Ref

New Features: Worth the Hype

1. Progressive Alert Scoring in Insider Risk Management
Assess user activity multiple times per day instead of once every 24 hours. Get near real-time insights into risky behavior.
🔗 Ref

2. High Volume Exchange Email (HVE)
Send large volumes of internal mail for LOB applications and SMTP use cases—beyond standard Exchange Online limits.
🔗 Ref

3. Information Barriers in Microsoft Planner
Prevents users from discovering non-segmented users while sharing Planner plans via web and Teams.
🔗 Ref

4. Silent Test Calls in Teams
Simulate Teams call quality for network diagnostics—now available for Windows and Mac (Teams Premium required).
🔗 Ref

5. Rule-Based App Management in Teams
Set app permissions and availability based on scopes and publisher trust—control Microsoft 365 certified apps centrally.
🔗 Ref

6. New Secure Score Recommendations
Enhance security posture with new recommendations:
• Remove inactive service accounts
• Remove passwords from AD attributes
🔗 Ref

7. Teams + Defender for Office 365 Integration
Manage allow/block lists for external domains using the Tenant Allow/Block List (TABL) in Microsoft Defender.
🔗 Ref

8. New SharePoint Workflows
Power Automate-based automation embedded in SharePoint with natural language, Madlib-style editor, and better UI.
🔗 Ref

9. Retention Based on Last Accessed
Configure Purview retention policies for OneDrive and SharePoint based on when files were last accessed.
🔗 Ref

10. Priority Cleanup in Data Lifecycle Management
Allows deletion of SharePoint/OneDrive items before retention expires. Includes dual admin approval, simulation mode, and logs.
🔗 Ref

11. Copilot Usage Report
Monitor and manage costs from Copilot Chat with detailed reporting on metered message usage by user, agent, and policy.
🔗 Ref

12. Smart Tags for eSigned Docs in SharePoint
Automatically tag signed documents and add metadata columns for signature status and provider.
🔗 Ref

13. Teams Private Channel Expansion
Big lift for Teams limits:
• 1000 private channels per team
• 5000 members per private channel
• Meeting scheduling and DLP support
🔗 Ref

Enhancements: Small but Mighty

Auto Work Location Detection in Teams – Based on Wi-Fi or peripherals.
Updated SharePoint Page Analytics – Up to 365-day view history, reactions, shares, and Excel exports.
Purview Diagnostics Access – Now available to more admin roles.
Outlook Mail Merge (Advanced) – Dynamic fields and personalizations now in web and Windows clients.
Authenticator Improvements – No more number matching for same-device logins, cleaner FRX setup.
SharePoint Smart Tagging – Auto-adds metadata for eSigned documents.
Teams Join URL Validation – Ensure rewritten links don’t break meeting joins.
License Assignment Path in Admin Center – Easily view direct vs group-based license sources.
Streamlined Purview DLP Alert Settings – Sync alert states between portal and PowerShell.
Teams Auth Module Updates – New app permissions required: GroupMember.Read.All, RoleManagement.Read.Directory.

Functionality Changes: Take Note

Access Review History Limited to 12 Months
Export old data now using Microsoft Graph or Azure Data Explorer.
🔗 Ref
Defender for Identity Alert Migration to XDR
Update alert workflows and exclusions for XDR platform.
🔗 Ref
OneDrive: Unlicensed Accounts Enter Read-Only Mode
Deadline: July 28 → Enforcement: Sep 26, 2025
🔗 Ref
DLP Rule Visibility Fix in Portal
Now reflects accurate status if disabled via PowerShell.
🔗 Ref

Action Items: Handle These Before the Alarm Bells Ring

Deadline	Task
Sep 1, 2025	Migrate to new Message Trace, Unified eDiscovery, Conditional Access
Sep 2, 2025	Create Azure DevOps–specific Conditional Access policy
Sep 14, 2025	Update Teams PowerShell app permissions
Sep 15, 2025	MFA required for credential management in Entra
Sep 30, 2025	Converge legacy MFA and SSPR policies
Ongoing	Migrate apps from Azure AD Graph to Microsoft Graph

Final Thoughts

September 2025 is a turning point month for Microsoft 365 environments. Between the retirement of major legacy features and a flood of next-gen tools and AI insights, it’s clear that Microsoft is pushing the ecosystem toward tighter security, smarter automation, and more control for admins.

Bookmark this guide.
Review your tenant configurations.
Communicate changes to your teams.
Knock out required actions before deadlines bite.

Because in enterprise IT, proactive beats reactive every time.

Thank you for stopping by. ✌️

Microsoft 365 Admins: August 2025 Ushers in Major Retirements, AI-Powered Features & Key Compliance Shifts – Here’s Your Definitive Guide

July 31, 2025 by Kumaran

If you thought July was intense, buckle up, August 2025 is a heavyweight month for Microsoft 365 changes. Between legacy retirements, AI-driven security enhancements, and new controls across Teams, Outlook, and Purview, this is not the month to sleep on your Message Center.

Whether you’re managing governance, fine-tuning DLP, or trying to avoid last-minute fire drills, this guide breaks it all down into what’s retiring, what’s new, and what needs your immediate attention.

August at a Glance

Category	Count
🔻 Retirements	4
🆕 New Features	7
🔧 Enhancements	3
🔄 Changes in Functionality	1
⚠️ Action Needed	3

Retirements: Say Farewell to These Legacy Tools

1. Classic eDiscovery in Microsoft Purview

August 1, 2025 — Say goodbye to Classic eDiscovery, including Content Search, eDiscovery (Standard), and (Premium).
What to do: Migrate to the unified eDiscovery experience for better search, performance, and compliance.
🔗 Learn more

2. Project for the Web & Project in Teams

Early-August 2025 — Microsoft is sunsetting Project for the web. Users will be redirected to Planner and Portfolios.
What to do: Migrate Roadmap data to Portfolios and update any pinned tabs in Teams.
🔗 Details

3. Outlook for Mac: Legacy Switch Retires

Mid-August 2025 — New Outlook becomes default for Mac (v16.100+). Admin toggle to revert will be retired.
What to do: Prepare users for permanent shift by October 2025 (v16.102).
🔗 More info

4. Speaker Coach in Microsoft Teams

Mid-August 2025 — The preview feature providing real-time feedback during meetings will be retired.
What to do: Inform users and explore alternatives like Copilot-generated meeting recaps.
🔗 Announcement

New Features: Worth Your Immediate Attention

AI-Powered Data Security Investigations in Purview

An all-new AI-driven tool for visualizing data risk, investigating incidents, and refining policies, now built into Microsoft Purview.
🔗 Details

Advanced Mail Merge in Outlook for Web & New Outlook

August 2025 — Personalize email templates with dynamic fields, custom formatting, and preview features.
🔗 Roadmap

Copilot Blocked from Processing Labeled Emails via DLP

August 2025 — Microsoft Purview DLP will block Copilot from interacting with labeled content in chat.
🔗 Read more

Risky AI Usage Detection in Insider Risk Management

Early-August 2025 — Detect prompts, intents, and AI-generated content using Microsoft 365 Copilot, Copilot Studio, and ChatGPT Enterprise.
🔗 More info

Silent Test Calls in Teams for Network Diagnostics

Early-August 2025 — Run silent test calls via Teams Premium to proactively check network readiness.
🔗 Message Center

Rule-Based Management of Certified Teams Apps

Mid-August 2025 — Automatically manage apps based on permission access and publisher trust status.
🔗 Roadmap

Independent DLP Email Notification Settings

August 2025 — Decouple policy tips and notifications in SharePoint/OneDrive DLP settings.
🔗 Roadmap

Enhancements: Quiet but Important

Updated Audit Logs in Purview – Better granularity and new Pre/Post Execution messages for role group changes.
🔗 Read more
Microsoft Fabric Workspace User Limit – Enforcing a max of 1,000 users/groups per workspace role.
🔗 Details
Apple/Google Sign-In on Teams Web – New SSO methods are coming for consumer users (preview).
🔗 Message Center

Functionality Change: Stay Updated

Updated Sender for Teams DLP Incident Emails

August 20, 2025 — Teams DLP GIR emails will only come from no-reply@teams.mail.microsoft.com.
What to do: Update inbox rules and alert filters if needed.
🔗 Message Center

Action Needed: These Deadlines Are Not Flexible

Entra ID Retention Policy for Access Reviews

August 15, 2025 — Only 12 months of access review data will be available via UI/API.
What to do:

Export old data using Graph API
Store reports securely
Create an annual backup process
🔗 More info

Legacy Message Trace Retires in Exchange Online

August 31, 2025 — New Message Trace UI and V2 cmdlets become the default.
What to do: Update any scripts to use Get-MessageTraceV2 and Get-MessageTraceDetailV2.
🔗 Read more

Azure AD Graph API Retirement

August 31, 2025 — Azure AD Graph API officially ends; apps using it will stop working.
What to do: Migrate to Microsoft Graph API. Use Entra admin center to identify impacted apps.
🔗 Migration Help

Final Thoughts

August 2025 is a pivotal month between the rise of AI-enhanced compliance tools and the retirement of legacy Microsoft features, the Microsoft 365 ecosystem is evolving fast.

If you’re responsible for security, collaboration, or compliance, now’s the time to document changes, communicate with your teams, and adjust scripts and policies. Waiting until the last minute will put you behind both operationally and reputationally.

Bookmark this.
Share it with your team.
Knock out the action items before they knock on your door.

Thank you for stopping by. ✌️

Microsoft 365 Admins: July 2025 Brings Major Retirements, Game-Changing Features & Critical Actions – Here’s Your Definitive Guide

July 1, 2025July 1, 2025 by Kumaran

Alright admins, deep breath. July is rolling in hot with some of the biggest Microsoft 365 updates, retirements, and must-do tasks of the year. Whether you’re wrangling SharePoint, securing sensitive data, or prepping Teams for your org, this month has something that will definitely land on your radar and maybe on your weekend schedule if you don’t plan ahead.

Consider this your field guide to navigate July 2025 without missing a beat.

July at a Glance

Category	Count
🔻 Retirements	7
🆕 New Features	11
🔧 Enhancements	8
🔄 Changes in Functionality	5
⚠️ Action Needed	7

Retirements: Say Goodbye to These

Microsoft 365 Business Premium & Office 365 E1 Grants for Non-Profits
Retiring July 1, 2025 — Non-profits must move to Microsoft 365 Business Basic grants or discounted plans.
➡️ Learn more
Viva Engage Private Content Mode
Retiring June 30, 2025 — All tenants will lose access to Private Content Mode across Viva Engage, Teams, and Outlook.
➡️ Details
Monitor Action in Defender Safe Attachments Policies
Gone Early-July 2025 — Monitor mode will be switched to Block; evaluate Safe Attachments settings now.
➡️ More info
SharePoint Alerts
Phased retirement starts July 2025 — Power Automate or SharePoint Rules recommended as replacements.
➡️ Guidance
OneNote .DOC Export Option
Ending July 28, 2025 — Shift to modern formats like .docx now.
➡️ Message Center
Organization Data Type in Excel
Retiring July 31, 2025 — Switch to Get Data > From Power BI or custom data types via add-ins.
➡️ Learn more
TLS 1.1 & Older on Fabric Platform
Deprecated July 31, 2025 — Update systems to TLS 1.2+ to avoid data connectivity issues.
➡️ Blog post

New Features: Hot Off the Press

Native Forms in SharePoint Libraries — Build forms directly inside document libraries for smoother file uploads.
➡️ Roadmap
Cold File Scanning for Sensitive Info — Microsoft Purview now scans old, untouched files in SharePoint/OneDrive.
➡️ Details
Unit-Level Backup Deletion in Microsoft 365 Backup — Delete backups for specific OneDrive, SharePoint, or Exchange units.
➡️ Roadmap
External Chat File Attachments in Teams — Finally attach files in 1:1 and group chats with external users.
➡️ Message Center
Detailed Audit Logs for Screen Sharing in Teams — Gain full transparency over Give/Take Control and sharing events.
➡️ Read more
Facilitator Agent in Teams — Automated meeting summaries and real-time note collaboration (Copilot license required).
➡️ Details
Multi-Admin Notifications for M365 Backup — Configure centralized alerts for backup events.
➡️ Roadmap
AI Posture Management in Purview — Manage security of AI activity across Copilot and other AI apps.
➡️ Message Center
Drag & Drop Between Accounts in New Outlook — Attach emails/files across accounts or shared mailboxes seamlessly.
➡️ Details
Network-Level Detection of AI Activity in Insider Risk Management — Identify sensitive data shared with cloud/AI apps.
➡️ Message Center
Scoped AD Domain Access in Defender for Identity — Apply RBAC at the AD domain level for tighter security.
➡️ Details

Enhancements: Small Changes, Big Impact

Attachment Previews in Purview Content Explorer — View flagged attachments directly in the console.
➡️ Details
Recording & Transcription by Default in Teams Calls — Enabled by default for new tenants and global policies.
➡️ More info
New Outlook: S/MIME Signature Inheritance Setting — Control signature behavior in replies via NoSignOnReply.
➡️ Message Center
User Activity Timeline in Purview Compliance Portal — See flagged user interactions on a single timeline.
➡️ Details
IRM + Data Security Investigation Integration — Launch investigations faster with combined tools.
➡️ Message Center
Secure by Default Settings in Microsoft 365 — Block legacy auth and enforce admin consent by default.
➡️ Details
Best Practice Dashboard Expansion in Teams Admin Center — Monitor new meeting-related issues.
➡️ Read more
On-Demand File Classification — Discover/classify old files in SharePoint/OneDrive (pay-as-you-go).
➡️ Details

Existing Functionality Changes: Adjust Your Ops

Teams Live Event Assistance Becomes Paid — LEAP moves under Unified as a paid service on July 1, 2025.
➡️ More info
Insider Risk Policy Limits Increased — Up to 100 total active policies across templates.
➡️ Roadmap
Outlook Blocks More File Types — .library-ms and .search-ms added to the blocked list.
➡️ Details
Improved B2B Guest Sign-In — Guests redirected to their home org’s sign-in page for clarity.
➡️ Message Center
Unified Teams App Management Paused — Rollout delay with updates expected by late July.
➡️ Details

Action Needed: Don’t Procrastinate

Azure AD PowerShell Retirement After July 1 — Migrate scripts to Microsoft Graph or Entra PowerShell ASAP.
➡️ Details
DNS Provision Change — Update automation scripts to retrieve MX records via Graph API to avoid mail flow issues.
➡️ Message Center
Classic Teams App Retirement — All users must move to New Teams or web app by July 1, 2025.
➡️ Details
Reshare SharePoint Content Post-Entra B2B — External users lose access to pre-integration OTP shares. Reshare content now.
➡️ Message Center
Teams Android Devices Must Update Apps — Move to supported versions by Dec 31, 2025, to enable modern auth.
➡️ Details
Graph Beta API Permissions Update — Adjust apps to use new permissions for device management by July 31, 2025.
➡️ Message Center

Final Thoughts

July 2025 is a make-or-break month for Microsoft 365 admins. There’s a mountain of changes, but staying ahead means no late-night incidents, no broken workflows, and definitely no panicked calls from leadership.

Bookmark this guide, share it with your team, and start planning now. Because in IT, the only thing worse than unexpected downtime is knowing you could’ve avoided it.

Thank you for stopping by. ✌️

The Hidden Threat in Plain Sight: Understanding and Securing Exchange Online’s Direct Send

July 21, 2025June 22, 2025 by Kumaran

In the ever-evolving world of cloud security, sometimes it’s not the new, complex exploits that catch us off guard, it’s the overlooked features hiding in plain sight. One such feature in Exchange Online is Direct Send, a capability designed for convenience but now actively exploited by attackers to bypass security controls.

Let’s pull back the curtain and take a deep dive into what Direct Send is, how it’s being misused, and what you can do to shut the door on this attack vector.

What Is Direct Send in Exchange Online?

Direct Send is a feature that allows internal devices or applications (like printers, scanners, or legacy tools) to send emails through Microsoft 365 without authentication.

It works by leveraging the tenant’s smart host, typically in the format:

tenantname.mail.protection.outlook.com

Originally designed to help internal tools send alerts or reports to internal mailboxes, Direct Send does not require credentials or tokens. That’s the convenience. But therein lies the danger.

Key Detail: Direct Send only works for recipients within the same tenant, it won’t deliver mail to external domains.

How Direct Send Becomes a Security Risk

While Direct Send serves a legitimate purpose, it becomes a security liability because anyone with the right tenant domain and smart host format can spoof an internal sender. No login. No breach. Just open SMTP.

All an attacker needs is:

A valid tenant domain (easy to scrape from public records or previous breaches)
The smart host address (easily guessable)
An internal email format (like first.last@company.com)

With that, they can send spoofed emails that appear to come from inside the organization, bypassing both Microsoft’s and third-party email filters that trust internal traffic.

Real-World Abuse: How Attackers Exploit Direct Send

During a recent threat campaign observed across several U.S.-based organizations, attackers used PowerShell to exploit Direct Send, sending emails that looked like internal alerts, complete with subject lines like “New Missed Fax-msg” or “Voicemail received.”

Here’s a sample PowerShell command used:

Send-MailMessage -SmtpServer company-com.mail.protection.outlook.com `
  -To joe@company.com -From joe@company.com `
  -Subject "New Missed Fax-msg" `
  -Body "You have received a call! Click the link to listen." -BodyAsHtml

Since the emails originated from Microsoft’s infrastructure, many filters saw them as internal-to-internal traffic. This allowed them to sneak past SPF, DKIM, and DMARC checks, especially in tenants with lax anti-spoofing policies.

How to Detect Direct Send Abuse

You’ll need to dig into message headers and behavioral signals to spot these threats:

Message Header Indicators

Received headers showing external IPs sending to your smart host.
Authentication-Results failing SPF, DKIM, or DMARC checks.
X-MS-Exchange-CrossTenant-Id not matching your tenant.
SPF record mismatch or missing smart host entry.

Behavioral Indicators

A user “emailing themselves.”
Emails sent via PowerShell or unknown user agents.
Unusual IP addresses or geolocations.
Suspicious links, QR codes, or file attachments.

Remember, not all Direct Send traffic is malicious, context matters.

How to Disable or Control Direct Send

Microsoft now allows you to disable Direct Send entirely using a single command in PowerShell:

Connect-ExchangeOnline
Set-OrganizationConfig -RejectDirectSend $true

To verify:

Get-OrganizationConfig | Select-Object Identity, RejectDirectSend

Pro Tip: Disabling this feature won’t affect authenticated SMTP relay or Microsoft 365 apps, it only blocks unauthenticated Direct Send.

More details here: Microsoft’s announcement on Direct Send controls

Best Practices to Secure Your Tenant

Here’s a checklist to keep Direct Send from becoming your weakest link:

Disable Direct Send with RejectDirectSend = $true
Enforce DMARC with a strict policy (p=reject)
Flag unauthenticated internal emails for review or quarantine
Enable Anti-Spoofing Policies in Exchange Online Protection (EOP)
Enforce known IPs in SPF records to reduce spoofing
Educate users on phishing threats, especially QR code–based quishing
MFA + Conditional Access for all users

Final Thoughts

Direct Send was designed with good intentions but in the wrong hands, it becomes a fast-track lane for phishing campaigns. The good news? You now have the awareness and the tools to defend against it.

Don’t let this quiet feature become a noisy headline for your security team. Audit your tenant, close the loopholes, and stay vigilant.

Thanks for stopping by. ✌️

Managing Microsoft 365 and Azure with Lokka — Natural Language for Admins

November 9, 2025June 14, 2025 by Kumaran

Ever wished you could manage your Microsoft 365 tenant without juggling endless PowerShell scripts? Enter Lokka, your AI-powered sidekick that connects directly to Microsoft Graph and Azure APIs, so you can simply ask what you want.

What Is Lokka (and What’s MCP)?

Lokka is a Model Context Protocol (MCP) server that acts as a translator between AI models (like ChatGPT or GitHub Copilot Agent) and your Microsoft 365 or Azure tenant.

The Lokka documentation includes a helpful diagram illustrating the overall flow.

Think of MCP as a USB-C port for AI tools, a universal interface that lets you securely connect an AI model to your Microsoft environment. Lokka bridges the gap so you can say things like:

“List all users without licenses.”
“Add Alex to the Network Admins group.”
“Show OneDrive accounts over 90% full.”

Instead of writing and debugging a PowerShell script, Lokka interprets your plain-English query and executes it via the Microsoft Graph and Azure Resource Manager APIs.

Setting Up Lokka

Lokka works as an MCP server that you connect through VS Code with the GitHub Copilot Agent. Here’s how to get it running.

Pre-requisites

Visual Studio Code (latest version)
GitHub Copilot Chat extension
Node.js installed (npx must be available)
Global admin or app registration permissions in Microsoft Entra

Step 1: Create a Microsoft Entra App

Before Lokka can talk to your tenant, it needs a Microsoft Entra (Azure AD) app for authentication.

Go to Microsoft Entra admin center → App registrations → New registration
Name it something like Lokka-Agent
Once created, note the Application (client) ID and Directory (tenant) ID

Add API Permissions

I enabled the following permissions. yes, it’s quite a list, but this is a test tenant after all. I wanted to push Lokka’s limits and see what it’s truly capable of. I recommend doing the same: experiment safely in a test environment first.

Once added, click Grant admin consent to approve them for the tenant.

Create a Client Secret

While certificate-based authentication is the best practice for Entra app registrations, I’m keeping it simple and using a client secret for this test setup.

Under Certificates & secrets, create a new client secret, copy the value now; you won’t see it again.

You’ll use these three values in Lokka’s config file:

{
  "clientId": "YOUR_CLIENT_ID",
  "clientSecret": "YOUR_CLIENT_SECRET",
  "tenantId": "YOUR_TENANT_ID"
}

Step 2: Install Lokka in VS Code

You can install Lokka two ways: one-click or manual.

Option 1: One-Click Install

Start VS Code and then click the button below to install Lokka in VS Code.
If your browser prompts you to open VS Code, click Open.
In the VS Code Lokka-Microsoft install page
- Click Install.
- Click the widget icon next to the button and select Start Server.
This will open a browser window and prompt you to sign into your Microsoft tenant.

Platform	VS Code	VS Code Insiders
Windows
macOS/Linux

Option 2: Manual Install

After the one-click install method gave me some trouble, I went ahead and followed the manual setup steps instead.

Open Command Palette → Ctrl + Shift + P
Search for MCP: Add Server…
Select Command (stdio)
Enter the following command: npx -y @merill/lokka
Name it Lokka-Microsoft and choose Global install
Save the generated JSON file with tenant id, Client id and client secret.

Step 3: Start and Configure the MCP Server

You can manually start Lokka anytime:

Open Command Palette → MCP: List Servers
Select Lokka-Microsoft → Start Server
A browser window will appear again to confirm sign-in

Once started, Lokka is ready to interpret your natural language requests.

Step 4: Using Lokka in Action

Start a new instance of VS Code (File > New Window)
Open Chat from View → Chat
At the bottom of the Chat panel (below the chat box)
- Select Agent (if it is showing Ask or Edit)
- Select Claude Sonnet 4 or above (if it is showing GPT-40)
Now you can start querying your Microsoft tenant using the Lokka agent tool.

Now for the fun part, try these commands inside VS Code’s Copilot chat:

Get all groups without owners
List users who haven’t signed in for 30 days
Show all unlicensed Microsoft 365 users
Add "Alex Johnson" to "Finance Team" group
Change job title of "Taylor Smith" to "Senior Engineer"
List users with mailbox forwarding enabled
List OneDrive accounts over 90% full
How many unused M365 licenses do we have?

Some of the prompts I tried,

No PowerShell scripting, no loops, no parsing JSON, just straightforward queries. Lokka translates them into Graph API calls behind the scenes.

Security Considerations

While Lokka is powerful, it’s only as safe as the permissions you grant. A few tips:

Start with read-only access — test and observe results first
Use a dedicated service account instead of your personal admin login
Rotate client secrets regularly and store them securely (e.g., Azure Key Vault)
Audit logs — monitor Graph API usage through Entra sign-in logs
Limit write permissions to specific tasks if you plan to use Lokka for automation

Why Lokka Beats Traditional Scripting

Let’s be honest: PowerShell is awesome but writing, debugging, and maintaining scripts takes time. Lokka lets admins ask, not script.

Faster insights without memorizing cmdlets
Easier collaboration, anyone can understand the query
Reduced context-switching between portals and terminals
Works naturally with GitHub Copilot and other MCP-enabled AI tools

In short: Lokka supercharges your admin toolkit, bridging natural language, AI, and your Microsoft tenant.

The Bottom Line

Lokka isn’t replacing PowerShell; it’s extending it into the AI era. Whether you’re managing licenses, auditing groups, or checking mailbox configurations, Lokka gives you conversational control of your environment, safely, efficiently, and intelligently.

Thank you for stopping by. ✌️