O365

Microsoft 365 Admins: August 2025 Ushers in Major Retirements, AI-Powered Features & Key Compliance Shifts – Here’s Your Definitive Guide

by

If you thought July was intense, buckle up, August 2025 is a heavyweight month for Microsoft 365 changes. Between legacy retirements, AI-driven security enhancements, and new controls across Teams, Outlook, and Purview, this is not the month to sleep on your Message Center.

Whether you’re managing governance, fine-tuning DLP, or trying to avoid last-minute fire drills, this guide breaks it all down into what’s retiring, what’s new, and what needs your immediate attention.

August at a Glance

CategoryCount
🔻 Retirements4
🆕 New Features7
🔧 Enhancements3
🔄 Changes in Functionality1
⚠️ Action Needed3

Retirements: Say Farewell to These Legacy Tools

1. Classic eDiscovery in Microsoft Purview

August 1, 2025 — Say goodbye to Classic eDiscovery, including Content Search, eDiscovery (Standard), and (Premium).
What to do: Migrate to the unified eDiscovery experience for better search, performance, and compliance.
🔗 Learn more

2. Project for the Web & Project in Teams

Early-August 2025 — Microsoft is sunsetting Project for the web. Users will be redirected to Planner and Portfolios.
What to do: Migrate Roadmap data to Portfolios and update any pinned tabs in Teams.
🔗 Details

3. Outlook for Mac: Legacy Switch Retires

Mid-August 2025 — New Outlook becomes default for Mac (v16.100+). Admin toggle to revert will be retired.
What to do: Prepare users for permanent shift by October 2025 (v16.102).
🔗 More info

4. Speaker Coach in Microsoft Teams

Mid-August 2025 — The preview feature providing real-time feedback during meetings will be retired.
What to do: Inform users and explore alternatives like Copilot-generated meeting recaps.
🔗 Announcement

New Features: Worth Your Immediate Attention

AI-Powered Data Security Investigations in Purview

An all-new AI-driven tool for visualizing data risk, investigating incidents, and refining policies, now built into Microsoft Purview.
🔗 Details

Advanced Mail Merge in Outlook for Web & New Outlook

August 2025 — Personalize email templates with dynamic fields, custom formatting, and preview features.
🔗 Roadmap

Copilot Blocked from Processing Labeled Emails via DLP

August 2025 — Microsoft Purview DLP will block Copilot from interacting with labeled content in chat.
🔗 Read more

Risky AI Usage Detection in Insider Risk Management

Early-August 2025 — Detect prompts, intents, and AI-generated content using Microsoft 365 Copilot, Copilot Studio, and ChatGPT Enterprise.
🔗 More info

Silent Test Calls in Teams for Network Diagnostics

Early-August 2025 — Run silent test calls via Teams Premium to proactively check network readiness.
🔗 Message Center

Rule-Based Management of Certified Teams Apps

Mid-August 2025 — Automatically manage apps based on permission access and publisher trust status.
🔗 Roadmap

Independent DLP Email Notification Settings

August 2025 — Decouple policy tips and notifications in SharePoint/OneDrive DLP settings.
🔗 Roadmap

Enhancements: Quiet but Important

  • Updated Audit Logs in Purview – Better granularity and new Pre/Post Execution messages for role group changes.
    🔗 Read more
  • Microsoft Fabric Workspace User Limit – Enforcing a max of 1,000 users/groups per workspace role.
    🔗 Details
  • Apple/Google Sign-In on Teams Web – New SSO methods are coming for consumer users (preview).
    🔗 Message Center

Functionality Change: Stay Updated

Updated Sender for Teams DLP Incident Emails

August 20, 2025 — Teams DLP GIR emails will only come from no-reply@teams.mail.microsoft.com.
What to do: Update inbox rules and alert filters if needed.
🔗 Message Center

Action Needed: These Deadlines Are Not Flexible

Entra ID Retention Policy for Access Reviews

August 15, 2025 — Only 12 months of access review data will be available via UI/API.
What to do:

  • Export old data using Graph API
  • Store reports securely
  • Create an annual backup process
    🔗 More info

Legacy Message Trace Retires in Exchange Online

August 31, 2025 — New Message Trace UI and V2 cmdlets become the default.
What to do: Update any scripts to use Get-MessageTraceV2 and Get-MessageTraceDetailV2.
🔗 Read more

Azure AD Graph API Retirement

August 31, 2025 — Azure AD Graph API officially ends; apps using it will stop working.
What to do: Migrate to Microsoft Graph API. Use Entra admin center to identify impacted apps.
🔗 Migration Help

Final Thoughts

August 2025 is a pivotal month between the rise of AI-enhanced compliance tools and the retirement of legacy Microsoft features, the Microsoft 365 ecosystem is evolving fast.

If you’re responsible for security, collaboration, or compliance, now’s the time to document changes, communicate with your teams, and adjust scripts and policies. Waiting until the last minute will put you behind both operationally and reputationally.

  • Bookmark this.
  • Share it with your team.
  • Knock out the action items before they knock on your door.

Thank you for stopping by. ✌️

Microsoft 365 Admins: July 2025 Brings Major Retirements, Game-Changing Features & Critical Actions – Here’s Your Definitive Guide

by

Alright admins, deep breath. July is rolling in hot with some of the biggest Microsoft 365 updates, retirements, and must-do tasks of the year. Whether you’re wrangling SharePoint, securing sensitive data, or prepping Teams for your org, this month has something that will definitely land on your radar and maybe on your weekend schedule if you don’t plan ahead.

Consider this your field guide to navigate July 2025 without missing a beat.

July at a Glance

CategoryCount
🔻 Retirements7
🆕 New Features11
🔧 Enhancements8
🔄 Changes in Functionality5
⚠️ Action Needed7

Retirements: Say Goodbye to These

  1. Microsoft 365 Business Premium & Office 365 E1 Grants for Non-Profits
    Retiring July 1, 2025 — Non-profits must move to Microsoft 365 Business Basic grants or discounted plans.
    ➡️ Learn more
  2. Viva Engage Private Content Mode
    Retiring June 30, 2025 — All tenants will lose access to Private Content Mode across Viva Engage, Teams, and Outlook.
    ➡️ Details
  3. Monitor Action in Defender Safe Attachments Policies
    Gone Early-July 2025 — Monitor mode will be switched to Block; evaluate Safe Attachments settings now.
    ➡️ More info
  4. SharePoint Alerts
    Phased retirement starts July 2025 — Power Automate or SharePoint Rules recommended as replacements.
    ➡️ Guidance
  5. OneNote .DOC Export Option
    Ending July 28, 2025 — Shift to modern formats like .docx now.
    ➡️ Message Center
  6. Organization Data Type in Excel
    Retiring July 31, 2025 — Switch to Get Data > From Power BI or custom data types via add-ins.
    ➡️ Learn more
  7. TLS 1.1 & Older on Fabric Platform
    Deprecated July 31, 2025 — Update systems to TLS 1.2+ to avoid data connectivity issues.
    ➡️ Blog post

New Features: Hot Off the Press

  • Native Forms in SharePoint Libraries — Build forms directly inside document libraries for smoother file uploads.
    ➡️ Roadmap
  • Cold File Scanning for Sensitive Info — Microsoft Purview now scans old, untouched files in SharePoint/OneDrive.
    ➡️ Details
  • Unit-Level Backup Deletion in Microsoft 365 Backup — Delete backups for specific OneDrive, SharePoint, or Exchange units.
    ➡️ Roadmap
  • External Chat File Attachments in Teams — Finally attach files in 1:1 and group chats with external users.
    ➡️ Message Center
  • Detailed Audit Logs for Screen Sharing in Teams — Gain full transparency over Give/Take Control and sharing events.
    ➡️ Read more
  • Facilitator Agent in Teams — Automated meeting summaries and real-time note collaboration (Copilot license required).
    ➡️ Details
  • Multi-Admin Notifications for M365 Backup — Configure centralized alerts for backup events.
    ➡️ Roadmap
  • AI Posture Management in Purview — Manage security of AI activity across Copilot and other AI apps.
    ➡️ Message Center
  • Drag & Drop Between Accounts in New Outlook — Attach emails/files across accounts or shared mailboxes seamlessly.
    ➡️ Details
  • Network-Level Detection of AI Activity in Insider Risk Management — Identify sensitive data shared with cloud/AI apps.
    ➡️ Message Center
  • Scoped AD Domain Access in Defender for Identity — Apply RBAC at the AD domain level for tighter security.
    ➡️ Details

Enhancements: Small Changes, Big Impact

  • Attachment Previews in Purview Content Explorer — View flagged attachments directly in the console.
    ➡️ Details
  • Recording & Transcription by Default in Teams Calls — Enabled by default for new tenants and global policies.
    ➡️ More info
  • New Outlook: S/MIME Signature Inheritance Setting — Control signature behavior in replies via NoSignOnReply.
    ➡️ Message Center
  • User Activity Timeline in Purview Compliance Portal — See flagged user interactions on a single timeline.
    ➡️ Details
  • IRM + Data Security Investigation Integration — Launch investigations faster with combined tools.
    ➡️ Message Center
  • Secure by Default Settings in Microsoft 365 — Block legacy auth and enforce admin consent by default.
    ➡️ Details
  • Best Practice Dashboard Expansion in Teams Admin Center — Monitor new meeting-related issues.
    ➡️ Read more
  • On-Demand File Classification — Discover/classify old files in SharePoint/OneDrive (pay-as-you-go).
    ➡️ Details

Existing Functionality Changes: Adjust Your Ops

  • Teams Live Event Assistance Becomes Paid — LEAP moves under Unified as a paid service on July 1, 2025.
    ➡️ More info
  • Insider Risk Policy Limits Increased — Up to 100 total active policies across templates.
    ➡️ Roadmap
  • Outlook Blocks More File Types — .library-ms and .search-ms added to the blocked list.
    ➡️ Details
  • Improved B2B Guest Sign-In — Guests redirected to their home org’s sign-in page for clarity.
    ➡️ Message Center
  • Unified Teams App Management Paused — Rollout delay with updates expected by late July.
    ➡️ Details

Action Needed: Don’t Procrastinate

  • Azure AD PowerShell Retirement After July 1 — Migrate scripts to Microsoft Graph or Entra PowerShell ASAP.
    ➡️ Details
  • DNS Provision Change — Update automation scripts to retrieve MX records via Graph API to avoid mail flow issues.
    ➡️ Message Center
  • Classic Teams App Retirement — All users must move to New Teams or web app by July 1, 2025.
    ➡️ Details
  • Reshare SharePoint Content Post-Entra B2B — External users lose access to pre-integration OTP shares. Reshare content now.
    ➡️ Message Center
  • Teams Android Devices Must Update Apps — Move to supported versions by Dec 31, 2025, to enable modern auth.
    ➡️ Details
  • Graph Beta API Permissions Update — Adjust apps to use new permissions for device management by July 31, 2025.
    ➡️ Message Center

Final Thoughts

July 2025 is a make-or-break month for Microsoft 365 admins. There’s a mountain of changes, but staying ahead means no late-night incidents, no broken workflows, and definitely no panicked calls from leadership.

Bookmark this guide, share it with your team, and start planning now. Because in IT, the only thing worse than unexpected downtime is knowing you could’ve avoided it.

Thank you for stopping by. ✌️

Microsoft 365 Admins: June 2025 Brings Major Updates, Retirements & Action Items — Here’s Your Definitive Guide

by

Buckle up, admins! June’s heating up with a fresh wave of Microsoft 365 changes. Whether you manage identity, information protection, collaboration, or compliance, there’s something here that will nudge your daily workflow—or bulldoze it if you’re not paying attention.

Let’s cut through the clutter. Below is your clear, actionable roundup of what’s coming, what’s going, and what needs your immediate attention across the Microsoft 365 landscape.

In the Spotlight

Smoother OneDrive File Transfers

Say goodbye to clunky cleanup processes when employees leave. Microsoft’s new “Move and keep sharing” feature lets you transfer ownership while preserving existing sharing permissions. Combine that with new filters to zero in on important files and clearer notification emails, and you’ve got an admin’s dream come true.

Shared Mailboxes in New Outlook (Finally!)

The New Outlook for Windows now lets you add shared mailboxes like real accounts—no more backflips to get the same experience your users are used to. Easier management, better UX, happier end users.

Non-Profit Grant Offers Retiring

Heads up for non-profit orgs: Microsoft is retiring Microsoft 365 Business Premium and Office 365 E1 grant offers. If your licensing strategy includes these grants, now’s the time to rethink and re-budget.

June at a Glance

CategoryCount
Retirements4
New Features10
Enhancements9
Changes in Functionality5
Action Needed2

Retirements: What’s Going Away

  1. Meeting Details in OneNote for Windows 10 – Poof, gone starting June 2025.
  2. Private Content Mode in Viva Engage – Say farewell by June 30, 2025.
  3. Teams Recording Initiator Policy – Both the MeetingInitiator value and MeetingRecordingOwnership setting will be retired by June 30, 2025.
  4. Sports Calendars in Outlook – “Interesting Calendars” will vanish starting early June 2025.

New Features: What You’ll Want to Try First

  • Copilot Troubleshooter in Power Automate – Diagnose and resolve flow errors with a few clicks inside the designer.
  • Copilot for Security in Purview Insider Risk Management – Contextual alerts and smarter investigations—yes, please.
  • Data-at-Rest Scanning in SharePoint/OneDrive – Finally scan previously untouched files for sensitive info and apply sensitivity labels.
  • Microsoft Backup Enhancements – Define backup policies that automatically cover all Exchange, OneDrive, and SharePoint users—even new ones.
  • Automated Retention Actions in Gov Cloud – US government tenants can now use Power Automate to act on expired items.
  • 50+ Modern SharePoint Page Templates – No more pixel-pushing—get sleek, branded designs in a click.
  • New Insider Risk Email Indicators – Spot emails with attachments sent to free public domains or to oneself—cue the red flags.
  • Risky AI Activity Detection – Admins can now monitor for sensitive prompt usage and sketchy AI behavior.
  • Microsoft Defender XDR Integration – Insider Risk data will now flow into XDR for unified investigations.
  • Fabric Network Enhancements (Preview) – Private links and outbound access controls to lock down Fabric workspaces like Fort Knox.

Enhancements: Refinements You’ll Appreciate

  • HR Connector in Insider Risk Management – Apply the updated PowerShell script or risk issues.
  • Exclude Folders from OneDrive Sync – Control bloat and protect endpoints.
  • Reduce Noise in Communication Compliance – Filter out newsletters and spam to surface real threats.
  • On-Demand Classification – Retroactively classify sensitive content in SharePoint/OneDrive.
  • New Teams Role: Teams Reader – View-only access in the admin center. Great for auditors or curious execs.
  • View and Upload Anyone Links – Strike a balance between accessibility and control.
  • Global Exclusions in Insider Risk – Now supports more logical rules to cut alert fatigue.
  • DLP + Administrative Units – SharePoint DLP policies can now be scoped by administrative units. Finally.
  • Targeted IRM Policies – Use combinations of users, groups, and adaptive scopes for laser-focused risk management.

Functional Changes: What’s Evolving

  • SharePoint Online CDN Migration – Allow public-cdn.sharepointonline.com and stop relying on hardcoded links.
  • Teams DLP Reports – Incident notifications now come from both old and new sender addresses.
  • Exchange Federation Cmdlet ChangesGet-FederationInformation is being scoped down.
  • Audit Log Cmdlets Go Read-Only – No changes/downloads after June for Search-MailboxAuditLog and New-MailboxAuditLogSearch.
  • Separate Policy Tip Settings – Customize email notifications separately for SharePoint and OneDrive DLP.

Action Needed: Do This Now

  1. Viva Engage External Networks – Legacy networks will be retired June 1, 2025. Transition to modern external networks now to avoid disruption.
  2. Microsoft Defender SIEM Agents – After June 19, 2025, no new agents can be configured. Move to supported APIs to future-proof your integration.

Final Thoughts

If you’re managing Microsoft 365 in an enterprise setting, June is a no-joke month for updates. With new features that improve automation, security, and governance—and retirements that could leave gaps if ignored—it’s vital to stay proactive.

Bookmark this post, forward it to your team, and prep your change calendar. Because in IT, those who fail to plan… usually end up on a 2 a.m. call with their CISO.

Stay sharp, stay current—and keep your tenant tight.

Thank you for stopping by. ✌️

Office 365 – Export Email Addresses and UPN of O365 users with PowerShell

by

I will go over steps on how to export the list of users with their UPN, Object ID, primary SMTP address and Alias email address.

The Get-AzureADUser cmdlet comes in handy to pull all the user details in this scenario. The Mail attribute contains the Primary SMTP address of the user and the Primary SMTP address and Alias email address are stored in the ProxyAddresses attribute in Azure AD. The ProxyAddresses attribute is a multi-value property. The Primary SMTP address can be easily identified as it is in this format, SMTP:user@emaple.com The upper-case SMTP denotes that it the primary email address.

When an object is synced from on-premise Active Directory to Azure AD, the values in the proxyAddresses attribute in AD are compared with Azure AD rules and then populated in Azure AD. So, the values of the proxyAddresses attribute in AD may not match the ProxyAddresses attribute in AzureAD.

Export all users to csv file

The below script will pull all Azure AD users,

Connect-AzureAD

$Output = @() #create an empty array

$AzureADUsers = Get-AzureADUser -All $true | Select DisplayName,UserprincipalName,ObjectId,Mail,ProxyAddresses #Get all Azure AD users

ForEach ($User in $AzureADUsers)
{
	$Output += New-Object PSObject -property $([ordered]@{ #fetch user detail and add to $output
		UserName = $User.DisplayName
		UserprincipalName = $User.UserprincipalName
		UserId = $User.objectId
		SMTPAddress = $User.Mail
		AliasSMTPAddresses = ($User.ProxyAddresses | Where-object {$_ -clike 'smtp:*'} | ForEach-Object {$_ -replace 'smtp:',''}) -join ','
		
	})
}
$Output | Export-csv "C:\tmp\O365Users_$((Get-Date).ToString("MMddyyyy_HHmmss")).csv" -NoTypeInformation -Encoding UTF8 #Export users to csv file

Output file,

csv output

Thank you for stopping by.✌

Office 365 – Block Basic Authentication

by

Microsoft recently announced they will disable basic authentication for all M365 tenants. This deadline has been pushed postponed due to the impact of COVID-19 across the globe.

Latest update: The latest from Microsoft is, effective October 1, 2022 Basic authentication will be disabled in all tenants.

The following components of Exchange Online will be affected,

  • Exchange Web Services(EWS)
  • POP
  • IMAP
  • Exchange ActiveSync
  • Remote PowerShell

Why is this a big deal?

Basic authentication uses username and password for client access requests. This used to be the industry standard during the time which organizations didn’t understand the cost of security breaches. It poses a significant security risk as Business Email Compromise (BEC) scams have exposed organizations to billions of dollars in potential losses. Check out this 2019 report from ProofPoint that goes into details.

Disabling Basic Authentication will help protect Exchange Online from brute force or password spray attacks. As the above mentioned report goes into, IMAP-based password-spraying campaigns are very effective in particular.

Beyond all this, Basic Authentication doesn’t enforce MFA and this should be the biggest driver for organizations to move away from it.

Is Basic Authentication enabled in your tenant?

Here is how to check if Basic Authentication is enabled in your tenant,

Screenshot above shows how to check if ‘Basic Auth’ is enabled in tenant

Determine who is using Basic Authentication in your tenant

Before you turn off basic authentication for protocols, view your sign-in reports in the ‎Azure AD‎ portal to determine who is using it in your organization.

This can be determined using sign-in logs in Azure AD.

In your Azure AD admin center, Click the ‘Sign-in logs’ blade.,

  • Select ‘Last 1 month‘ in the Date
  • Add a ‘Client app‘ as a second filter, choose all options under the ‘Legacy Authentication Clients‘ and click ‘Apply
Azure AD sign-ins | Basic Auth filter

With this report information, you can contact the application and account owners to determine why Basic Authentication is still in use. This information will also come in handy later if you are planning to allow exceptions to these accounts/applications. I’ve covered it later in this post.

Disable Basic Authentication

Before you begin,

  • Verify Modern Authentication is enabled
  • Verify your email clients are Modern Authentication capable

In this post, I’ve elaborated how to block Basic Authentication using Azure AD conditional access.

IMO, the easiest method to disable Basic Authentication is to use authentication policies.

With Authentication policies you can,

  • Apply a default organization level policy that blocks Basic Authentication
  • Apply a per user policy to allow certain protocols. Example: ActiveSync

Create Authentication Policy

This creates an authentication policy named ‘Block Basic Auth’

New-AuthenticationPolicy -Name "Block Basic Auth"

When you create a new authentication policy without specifying any protocols, Basic Authentication is blocked for all client protocols in Exchange Online.

The default value of the AllowBasicAuth* parameters (switches) is False for all protocols.

Set Default Authentication Policy

The default policy is assigned to all users in the tenant who don’t have a specific policy assigned to them. To configure the default authentication policy for the organization, use this:

Set-OrganizationConfig -DefaultAuthenticationPolicy "Block Basic Auth"

To verify that a default authentication policy is configured,

Get-OrganizationConfig | Format-Table DefaultAuthenticationPolicy

Create user specific authentication policies

Authentication policies assigned to users take precedence over the default organization policy.

  • To enable Basic authentication for a specific protocol that’s disabled, specify the switch without a value
  • To disable Basic authentication for a specific protocol that’s enabled, use the value :$false

In this scenario, I’m creating an authentication policy to allow ActiveSync. This is sometimes typical in organizations where users will have Intune managed devices but would like to add second O365 email from a different tenant. The Outlook app prevents this but the built-in mail app can be used with ActiveSync to fetch email.

New-AuthenticationPolicy -Name "Allow ActiveSync" -AllowBasicAuthActiveSync
New policy to allow ActiveSync

This example assigns the policy named ‘Allow ActiveSync’ to the user account ‘JoniS’

$Id = Read-Host "Enter user's email address"
Set-User -Identity $Id -AuthenticationPolicy "Allow ActiveSync"

To confirm the policy is assigned,

Get-User -Identity $Id | fl AuthenticationPolicy
Assign policy to user and confirm assignment

To assign a policy to a list of users, fill text file with the user’s UPN one per line.,

$LM = Get-Content "C:\Scripts\AllowAuthActiveSync.txt"
$LM | foreach {Set-User -Identity $_ -AuthenticationPolicy "Allow ActiveSync"}

To get all users assigned to a policy you need to get the policy’s DN using the cmdlet Get-AuthenticationPolicy,

$PolicyId = Read-Host "Enter policy ID in distinguished name format"
Get-User -Filter "AuthenticationPolicy -eq '$PolicyId'"
Assign policy to user, confirm and get all users assigned to a policy
Determine policy DN using ‘Get-AuthenticationPolicy’

By default, when you create or change the authentication policy assignment on users or update the policy, the changes take effect within 24 hours. If you want the policy to take effect within 30 minutes, use the following syntax:

$Id = Read-Host "Enter user's email address"
Set-User -Identity $Id -STSRefreshTokensValidFrom $([System.DateTime]::UtcNow)

This example below immediately applies the authentication policy to multiple users. As I’m in the same PowerShell session and haven’t changed the variables you used to identify the users,

$LM | foreach {Set-User -Identity $_ -STSRefreshTokensValidFrom $([System.DateTime]::UtcNow)}

Depending on your organizational requirement, you can create additional authentication policies allowing other protocols and assigning it to users.

And it’s highly recommended to keep track of these users and eventually remove these exceptions.

Thank you for stopping by. ✌