Microsoft 365 Admin Annual Digest – A 2023 Roundup  

✅ This year, AdminDroid had your back, tackling nearly 11,500 threats!  
✅ This year, we helped you save around 1350 hours by giving automation plans!  
✅ This year, we kept you in the loop with 50+ fresh updates from Microsoft 365!  

We’ve been your sidekick in enhancing Microsoft 365 security and management all year long! So, to catch up on crucial blogs you might’ve missed, we’ve rounded up the essential AdminDroid blogs from 2023. Let’s look into it! 
 

A Month of Cybersecurity Awareness – 31 Security Tips Uncovered! 

We kicked off a 31-day series of 31 Microsoft 365 security best practices in October 2022💡, which took off with flying colors! And so, we followed the series in 2023 too by sharing advanced Microsoft 365 security practices. Just like before, these blogs have made admins with tightened access controls, and advanced threat detection features and laid the foundation of robust security posture.  

Now, let’s take a sneak peek at the blogs that were well-celebrated by M365 admins among the 31 cybersecurity blogs. 

1. Smart Lockout in Microsoft Entra 

Normal lockouts can turn into unintended traps for genuine users, unfairly locking them out due to forgotten or mistyped passwords. The savior?  

Configure smart lockout in Microsoft Entra ID, that uses advanced analysis of factors such as location, IP, and password patterns of the sign-in request before locking out. This sophisticated mechanism distinguishes potential attackers from genuine users. 

2. SharePoint Online Security Best Practices 

As collaboration heightens, so does the importance of SharePoint security. The looming threats due to uncontrolled site sharing, potential data loss, and external sharing to untrusted domains emphasize the need for robust security measures. 

So, we have compiled the top 15 SharePoint Online security best practices under a single roof, which helps you to securely share your valuable resources in SPO.  

This includes, 

• Configure external sharing settings in the SharePoint admin center 
• Manage access requests in SharePoint Online 
• Apply retention labels to files in SPO 
• Apply sensitive labels to files in SharePoint 

3. Restrict Guest User Invitations in Microsoft Entra 

Microsoft extends its capability for effective external collaboration by allowing us to invite guest users. However, there’s a checkpoint! Did you know that, by default, anyone, including guest users, can invite other guests? That shouldn’t be, right?  

To manage this in your organization, we have detailed the steps on how to effectively restrict guest user invitations in Microsoft Entra ID. Learn, configure, and manage secure access to your M365 resources! 

4. Information Barrier for Enhanced Microsoft 365 Security 

Consider a team handling an organization’s sensitive information. This team must be prevented from communicating or sharing data with a specific other team. How will you do that?  

Microsoft Purview information barriers emerged as a solution, allowing flexible control over user communication in Microsoft Teams, SharePoint, and OneDrive. 

Automate Microsoft 365 Onboarding and Offboarding with AdminDroid Articles  

In a world where things are getting automated💯, why not make the complex Microsoft 365 onboarding and offboarding processes automated🤔? We’ve done just that using PowerShell and Power Automate. Let’s dive into how we made these processes simpler and more efficient. 

1. Automate Microsoft 365 User Onboarding with Power Automate  

We’ve crafted two comprehensive blogs to streamline the Microsoft 365 onboarding and user provisioning process. These guides make integrating new users and configuring their accounts a breeze, ensuring a smooth and efficient experience.

1. You can implement automated Microsoft 365 user provisioning using Power Automate that include tasks like manager approval, manager assignment, and email notifications. 

2. Also, we have extended the automated Microsoft 365 user onboarding workflow to do tasks like adding users to Microsoft 365 groups, adding users to Teams, assigning Microsoft 365 licenses, updating user properties, and granting file access to Microsoft 365. 
   

Apart from handling Microsoft 365 user onboarding tasks, you can also do tasks like saving email attachments in SPO using PowerAutomate. 

2. Automate Microsoft 365 User Lifecycle Process with Workflows in Entra

✅Automated Lifecycle Workflow for User Onboarding- The lifecycle workflow template in Entra ID comes packed with 3 different templates for pre-hire, new-hire, post-hire onboarding phases.

• Follow our steps to create automated M365 user onboarding using lifecycle workflows. 

✅Automated User Offboarding with Lifecycle Workflows- Offboarding tasks like removing users from groups and revoking licenses should be done promptly to minimize security risks in Microsoft 365.

• So, be secure with automated M365 offboarding using lifecycle workflows and implement employee termination tasks at the right time at the right people. 

✅Handle Microsoft 365 User Role Changes with Workflow- Don’t stop with just onboarding and offboarding tasks!

• You can go the extra mile by automating user role changes with lifecycle workflows. It will effortlessly take care of tasks from resigning group memberships to reconfiguring access package management in Microsoft 365. 

Your Go-to PowerShell Blogs for Microsoft 365 Security 

For those who are not well-versed in Power Automate executions, PowerShell is the only way for automation💡, isn’t it? And we threw our focus on PowerShell to simplify the manual processes. Here are some of the PowerShell related blogs that achieved the attention of the Microsoft 365 admins in 2023! 

1. Automate User Offboarding Using PowerShell 

Concern about missing out on any crucial offboarding tasks? No need to worry!

Automate user offboarding tasks with PowerShell, which will effortlessly do the 14+ offboarding tasks with just a click. 

• Disable the Microsoft 365 user account. 
• Reset user password. 
• Remove Microsoft 365 group memberships. 
• Remove Microsoft 365 admin roles. 
• Wipe mobile devices associated with the account. 
• Sign out from all user sessions. 
• Convert user mailbox to shared mailbox and more. 

2. Get the Last Successful Sign-in Date for Microsoft 365 Users 

Hereafter, admins can easily identify inactive users by their last successful login time using the latest LastSuccessfulSignInDateTime property.  

So, we made use of this property and built a PowerShell script that successfully exports 10+ last sign-in reports using built-in filtering parameters. Here are some of the reports you can get using the given PowerShell script. 

• Export all external users’ last successful sign-in time. 
• Retrieve the last successful log-in time for all the licensed users. 
• Find inactive users based on their inactive days.  
• Exports the last successful sign-in date for all the sign-in enabled users. 

3. Disable Access to Exchange Online PowerShell 

Granting access to Exchange Online PowerShell for all Microsoft 365 users can lead to serious consequences, including privilege escalation, unauthorized access, and compliance violations.  

To address this, we’ve a PowerShell approach to disable remote PowerShell access for either bulk users or specific individuals. 

4. Disable Self Service Purchase for Microsoft 365 Products 

Self-service purchase capability allows users to buy Microsoft 365 products such as Power Automate, and Power BI independently, without the need to depend on IT admins! This could result in license management problems, unauthorized purchases, and a whole host of other issues! To address this, you need to block self-service purchases for Microsoft 365 products using PowerShell. In late September Microsoft brought a 60-day self-service trial for Microsoft Teams Premium.

So, our blog guides you to disable self-service purchase of Microsoft 365 products for your users using the MS Commerce PowerShell module. Your search ends here—grab the details! 

Most Essential AdminDroid Blogs in 2023 

We’ve consistently prioritized the meticulous handling of essential security configurations and the comprehensive reporting of all M365 resources. Let’s delve into the closer details of our approach. 

📢 Microsoft Entra ID Security Settings and Reports 

1. System Preferred MFA – Turning system-preferred MFA on will let Microsoft automatically push users to the strongest authentication method during sign-ins, regardless of the default choice. 

2. Access Reviews in Microsoft Entra – Create access reviews in Entra ID to do regular assessment of user permissions, group memberships, role assignments to guarantee that only authorized users retain their access. 

3. Guest User Access Restrictions in Entra – By default, every guest can invite other guests, posing a security loophole. Therefore, configure guest user access restrictions in Entra ID to give the right level of access to guest users in Microsoft 365. 

4. Allow or Block List Policy in Entra – Unintentional /accidental invites to external users can let the attackers to sneak in! So, set the allow/block list policy in Microsoft Entra ID and have control invitations for secure B2B collaboration. 

5. Registration Campaign in MS Entra – If your users are still relying on weak auth like SMS and voice calls, then it’s time to make use of the “registration campaign in Entra ID” and nudge your users to use the “MS Authenticator” for MFA. 

6. Entra ID Recommendation – Ensure a better understanding of your organization security and health with Microsoft brought Entra ID recommendations. We have compiled crucial recommendations such as, 

• Convert per user MFA to Conditional Access MFA 
• Move users to MS Authenticator 
• Remove unused application in Microsoft Entra ID 
• Migrate MFA and SSPR policies to Authentication Methods policy 

7. Entra Security Features – Other than the above security measures, AdminDroid comes with 12 vital Entra security features in Microsoft 365 that every admin should enable in the organization without fail! 

8. Built-in Microsoft Entra Reports – Gain insights with 8+ built-in Entra reports in Microsoft 365 to track user activities, monitor risky sign-ins, CA policy changes- all in one guide. 

📢 Everything You Need to Know About Exchange Online 

1. ZAP in Exchange Online – There is a possibility of spam and malware emails even after being delivered to an inbox! But don’t worry! You can combat post-delivery email threats with ZAP in Exchange Online, which quarantines and deletes malware emails that slip through filtering policies. 

2. Crucial Email Security Configurations – When it comes to Microsoft 365 email security, as an admin you shouldn’t just stick to the basic security configs. So, explore  15 email security best practices that cover external email warning tags, data loss prevention, and implementation of robust email authentications like SPF, DKIM, DMARC, and more on the list!

3. Exchange Online Reports in Microsoft 365 – Keep your organization in top-notch condition by regularly keeping an eye on Exchange Online. Our guide walks you through important built-in Exchange Online reports in Microsoft 365, providing valuable insights into email activity, mailbox size, message flow, message trace, and more. 

 
📢 Essential Teams Features and Reports 

1. Teams Security Best Practices – You can take steps to have secure collaboration with these 8 Microsoft Teams security practices. This includes top moves like configuring sensitivity labels, and conditional Access integration in Teams, which helps you ensure the right balance between collaboration and security.

2. Native Microsoft Teams Reports – To avoid potential data breaches, make use of the built-in MS Teams usage reports distributed within the Microsoft 365 admin center and Teams admin centers. This will give you a 360-degree view of your Teams by giving insights into Teams’ user activity, usage audits, and more. 

📢 Must-know SharePoint Online Fundamentals 

1. SharePoint Online Sharing and Access Configurations – Giving high access and sharing privileges for users in SPO can have significant effect in the M365 security. So, to effectively control and prevent unauthorized data access and sharing, we’ve detailly compiled 8 key aspects for managing access and sharing in SPO.  

2. Conditional Access Policies for SPO – Conditional Access policy, which always stands as a great defense; when combined with SPO, double up the security! So, we have gathered some necessary Conditional Access policies for SharePoint security, which include MFA requirements, device condition checks, and some more. Have a look! 
 
3. SharePoint Usage and External Sharing Reports – You can gain control over your SPO by simply monitoring through periodic reviews of consolidated built-in reports. Our compilation brings together scattered SharePoint usage and sharing reports from various admin centers into one place. From site usage to external sharing monitoring, track everything effortlessly!. 

📢 Microsoft OneDrive Security Essentials in a Nutshell 

1. Restrict Domain Sharing in OneDrive – You can gain control over whom your users can share information by restricting domain sharing in OneDrive. So that you can prioritize access controls, implement secure sharing protocols, and limit sharing by domains for controlled external sharing in Microsoft 365. 

2. Built-in OneDrive Activity Reports – There are 10 + built-in OneDrive reports available in Microsoft 365 which help you to track users’ file activities, track OneDrive storage quota, list of OneDrive active files, and more. If your instincts raise a flag about suspicious user activity or potential malicious actions, these built-in OneDrive reports can be your go-to for clarification. 

Microsoft Ignite Updates 2023 

This year, Microsoft Ignite happened last November and brought many updates. So, in a way to keep everyone on the tabs, we plan to bring the important updates information to you immediately. So, here are the updates that shined during the Ignite session and its brief overview. 

1. Auto Rollout of Microsoft-managed Conditional Access policies  

Microsoft rolled out three automatic Conditional Access policies to strengthen the baseline defense in Microsoft 365.  

The three Microsoft-managed CA policies are, 

• Require MFA for admin portals 
• Require MFA for per-user MFA users 
• Require MFA for high-risk users 

2. SharePoint Online Premium 

Microsoft latently announced the Microsoft SharePoint Online Premium which will be available this 2024 is a platform built with machine learning and AI technologies for effective content management. 

Microsoft SharePoint Online Premium brings the attention of the admins with its features of content processing, content governance, and content experiences and solutions making our SharePoint an easy-to-navigate one.  

3. Advanced Collaboration Analytics in Microsoft Teams Premium

Microsoft recently released ‘Advanced collaboration analytics in MS Teams Premium,’ offering enhanced monitoring of external collaboration and control over internal communications.

We’ve outlined the valuable insights you can glean from the analytics dashboard. Take a closer look to discover the benefits. 

New Microsoft 365 Updates in 2023 

We’ve always aimed to keep you up to date with all Microsoft 365 updates without missing a beat🔔! That’s why we’ve committed to delivering crucial M365 updates promptly. And, in a way, a few got well recognized and welcomed by M365 admins. Here are a few: 

1. Multi-tenant Organization in Teams – The latest key feature “multi-tenant organization in Entra ID” can be extended to use in new Teams for Windows clients. With MTO in Teams you can  

• Discover user profiles with Microsoft 365 people search.  
• Manage cross-tenant notifications.  
• Join meetings and call in another tenant. 

2. Leaked Credential Report – Attackers usually post the stolen credentials in dark web and public GitHub repositories. Hereafter, you can easily get the victim users whose credentials are leaked using the newly introduced leaked credential report in Entra ID. 

Also, don’t miss out on the must-knows – Microsoft 365 Archive for SharePoint and suppressing authenticator notifications from risky sources.

Keep Track of Deprecations & New Features in Microsoft 365 

Sometimes, you may discover that the settings you’ve configured are missing, or new options and features suddenly appear in your organization without notice. These situations arise due to a lack of follow-up on deprecations and new enhancements! 

 To assist you amid your busy schedule, we consistently update two blogs: “End of milestones in Microsoft 365” and “upcoming Microsoft 365 changes.”  

If keeping up with Microsoft’s monthly updates feels overwhelming, let us simplify it for you! With the “upcoming Microsoft 365 changes” blog, you can learn about all the deprecations or new updates in a single place. It’s like a handy roadmap/message center with all the latest announcements in one convenient place. Bookmark this now and stay informed! 

Our “end of milestones in Microsoft 365” blog conveniently brings all deprecations or phased-out features into view, making it quick and easy for you to catch any missed updates within seconds. 

Microsoft 365 Memes That Made Every Admin Laugh! 

Visuals often steal the show, speaking louder than words in a blog💯. So, in the spirit of cybersecurity awareness month, we took a creative turn by expressing complex concepts through memes💡. 

Here’s a meme that conveys the strong MFA method, and MFA deprecation in a creative way. 

As an M365 admin, you know what coffee means to you. 

As MS Online and Azure AD are going to deprecate on March 30, 2024, it’s time to move to an all-in-one MS Graph PowerShell module.

We’re confident that our Microsoft 365 blogs have been a game-changer for your unique needs and ventures. The journey doesn’t end here—rest assured; we’re already gearing up to roll out a fresh set of insightful blogs this year, specifically tailored to address your evolving needs. Stay tuned! 

  Happy reading!