CIAOPS Need to Know Microsoft 365 Webinar–September


The September webinar is here. This month we’ll take a closer look at Microsoft Teams. You’ll learn what Teams is and how it integrates with the rest of the services available in Microsoft 365. I’ll again be using Microsoft Teams Live Events to host this, so by being part of this you’ll also see how this great technology from Microsoft functions. There will also be the latest Microsoft Cloud news as well as Q and A plus loads more. I’d love if you’d come along and be part of this.

You can register for the regular monthly webinar here:

September Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – September 2019
Friday 20th of September  2019
11am – 12am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

There of course will also be open Q and A so make sure you bring your questions for me and I’ll do my best to answer them.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

or purchase them individually at:

Also feel free at any stage to email me directly via with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

Techwerks 9–Melbourne 22nd November


I am happy to announce that Techwerks 9 will be held in Melbourne on Friday the 22nd of November. The course is limited to 20 people and you can sign up and reserve your place now! You reserve a place by completing this form:

or  sending me an email ( expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into the Microsoft Cloud including Microsoft 365, Azure, Intune, security and PowerShell configuration and scripts, with a focus on enabling the technology in SMB businesses.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:

Gold Enterprise Patron = Free

Gold Patron = $33 inc GST

Silver Patron = $99 inc GST

Bronze Patron = $176 inc GST

Non Patron = $399 inc GST

Due to demand for a business only focused event I’m announcing the very first CIAOPS Execwerks to also be held in the Melbourne the day before, on the 21st of November from 12pm – 8pm. This separate event is strictly limited to 15 people and will focus on the helping attendees develop the business side of their cloud practice. It will provide tactics, tips and techniques on improving your go to market approach using the Microsoft cloud. Importantly, you’ll also learn from others in this interactive session as to what works and what doesn’t work plus gain from others in the space.The aim of Execwerks is to take your business to the next level of profitability.

To be part of this inaugural event you’ll need to visit:

or  sending me an email ( expressing your interest and to receive more details.

Both sessions are strictly limited in numbers, so make sure you sign up quickly as places always fill very fast.

I hope to see you there.

Check your journaling rules

One of challenges with security is that there are lots of places to check and secure but only one vulnerability required for compromise. Most compromises happen at the user level but there are also other places that you may want to keep an eye. One of the is the journaling rules in Exchange Online.

Now, journaling rules can only generally be configured by an administrator. According to:

“Journaling can help your organization respond to legal, regulatory, and organizational compliance requirements by recording inbound and outbound email communications.”

That means it maybe possible to record email traffic and forward it to another location. That may mean for example, a rogue administrator setting up a journaling rule to send the CEO’s emails to their own private external email box.

Defending against rogue admin is tough and requires some planning. The least that you could do is check any existing journaling rules and ensure that only required ones appear.


You can do this by visiting the Exchange Online Admin Center. From here select Compliance Management then journal rules as shown above.

As you can see there are no journal rules in this tenant and it is my experience that most tenants don’t use journaling at all. That doesn’t mean there isn’t legitimate reasons for having journaling rules. All I’m saying is that you should check what you have and ensure it is right.

As always, I find that using PowerShell is a much quicker way to report on this using the command:


The reason which checking journaling is important, is because as I understand it, journaling won’t show up in the audit logs for the tenant. This means that once it was surreptitiously enabled, it could run unreported in the background, collecting information unknown to everyone? That is a bad thing.

The best solution against rogue administrators in general is Privileged Access Management (PAM) in Office 365:

Configuring Privileged Access Management

which is typically only included in advanced Microsoft 365 licensing like E5. This, unfortunately, puts it beyond the reach of many. So, for the time being, keep an eye on your journaling rules and check to see where they maybe sending your information.


New Safe Links option

An eagled eye CIAOPS Patron spotted this new option in Office 365 ATP Safe Links:


Wait for URL scanning to complete before delivering the message


You get to this via the Security and Compliance Centre, Threat Management, Policy, Safe Links. You then select the lower policy option as shown above.

I had a look at the PowerShell for this policy:


Indeed, there is now an option:


as shown above.

Interestingly, there is no mention of this option yet in the:


documentation. So I thought I’d try adding it to the existing policy anyway.


No error, which is a good sign.


Checking back in the GUI, you can now see that option is set.

So, there is now a nice new shiny option that you can set Office 365 ATP Safe Links to prevent a message being delivered to an end user until the links have been fully checked. This now matches the policy option for safe attachments. You can also set this option via PowerShell.

Need to Know podcast–Episode 214

I chat with MVP Microsoft Mark O’Shea about the Microsoft 365 technical information from the recent Microsoft Inspire in Las Vegas. The focus is not on the partner information but the technical announcements from the conference, and yes there were plenty. Brenton and I are also back together to bring you up to date with everything that is happening in the Microsoft Cloud. Enjoy the episode.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think –

You can listen directly to this episode at:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.






Microsoft 365 Dark Mode

What’s new in Microsoft 365 [VIDEO]

New to Microsoft 365 in August

Outlook Flow connector changes

Higher tech for higher ed

Soft Delete for Azure Backup Virtual Machines

Microsoft Azure available from new cloud region in Switzerland

Requested features for list groups

Enhanced QuickEdit for SharePoint Online

Meet the new Outlook on the web

Azure Sentintel

Windows 7 end of support

Office 2010 end of support

Microsoft 365 Security and Compliance

Conditional Access

Windows Virtual Desktop

Edge Insider Enterprise preview

Microsoft 365 Training Day: Security and Compliance day


CIAOPS Techwerks 8 – Adelaide October 2019

CIAOPS Techwerks 9 – Melbourne November 2019

Not all characters are created the same


I was up late doing some PowerShell coding to set alerts on mailboxes in Microsoft 365 and I had everything working nicely as you can see above. At this stage I was just using the standard PowerShell ISE to execute the code.

I had also been updating the code with Visual Studio Code so I could then push it up to my GitHub repositories. Just before call it quits I now ran the scripts directly from the command prompt which is where the Visual Studio Code version had been saved. In essence, at the command prompt, I ran:


When I did this I now received the following error:


How is that possible? The code on the disk via Visual Studio Code is exactly the same as the code I had been working with directly in the PowerShell ISE. I don’t understand why I am getting this error.

I spent quite a long time trying to resolve the issue but to no avail. Out of desperation, the following morning,  I contacted PowerShell guru Elliot Munro from GITS for help.

Long story short, Elliot pointed out that from the error it appeared to be:

an issue with the em dash character, the one in front of AuditDelegate is a different dash compared to the other parameters ( – instead of – ). I guess running it from the command line doesn’t automatically convert it to the standard dash like ISE does.

BINGO we have a winner. Changing the dash to the “right” one fixed that problem immediately! Elliot, you are a legend and life saver.


As you can see from the above, there is very slight difference in the dash at front of the parameter. The top one is the one that works, the bottom one is the one that causes the error. No much in it eh? However, that was all it took to waste a few hours of my time late at night looking for an answer.

Hopefully, this article get found by others who may have the same issue and error in PowerShell and I can ‘pay forward’ Elliot’s assistance.

A hidden gem


Microsoft has a hidden gem squirrelled away at:

You also get access to it via Delve:


In short, it a “wellness” dashboard to report on your interactions using Microsoft 365. It’s available in most tenants right now, so you can go and have a look at your own version.


I especially like the Network option that shows you who you communicate with.


You can also display that as a list and interesting read and response times for each contact as well as select from Active, External, New and Important.


You get After-hours breakdowns as you see above,

image image

As well as suggestion cards for improved productivity and wellness as shown above.

If you want to know how it all works visit:

Now all of this is great, but my concern it is not really front and centre. Most people who have Microsoft 365 don’t even know Delve exists is my sad experience. Many are also unlikely to visit the URL directly. Thus, I’m a little concerned about the fate of this handy tool. Non-mainstream items in Microsoft 365 tend to end up being discontinued. I hope this won’t be the case for MyAnalytics. I’ve provided feedback that maybe the option for a weekly email with a summary report is a worthwhile addition. I think it also need more depth in the information it provides to be a compelling place for most users. at the moment, it is a ‘nice to see’ not a ‘must see’ and to survive it needs that I believe.

Hopefully, this is just the beginning of the features that will be brought to the service. Go and have a look for yourself and make some suggestions as to what you’d like to see.

Waiting to upgrade to a Communications Site?

Microsoft have placed on their roadmap that you can run the following PowerShell command:


to upgrade a classic site collection to a modern site collection.

However, the documentation at:


Enables the modern communication site experience on an existing site. At this time, based on early adopter feedback, we have decided to postpone rolling out this feature. We apologize for any inconvenience and will communicate a new schedule via Message Center, once it is available. We expect to have an update in the Q3 time frame

and when you actually try it you get:


So it looks like we’ll have to wait a little longer. Hopefully not too much longer.