Month: April 2025

Join me at Channel Guru

CHG-Logo-Symbol-Only_FA_RGB_HR

I am happy to say that I’m a member of the Channel Guru team, here to help you with your business.Channel Guru is a new community with some outstanding experts in their field. From sales to marketing, off shoring and a whole lot more. As web site says:

We’ve searched the industry for top experts in key fields to help you succeed

Each Guru brings unique ‘Guru Superpowers,’ whilst their content is delivered through a consistent platform design, ensuring easy navigation for members

  • Weekly ‘GuruCasts’
  • Content specific engaging ‘GuruChats’
  • Business Templates & Guides​
  • Additional Offers​

Our goal is to optimize your time by carefully reviewing and handpicking only the most powerful guides and templates to share with you.

I’d love for you to join me and the other ‘guru’s in the community and you can do so with my special affiliate link:

https://guru.channelguru.com/a/2148095315/oAvgVPeC

I’m looking forward to sharing my knowledge with community member, so come and join us


Minimum Viable Configuration for Microsoft Sentinel

mvc-sent

What is the the Minimum Viable Configuration (MVC) for Microsoft Sentinel aimed at protecting a small business (SMB), the setup steps, and the estimated costs.

Understanding the Goal of an MVC for Sentinel in an SMB Context

The goal isn’t to catch every sophisticated nation-state attack, but to provide fundamental visibility and detection for common threats targeting SMBs, such as:

  1. Compromised Credentials: Detecting suspicious sign-ins, impossible travel, etc.

  2. Malware/Ransomware: Leveraging endpoint protection alerts.

  3. Phishing & Email Threats: Monitoring Office 365 activity.

  4. Basic Cloud Misconfigurations/Anomalies: Using built-in cloud security alerts.

The MVC focuses on leveraging the security signals already generated by the Microsoft ecosystem (assuming the SMB uses Microsoft 365 and Azure AD).

Minimum Viable Configuration (MVC) Components

  1. Azure Subscription: The foundation for all Azure services.

  2. Log Analytics Workspace: The data repository where Sentinel stores and analyzes logs. Configured for Pay-As-You-Go pricing initially.

  3. Microsoft Sentinel Instance: Enabled on top of the Log Analytics Workspace.

  4. Core Data Connectors (Focus on Free/Included Tiers First):
    • Azure Active Directory (Entra ID):
      • Sign-in Logs (Requires Azure AD P1 or P2 license) – Crucial for credential compromise detection.
      • Audit Logs (Free) – Tracks admin activity.

      • Azure AD Identity Protection Alerts (Requires Azure AD P2 license) – High-fidelity alerts for risky users/sign-ins. If P2 isn’t available, rely more heavily on Sign-in log analytics.
    • Microsoft 365 Defender (Recommended if licensed): This single connector can ingest alerts from:

      • Microsoft Defender for Endpoint (if using MDE Plan 1/2 or Defender for Business)

      • Microsoft Defender for Office 365 (if using Plan 1/2)

      • Microsoft Defender for Identity (less common in pure SMB cloud setups)

      • Microsoft Defender for Cloud Apps

      • Benefit: Ingesting Alerts via this connector is often free.
    • Office 365 (Alternative/Supplement to M365 Defender):
      • Exchange Online & SharePoint Online audit logs (Standard Audit is generally free to ingest). Essential for tracking file access, mail rule changes, etc.
    • Azure Activity Log (Free): Tracks subscription-level events (creating VMs, changing settings). Important for basic Azure infrastructure security hygiene.
  5. Essential Analytics Rules (Start with Templates):
    • Enable built-in Microsoft Security templates related to the connected data sources. Focus on:

      • Suspicious Azure AD Sign-in activity (Impossible travel, unfamiliar locations, logins from known malicious IPs).

      • Anomalous Office 365 activity (e.g., mass file downloads/deletions, suspicious inbox rule creation).

      • Alerts forwarded from Microsoft Defender products (e.g., Malware detected, phishing email reported).

      • Basic Azure activity anomalies (e.g., unusual resource creation/deletion).
  6. Incident Management: Rely on the built-in Sentinel Incident queue for manual review and investigation.

What’s NOT in this MVC (to keep it minimal):

  • Third-Party Data: No logs from non-Microsoft firewalls, servers, or applications initially.

  • Advanced Analytics: No custom rules, machine learning models (beyond built-in ones), or complex threat intelligence feeds initially.

  • SOAR/Automation: No automated response playbooks initially. Response is manual review and action.

  • Extensive Workbooks/Dashboards: Rely on default views.

  • Long Data Retention: Stick to the default or included retention (often 90 days free with Sentinel).

Setup Steps

  • Prerequisites:

    • An Azure Subscription.

    • Appropriate Permissions: Contributor or Owner on the Azure subscription/resource group; Global Administrator or Security Administrator role in Azure AD/Microsoft 365 to authorize connectors.

    • Relevant Licenses: Microsoft 365 Business Premium (includes Defender for Business, Azure AD P1), M365 E3/E5, or standalone licenses (Azure AD P1/P2, Defender plans) are highly recommended for the data sources.

  • Step 1: Create a Log Analytics Workspace

    1. Log in to the Azure portal (portal.azure.com).

    2. Search for “Log Analytics workspaces” and click “Create”.

    3. Choose your Subscription and Resource Group (create a new one if needed, e.g., RG-Security).

    4. Provide a Name (e.g., LAW-CompanyName-Security).

    5. Select a Region (choose one geographically close or with specific compliance needs).

    6. Select the Pricing Tier: Start with Pay-as-you-go.

    7. Review and Create.

  • Step 2: Enable Microsoft Sentinel

    1. Search for “Microsoft Sentinel” in the Azure portal and select it.

    2. Click “Add” or “Create”.

    3. Select the Log Analytics Workspace you just created.

    4. Click “Add Microsoft Sentinel”. Deployment takes a few minutes.

  • Step 3: Configure Data Connectors

    1. Once Sentinel is deployed, navigate to your Sentinel workspace.

    2. Go to Configuration -> Data connectors.

    3. Find and configure the following connectors (prioritize based on your licenses):

      • Azure Active Directory: Connect Sign-in logs and Audit logs. Requires authorization. If you have Azure AD P2, also connect Azure AD Identity Protection.

      • Microsoft 365 Defender: If you have relevant Defender licenses, connect this. It streamlines alert ingestion. Requires authorization. Configure it to sync alerts. This is often the most cost-effective way to get Defender alerts.
      • Office 365: If not using the M365 Defender connector for O365 data, or if you want raw logs beyond alerts, connect this. Select Exchange and SharePoint. Requires authorization.

      • Azure Activity: Connect this. It’s straightforward and free.
    4. For each connector, open its page, click “Open connector page”, and follow the specific prerequisites and configuration steps (usually involves ticking boxes and granting permissions).

  • Step 4: Enable Analytics Rules

    1. In Sentinel, go to Configuration -> Analytics.

    2. Go to the Rule templates tab.

    3. Filter by Data Sources (e.g., Azure Active Directory, Office 365, Microsoft 365 Defender).

    4. Look for rules tagged Microsoft Security. These are often high-quality and maintained by Microsoft.

    5. Select relevant templates (e.g., “Sign-ins from IPs that attempt sign-ins to disabled accounts”, “Malware detection by Microsoft Defender Antivirus”, “Suspicious inbox manipulation rule”, “Impossible travel activity”).

    6. For each chosen template, click “Create rule”.

    7. Review the rule logic (you can accept defaults for MVC). Ensure it’s set to Enabled.

    8. Configure Automated response later; leave it empty for MVC.

    9. Create the rule. Start with 5-15 key rules covering identity, endpoint, and email threats.

  • Step 5: Monitor Incidents

    1. Regularly (daily is recommended) check the Threat management -> Incidents blade in Sentinel.

    2. Review new incidents, assign them, investigate the alerts and entities involved, and close them with appropriate classifications.

Expected Monthly Costs

This is highly variable, but let’s break it down:

  1. Log Analytics Ingestion:

    • Free Tier: Many security alerts ingested via the Microsoft 365 Defender connector and Azure Activity logs are free. Office 365 standard audit logs are also often free.

    • Paid Data: The primary cost driver will be paid data sources ingested. Azure AD Sign-in logs are a common paid source. The volume depends heavily on user count and activity.

    • Estimate: For a small business (e.g., 10-50 active users), ingesting only essential paid logs like Azure AD Sign-ins might result in 0.5 GB to 5 GB per month (this is a rough estimate). Some sources estimate ~1GB/month per 100 users for just sign-in logs, but activity varies hugely.

    • Cost: Log Analytics Pay-As-You-Go ingestion is roughly $2.76 per GB (price varies slightly by region, check current Azure pricing).

  2. Sentinel Analysis Cost (Pay-As-You-Go):

    • Sentinel charges for analyzing the data ingested into Log Analytics. The PAYG rate is often similar to the Log Analytics ingestion rate, around $2.46 per GB (check current pricing).

    • Important: Data sources that are free to ingest into Log Analytics (like M365 Defender alerts, Azure Activity) are typically also free to analyze in Sentinel. You only pay Sentinel analysis costs on the paid data ingested into Log Analytics.

  3. Log Analytics Retention:

    • The first 90 days of data retention are typically included free with Sentinel enabled.

    • Storing data beyond 90 days incurs a small storage cost (e.g., ~$0.12 per GB per month). For an MVC, sticking to 90 days is recommended.

Cost Summary Estimate for MVC:

  • Scenario 1: Strict MVC using mostly FREE alert sources: If you rely heavily on the free ingestion from the M365 Defender connector (for endpoint/email alerts), Azure Activity, and standard Office 365 audit logs, and don’t ingest Azure AD Sign-in logs (or have very low volume), your direct Sentinel/Log Analytics costs could be very low, potentially $0 – $20 per month.

  • Scenario 2: MVC including Azure AD Sign-in Logs: If you add Azure AD Sign-in logs (highly recommended for security), assuming 1-5 GB/month ingestion:

    • Log Analytics Ingestion: 1-5 GB * ~$2.76/GB = $2.76 – $13.80

    • Sentinel Analysis: 1-5 GB * ~$2.46/GB = $2.46 – $12.30

    • Total Estimated Direct Cost: Roughly $5 – $30 per month.

Crucial Caveats on Cost:

  • Licensing Costs: This estimate does not include the cost of Microsoft 365 licenses (e.g., Business Premium, E3, E5) or standalone Azure AD P1/P2 licenses required to generate the security signals in the first place. These are often the larger part of the overall security spend.

  • Data Volume Variance: Actual data volume can vary significantly based on user activity, configured logging levels, and enabled features.

  • Pricing Changes: Azure pricing can change. Always refer to the official Azure pricing calculator for the most current information.

  • Commitment Tiers: If data volume grows significantly (e.g., consistently over 100 GB/day, which is unlikely for this SMB MVC), Commitment Tiers for Sentinel and Log Analytics offer discounts but require upfront commitment.

In conclusion, a minimum viable Sentinel setup focusing on free alert ingestion and essential paid logs like Azure AD Sign-ins can be quite affordable for an SMB, likely falling in the $5 – $30 per month range for direct Azure consumption costs, plus the necessary Microsoft 365/Azure AD licensing costs. Remember that someone needs the time and basic knowledge to monitor the incidents generated.

Creating an Automated Agent to Post Historical Computer Events in Teams Daily

image

I recently did a video here –

Video link = https://www.youtube.com/watch?v=KZkhK41lynI

but I’ve now been able to produce the following steps for your to replicate this.

Automate Daily Updates in Teams with Copilot Studio & Power Automate: A Step-by-Step Guide

Ever wanted a little bot to automatically post daily updates, fun facts, or important reminders into your Microsoft Teams channel? Maybe a “This Day in History” update, a daily project status reminder, or a motivational quote?

In this guide, we’ll walk through how to build an automated agent using Microsoft Copilot Studio and Power Automate that posts information to a Teams channel on a daily schedule. We’ll use the example from the video: creating a bot that posts significant computer history events for the current day.

What You’ll Need:

  1. A Microsoft 365 account.

  2. Appropriate licenses to use Power Automate and Copilot Studio.

  3. Access to Microsoft Teams and permission to post in a specific channel.

The Overall Process:

We’ll create a system with a few interconnected parts:

  1. Power Automate Flow #1 (Trigger): Runs once a day on a schedule.

  2. Copilot Studio Agent: Receives a prompt from Flow #1, uses its general knowledge (AI) to find the relevant information (e.g., historical events).

  3. Copilot Studio Topic: Takes the AI-generated response and triggers another flow.

  4. Power Automate Flow #2 (Action): Receives the formatted response from the Copilot Topic and posts it to a designated Teams channel.

Let’s break it down!

Step 1: Create Your Copilot in Copilot Studio

  1. Navigate to Microsoft Copilot Studio.

  2. Create a New Copilot. Let’s name it “History Bot” for this example (the video used “History”).

  3. Configure Basic Details:

    • Name: History Bot

    • Description: An agent that posts historical events daily.

    • General Instructions: Use general knowledge to create a list of historical events that happened on this day relating to computers. (Adapt this instruction based on the type of information you want the bot to post).

  4. Enable Orchestration: Ensure the “Use generative AI to determine how best to respond…” toggle under Orchestration is Enabled. This allows the Copilot to understand the instructions and use AI.

  5. Configure Knowledge:

    • Go to the Knowledge section (you might need to scroll down or find it in the left navigation).

    • Ensure “Allow the AI to use its own general knowledge” is Enabled. This lets the bot search the web based on your instructions. We won’t add specific documents for this example.

Step 2: Create the Daily Trigger Flow (Power Automate Flow #1)

This flow starts the process each day.

  1. Go to Microsoft Power Automate.

  2. Create a New Flow > Scheduled cloud flow.

  3. Configure the Trigger:

    • Give your flow a name (e.g., “Daily History Trigger”).

    • Set the schedule: Repeat every 1 Day.

    • Choose a specific time for it to run (e.g., 12:45 PM as shown in the video).

  4. Add Action: Send Prompt to Copilot:

    • Click “+ New step”.

    • Search for and select the “Copilot Studio” connector.

    • Choose the action “Sends a prompt to the specified copilot for processing (Preview)”.

    • Select your Copilot: Choose the “History Bot” (or whatever you named it) from the dropdown.

    • Prompt: Enter the text you want to send to the Copilot each day. Based on the video and our Copilot instructions, this would be something like: Please tell me about today in history with computers.

  5. Save this flow.

Step 3: Create the Posting Topic in Copilot Studio

This topic handles the response from the AI and sends it to the next flow for posting.

  1. Go back to your History Bot in Copilot Studio.

  2. Navigate to the Topics section.

  3. Optional Cleanup: The video creator removed the default/generic system topics. You might want to do this for a dedicated bot like this to keep things clean, but it’s not strictly necessary.

  4. Create a New Topic > From blank.

  5. Name the Topic: Call it “Post Result”.

  6. Configure the Topic Trigger:

    • Click on the default “Phrase” trigger and delete it.

    • Add a new trigger. Select the trigger type: AI response generated (or similar wording like “On Generated Response”). This means the topic starts after the Copilot AI has formulated its answer based on the prompt from Flow #1.

  7. Add Action: Call Power Automate Flow:

    • Click the + below the trigger and select Call an action > Create a flow. This will open Power Automate in a new tab to create Flow #2.

Step 4: Create the Posting Flow (Power Automate Flow #2)

This flow takes the Copilot’s response and posts it to Teams.

  1. Power Automate should have opened with a trigger “When an agent calls the flow (Preview)”. This trigger will have an input field ready.

  2. Define Input:

    • Click on the trigger step.

    • Add an input of type Text. Name it something descriptive like CopilotResponseContent. This is where the Copilot topic will pass the AI’s generated text.

  3. Add Action: Post to Teams:

    • Click “+ New step”.

    • Search for the “Microsoft Teams” connector.

    • Select the action “Post message in a chat or channel”.

    • Post as: Choose Flow bot.

    • Post in: Select Channel.

    • Team: Select the Team you want to post to.

    • Channel: Select the specific Channel within that Team.

    • Message: Click in the message box. The dynamic content panel should appear. Select the CopilotResponseContent input variable you defined in the trigger step. This inserts the text generated by the Copilot.

  4. Add Action: Respond to Agent:

    • Click “+ New step”.

    • Search for “Copilot Studio” connector.

    • Select the action “Respond to the agent”. (This step simply tells the Copilot topic that the flow has finished). You usually don’t need to add outputs here for this simple scenario.

  5. Save this flow. Give it a name like “Post History Bot Result to Teams”.

Step 5: Connect the Topic to the Flow

  1. Go back to the Copilot Studio tab where you were editing the “Post Result” topic.

  2. The “Call an action” step should now let you select the flow you just created (“Post History Bot Result to Teams”). Select it.

  3. Map Inputs: You’ll see the CopilotResponseContent input field you created in Flow #2. You need to tell the topic what to send to this input.

    • Click the input field.

    • Select the lightning bolt icon (Insert variable).

    • Go to the System variables.

    • Find and select Response.FormattedText. This variable holds the final, formatted answer from the Copilot’s AI generation process.

  4. End the Topic: Add a final step to the topic: End conversation > End current topic.

  5. Save the topic.

Step 6: Testing and Troubleshooting

  1. Test Flow #1: In Power Automate, open the “Daily History Trigger” flow. Click Test > Manually > Run flow. This simulates the daily schedule.

  2. Check Copilot Activity: In Copilot Studio, go to the Activity tab for your “History Bot”. You should see a new session started by the “History Trigger”. It will show steps like “Knowledge sources used” and eventually call the “Post Result” topic.

  3. Check Teams: Look in the designated Teams channel. The message should appear shortly after the flows run successfully.

  4. Troubleshooting Connection Issues (Common Problem):

    • Symptom: In the Copilot Studio Activity > Transcript view, you might see the process get stuck on “Waiting for user” and display a card saying “Additional permissions are required to run this action. To proceed, please select ‘Connect’…” This usually means the connection for Flow #2 (posting to Teams) isn’t working correctly.

    • Problem: The “Connect” button on that card might not work reliably.

    • Workaround 1 (Recommended): In Copilot Studio, go to the Test your agent pane > click the More options (…) menu > Manage connections. This opens the connection management page. Find the connection related to your “Post History Bot Result to Teams” flow (it will likely show an error or ask for reconnection) and fix it, ensuring it’s properly authenticated to Teams.

    • Workaround 2 (Advanced): As shown in the video, you can use your browser’s Developer Tools (F12). Inspect the non-working “Connect” button element in the transcript view. Find the aria-label or similar attribute containing a URL (it will look something like https://copilotstudio.microsoft.com/c2/tenants/…/user-connections). Copy this URL, paste it into a new browser tab, and follow the prompts to fix the connection.

    • After fixing the connection, you may need to re-test Flow #1.

Conclusion

That’s it! You’ve now built an automated system where Power Automate triggers a Copilot Studio agent daily, the agent uses AI to generate content, and another Power Automate flow posts that content into Teams.

You can adapt the Copilot’s instructions, the trigger schedule, and the final Teams message formatting to suit countless automation needs. Happy automating!

How your business can unlock more potential from Microsoft OneNote

image

OneNote’s strength lies in its flexibility and integration, making it much more than just a digital notepad.

Here are ways to better leverage OneNote, highlighting commonly overlooked features with detailed examples:

I. Enhancing Collaboration and Knowledge Sharing

  • Overlooked Feature: Deep Internal Linking (Beyond Basic Page Links)

    • What it is: Creating links not just to other pages or sections, but directly to specific paragraphs within a OneNote page.

    • Why it’s powerful: Allows for incredibly granular cross-referencing. You can connect specific action items in meeting minutes directly to the relevant background information in a project brief, or link a step in an SOP directly to a detailed explanation elsewhere.

    • Detailed Example:
      • Scenario: Your team is working on Project Alpha. You have a central “Project Alpha Overview” page, separate pages for “Meeting Minutes,” and a “Technical Specifications” section.

      • How to use: In the “Meeting Minutes – Oct 26” page, you record an action item: “ACTION: Sarah to verify server capacity requirements.” Instead of just linking to the entire “Technical Specifications” section, right-click the specific paragraph discussing server capacity in the “Server Specs” page and select “Copy Link to Paragraph.” Then, paste this link next to Sarah’s action item in the meeting minutes.

      • Benefit: When Sarah (or anyone) reviews the action item, clicking the link jumps them precisely to the relevant paragraph about server capacity, saving significant time hunting for the information. This creates a highly interconnected and efficient project knowledge base.

  • Overlooked Feature: Using Tags for Actionable Insights (Beyond Simple To-Do)

    • What it is: OneNote has built-in tags (To Do, Important, Question) but also allows creating custom tags. You can then use the “Find Tags” feature to generate summary pages based on these tags across multiple pages, sections, or even entire notebooks.

    • Why it’s powerful: Turns scattered notes into organized, actionable lists. Perfect for tracking decisions, follow-ups, ideas, or specific types of information across various contexts (meetings, projects, client notes).

    • Detailed Example:
      • Scenario: A customer support team uses a shared OneNote notebook for tracking complex support issues.

      • How to use: They create custom tags like ?WaitingOnClient, !EscalateToTier2, #FeatureRequest, @ClientName. During calls or investigations, agents tag relevant notes accordingly.

      • Benefit: At the end of the week, the team lead can use “Find Tags” -> “Create Summary Page.” They can generate a page listing all items tagged !EscalateToTier2 to review escalations, another for #FeatureRequest to send to the product team, or filter by @ClientName combined with ?WaitingOnClient to see all pending client responses for a specific customer. This aggregates critical information instantly.

  • Overlooked Feature: Standardized Templates for Consistency

    • What it is: Creating custom page templates that can be applied when creating new pages within a section.

    • Why it’s powerful: Ensures consistency in note-taking for recurring tasks like meeting minutes, project status reports, client intake forms, or employee onboarding checklists. Saves time and standardizes information capture.

    • Detailed Example:
      • Scenario: A project management office (PMO) wants all project managers to follow a consistent format for weekly status reports.

      • How to use: They create a page with predefined sections: “Key Accomplishments This Week,” “Planned Activities Next Week,” “Risks/Issues,” “Decisions Needed,” “Budget Update.” They then save this page as a template (usually via Page Templates pane -> Save current page as a template). They can even set this template as the default for the “Status Reports” section in the shared PMO notebook.

      • Benefit: Every time a PM adds a new page in the “Status Reports” section, it automatically uses this structure. This makes reports easier to write, read, and compare across projects.

II. Improving Information Capture and Retrieval

  • Overlooked Feature: Audio Recording Synced with Notes

    • What it is: Recording audio directly within OneNote while simultaneously typing notes. OneNote timestamps your notes relative to the audio playback.

    • Why it’s powerful: Captures the full context of conversations (meetings, interviews, client calls) that might be missed in typed notes. Clicking on a note you typed later will jump the audio playback to the exact moment you typed it.

    • Detailed Example:
      • Scenario: An HR representative is conducting an employee interview. They are taking notes in OneNote but want to ensure they capture nuances and exact phrasing.

      • How to use: They start an audio recording (Insert -> Audio Recording) in OneNote at the beginning of the interview. As they type key points, OneNote subtly links the text to the recording timestamp.

      • Benefit: When reviewing the notes later, if a typed point like “Candidate mentioned interest in X role” seems unclear, clicking that text will instantly play the audio recording from the moment the candidate discussed it, providing full context and exact wording without having to scrub through the entire recording.

  • Overlooked Feature: Powerful Search Capabilities (OCR & Audio Search)

    • What it is: OneNote search goes beyond typed text. It performs Optical Character Recognition (OCR) to search text within inserted images (like photos of whiteboards, scanned documents) and can even search for spoken words within audio and video recordings (requires indexing, may take time after insertion).

    • Why it’s powerful: Makes ALL inserted content searchable, not just typed notes. Find information hidden in images or meeting recordings instantly.

    • Detailed Example:
      • Scenario: An engineering team takes photos of whiteboard brainstorming sessions and inserts them into their project notebook. A marketing team records brainstorming audio sessions.

      • How to use (OCR): Weeks later, an engineer needs to find the diagram related to the “power coupling.” They simply search “power coupling” in OneNote. OneNote search results will include the image of the whiteboard where that term was written.

      • How to use (Audio): A marketing team member needs to recall when the term “Synergy Campaign” was discussed. Searching for “Synergy Campaign” can highlight the audio recordings where that phrase was spoken (allow time for indexing after recording/inserting).

      • Benefit: Dramatically increases the value of visual and audio information capture, making it easily retrievable later.

  • Overlooked Feature: “Send to OneNote” Tool & Web Clipper

    • What it is: The “Send to OneNote” tool acts like a virtual printer, allowing you to send content from almost any application (like a PDF report, an email thread, a document) directly to a specified OneNote page. The Web Clipper browser extension lets you easily clip articles, sections of pages, or full pages directly into OneNote.

    • Why it’s powerful: Centralizes information from diverse sources into OneNote without manual copy-pasting. Great for research, collecting project resources, or archiving important communications.

    • Detailed Example:
      • Scenario: A research analyst is gathering information for a market report from various websites, PDF reports, and email discussions.

      • How to use: They use the OneNote Web Clipper to save relevant web articles directly to their “Market Research” notebook section. For a crucial PDF report, they use File -> Print -> Send to OneNote. For an important email thread in Outlook, they use the “Send to OneNote” button directly within Outlook.

      • Benefit: All research materials are consolidated in one searchable location within OneNote, regardless of their original format or source. This simplifies organization and later analysis.

III. Streamlining Personal and Team Workflows

  • Overlooked Feature: Integration with Outlook Tasks

    • What it is: You can flag notes or lines of text within OneNote as Outlook Tasks, complete with due dates and reminders. These tasks then appear in your Outlook To-Do list.

    • Why it’s powerful: Connects note-taking and action items directly to the primary task management system for many users (Outlook). Ensures follow-ups captured in meetings or notes aren’t forgotten.

    • Detailed Example:
      • Scenario: During a team meeting documented in OneNote, several action items are assigned.

      • How to use: Select the text of an action item (e.g., “John to finalize budget proposal”). Right-click (or use the Home tab) and select the Outlook Tasks flag. Choose a due date (e.g., “Tomorrow”).

      • Benefit: This action item now appears in John’s Outlook Tasks list, with a link back to the original OneNote page for context. He gets reminders via Outlook, integrating his notes directly into his daily workflow.

  • Overlooked Feature: Version History for Pages

    • What it is: OneNote automatically saves previous versions of a page whenever changes are made (especially in shared notebooks). You can view and restore previous versions.

    • Why it’s powerful: Acts as a safety net against accidental deletions or unwanted changes. Provides an audit trail in collaborative environments to see who changed what and when. Allows reverting to earlier ideas.

    • Detailed Example:
      • Scenario: A team is collaboratively editing a project plan in a shared OneNote notebook. Someone accidentally deletes a critical section.

      • How to use: Right-click the page tab (or go to History tab -> Page Versions). A list of previous versions with timestamps and author appears. Find the version before the deletion occurred and click “Restore.”

      • Benefit: The deleted content is instantly recovered. Alternatively, if there’s confusion about why a certain decision was documented, viewing page versions can show who added that text and when, facilitating clarification.

Actionable Steps for Your Business:

  1. Assess Current Usage: Understand how teams are currently using OneNote. Are they aware of these features?

  2. Targeted Training: Don’t just do generic OneNote training. Focus sessions on specific features relevant to different roles (e.g., Project Managers on Tags & Templates, Researchers on Web Clipper & Audio Recording, All Staff on Internal Linking & Outlook Tasks). Use real business scenarios in training.

  3. Develop & Share Best Practices: Create simple guides or internal knowledge base articles (perhaps in a shared OneNote!) demonstrating how to use these features effectively for common company workflows. Define naming conventions for shared notebooks/sections.

  4. Promote Template Usage: Identify key recurring documents/notes (meeting minutes, project updates) and create official company templates. Encourage or mandate their use for consistency.

  5. Appoint OneNote Champions: Identify enthusiastic power users within different teams who can help colleagues, share tips, and provide feedback on what’s working.

  6. Encourage Integration: Ensure employees know how to connect OneNote with Outlook (Tasks, Meeting Details) and potentially Microsoft Teams (OneNote tab in channels).

By actively promoting and training employees on these often-overlooked OneNote features, your business can significantly enhance collaboration, knowledge management, and overall productivity.

How to configure Microsoft 365 for maximum native data recovery

image

Understanding Native Recovery vs. Backup

It’s crucial to understand that Microsoft 365’s native features focus on data retention, versioning, and recovery from accidental deletion or modification, primarily for compliance, legal holds, and user errors. They are not a traditional point-in-time backup solution that protects against all scenarios (like widespread ransomware encryption beyond versioning limits, catastrophic service failures, or malicious admin actions wiping configurations). Microsoft operates on a Shared Responsibility Model.

Key Concepts for Maximizing Native Recovery Time

  1. Retention Policies (Microsoft Purview): This is the MOST IMPORTANT tool for maximizing recovery time. Retention policies ensure data is kept for a specified period, regardless of user actions (like deletion). Data subject to a retention policy is typically moved to a hidden, preserved location when deleted by a user.

  2. Litigation Hold / In-Place Hold: Similar to retention policies but often used for specific legal cases. They preserve all mailbox or site content indefinitely or until the hold is removed. Holds generally override deletion policies.

  3. Versioning: Automatically saves previous versions of files in SharePoint Online and OneDrive for Business, allowing users to restore older copies.

  4. Recycle Bins: A two-stage system for deleted items/files, providing a buffer before permanent deletion.

  5. Recoverable Items Folder (Exchange Online): A special folder in user mailboxes that stores deleted items, items purged from Deleted Items, and modified versions of items (if Single Item Recovery is enabled).

Configuration Steps for Maximum Recovery Time (Service by Service)

1. Exchange Online (Email, Calendar, Contacts, Tasks)

  • Configure Retention Policies (Microsoft Purview Compliance Portal):
    • Goal: Keep email data for the longest possible duration required by your organization (e.g., 7 years, 10 years, or even indefinitely for specific regulatory needs).

    • How:
      • Go to the Microsoft Purview compliance portal (compliance.microsoft.com).

      • Navigate to Data lifecycle management > Microsoft 365 > Retention policies.

      • Create a new policy.

      • Name & Description: Give it a clear name (e.g., “Exchange – Max Retention”).

      • Locations: Select Exchange mailboxes. Choose specific mailboxes or apply to all.

      • Retention Settings:
        • Choose Retain items for a specific period.

        • Select Forever or the maximum duration required (e.g., 10 years).

        • Set Retain items based on: Choose When items were created or When items were last modified based on your needs.

        • At end of retention period: Choose Do nothing (if you only want retention) or Delete items automatically (if you need cleanup after the retention period). For maximum recovery potential during the period, “Do nothing” is simpler, relying on deletion actions triggering preservation.
      • Review and create the policy. Allow time for it to apply (can take up to 24 hours, sometimes longer for large organizations).
  • Configure Recoverable Items Folder Quota & Retention:
    • The default retention for items in the Recoverable Items folder (when not under hold/retention policy) is 14 days, extendable to 30 days via PowerShell.

    • However, if a mailbox is subject to a Retention Policy (set to Retain) or Litigation Hold, items are kept in the Recoverable Items folder (specifically the Purges or DiscoveryHolds subfolders) effectively indefinitely or for the duration of the policy/hold, regardless of the 14/30 day setting. The main limit becomes the storage quota.

    • Increase Quota (If Necessary): The default quota is 30 GB, with an auto-expanding archive providing an additional 100 GB (up to 1.5 TB for certain licenses). For very high-volume mailboxes under indefinite hold, you might monitor this, but it’s usually sufficient. Use PowerShell Set-Mailbox <mailbox_identity> -RecoverableItemsQuota <value> -RecoverableItemsWarningQuota <value> if needed, though holds often trigger the auto-expansion.
  • Enable Litigation Hold (Alternative/Supplement to Retention Policies):
    • Can be enabled per mailbox via the Exchange Admin Center or PowerShell (Set-Mailbox <mailbox_identity> -LitigationHoldEnabled $true -LitigationHoldDuration <days> or leave duration off for indefinite).

    • Often used for specific users/cases but achieves similar preservation to a “Retain Forever” policy.
  • Deleted Mailbox Retention: By default, deleted mailboxes are kept for 30 days (soft-deleted) and can be recovered during this period. This is generally fixed.

2. SharePoint Online (Team Sites, Communication Sites, Document Libraries)

  • Configure Retention Policies (Microsoft Purview Compliance Portal):
    • Goal: Retain documents and site content long-term.

    • How:
      • Similar to Exchange, create a Retention Policy in Purview.

      • Locations: Select SharePoint classic and communication sites. Choose specific sites or apply to all.

      • Retention Settings: Choose Retain items for a specific period (e.g., Forever, 10 years) based on Created date or Last modified date. Choose Do nothing or Delete at the end of the period.

      • Preservation Hold Library: When a retention policy is active, deleted or modified content is preserved in this hidden library within the site collection, consuming storage quota.
  • Configure Versioning:
    • Goal: Allow restoration of previous file versions.

    • How:
      • Go to the Document Library settings > Versioning settings.

      • Ensure Create major versions is enabled.

      • Set Keep the following number of major versions: Increase this significantly. The technical maximum is 50,000, but a high number like 500 or 1000 is usually practical and provides substantial recovery capability. Consider storage implications.

      • You can also enable minor versions if needed, but major versions are key for rollback.
  • Recycle Bin Settings:
    • The total retention time for the user Recycle Bin + Second-Stage Recycle Bin (Site Collection Recycle Bin) is 93 days. This is generally not configurable per site. Items automatically move from the first to the second stage after 30 days (unless emptied sooner) and are purged after the total 93 days. Retention Policies/Holds override this purging for covered content.

3. OneDrive for Business (User Personal Files)

  • Configuration is very similar to SharePoint Online:
    • Retention Policies (Purview): Create policies targeting OneDrive accounts. Apply to specific users or all users. Set long retention periods.

    • Versioning: Enabled by default, typically storing 500 versions. You can verify/adjust this in the user’s OneDrive Settings > Return to Classic OneDrive > Library Settings > Versioning Settings (though accessing this directly might change). The key is that high versioning is usually on by default.

    • Recycle Bin: Same 93-day, two-stage process as SharePoint, generally not configurable.

    • Files Restore: A key OneDrive (and SharePoint Library) feature allowing users/admins to restore the entire OneDrive/Library to a point in time within the last 30 days. This is excellent for mass deletion/corruption/ransomware recovery within that window. It relies on version history.

    • Deleted User OneDrive Retention: When a user account is deleted, their OneDrive content is retained for a default of 30 days (configurable up to 3650 days / 10 years via SharePoint Admin Center > Settings > OneDrive Retention). Access can be delegated to a manager during this time. After this period, the OneDrive enters a deletion process unless under a hold/retention policy. Configure this setting to your maximum desired timeframe.

4. Microsoft Teams (Chats, Channel Messages, Files)

  • Data Storage: Understand where Teams data lives:

    • 1:1 and Group Chats: Stored in hidden folders within the participants’ Exchange Online mailboxes.

    • Standard Channel Messages: Stored in a hidden folder within the Microsoft 365 Group mailbox associated with the Team.

    • Private/Shared Channel Messages: Stored in dedicated mailboxes associated with those channels (or user mailboxes for shared channels).

    • Files (Standard Channels): Stored in the associated SharePoint Team site’s Document Library (in a folder named after the channel).

    • Files (1:1/Group Chats): Stored in the OneDrive for Business account of the user sharing the file.

    • Files (Private/Shared Channels): Stored in dedicated SharePoint sites associated with those channels.
  • Configure Retention Policies (Purview):
    • You MUST configure retention policies specifically for Teams data, in addition to Exchange/SharePoint policies.

    • Create a policy targeting:

      • Teams channel messages: Covers standard/private/shared channel conversations.

      • Teams chats: Covers 1:1 and group chats (including Teams meeting chats).
    • Set your desired long retention period (e.g., Forever, 10 years).

    • Important: Ensure your Exchange and SharePoint/OneDrive retention policies also cover the underlying storage locations for comprehensive protection.

Native Recovery Methods (Without Third-Party Tools)

Exchange Online:

  1. Deleted Items Folder: User recovers recently deleted items (Outlook/OWA).

  2. Recover Deleted Items: User recovers items purged from Deleted Items or hard-deleted (Shift+Del), accessing the Recoverable Items Folder (Outlook/OWA). Limited by the 14/30 day window unless under hold/retention.

  3. Restore Deleted Mailbox: Admin recovers a soft-deleted mailbox within 30 days (Admin Center/PowerShell).

  4. eDiscovery Search (Purview): Admins (with permissions) search for and export mailbox content preserved by Retention Policies or Litigation Holds, even if deleted by the user years ago. This is the primary method for long-term recovery under retention.

  5. Recover Mailbox Items (PowerShell): Admins can use Search-Mailbox (older) or New-ComplianceSearch + New-ComplianceSearchAction -Purge -PurgeType SoftDelete/HardDelete (newer, more complex) to find and potentially recover specific items, often from the Recoverable Items folder. New-MailboxRestoreRequest can restore content from a soft-deleted or inactive mailbox to another mailbox.

SharePoint Online / OneDrive for Business:

  1. Recycle Bin (First Stage): User restores their own deleted files/items from the site/OneDrive Recycle Bin.

  2. Second-Stage Recycle Bin: Site Collection Admin restores items deleted from the first-stage Recycle Bin. (Total 93-day window combined).

  3. Restore Previous Version: User/Admin restores a file to an earlier state using the version history (available via File > Version History in Office apps, or the context menu in SharePoint/OneDrive web).

  4. Files Restore (OneDrive & SharePoint Libraries): User (OneDrive) or Site Admin (SharePoint Library) restores the entire OneDrive or Document Library content to a previous point in time within the last 30 days. Excellent for mass deletions/changes. Access via Settings gear > Restore your OneDrive / Restore this library.

  5. Restore Deleted Site: Admin restores a deleted SharePoint site collection within 93 days (SharePoint Admin Center > Deleted sites).

  6. eDiscovery Search (Purview): Admins search for and export documents/items preserved by Retention Policies or Holds from SharePoint sites/OneDrive accounts, even if deleted from Recycle Bins. Primary method for long-term recovery under retention.

  7. Preservation Hold Library Access (Advanced/Admin): While not a typical user recovery method, admins can sometimes access this hidden library (usually via URL manipulation or eDiscovery) to find preserved versions if standard methods fail, though eDiscovery is preferred.

  8. Restore Deleted OneDrive: Admin restores a soft-deleted OneDrive (within the configured retention period) or delegates access (Admin Center).

Microsoft Teams:

  1. Undo Delete (Chats/Messages): Users have a very short window (seconds/minutes) to undo deleting their own message.

  2. File Recovery: Use the SharePoint/OneDrive methods above (Recycle Bins, Versioning, Files Restore) in the corresponding file storage location.

  3. eDiscovery Search (Purview): Admins search for and export Teams messages/chats preserved by Retention Policies. This is the primary method for recovering deleted conversations beyond the user’s ability.

Summary & Key Takeaways

  • Retention Policies are Paramount: Configure comprehensive retention policies in Microsoft Purview targeting Exchange, SharePoint, OneDrive, and Teams locations. Set retention durations to meet your maximum recovery time objective (e.g., 7 years, 10 years, Forever).

  • Leverage Versioning: Ensure SharePoint/OneDrive versioning is enabled with a high number of versions (e.g., 500+).

  • Understand Recycle Bins: Know the 93-day limit and the two stages.

  • Utilize Files Restore/Site Restore: This is powerful for recent (within 30 days) mass recovery scenarios.

  • Configure Deleted User Data Retention: Set appropriate retention for deleted OneDrive accounts and understand the 30-day mailbox retention.

  • Master eDiscovery: This Purview tool is essential for finding and recovering data preserved long-term by holds and retention policies.

  • Limitations: Remember native tools aren’t full backups. They don’t easily restore entire service configurations, protect against all ransomware scenarios perfectly, or offer granular point-in-time restores for all data types easily outside the specific features mentioned (like Files Restore).

By carefully configuring these native features, particularly retention policies and versioning, you can significantly extend the window for data recovery within Microsoft 365 without relying on third-party backup solutions. Always test your recovery procedures.

Creating an Automated Agent to Post Historical Computer Events in Teams Daily

Video link = https://www.youtube.com/watch?v=KZkhK41lynI

In this video, I walk you through the process of creating an automated agent that posts daily historical computer events in a Teams channel. Starting from copilotstudio.microsoft.com, I show you how to set up the agent, configure triggers, and manage connections. Learn how to troubleshoot common issues and ensure your agent runs smoothly. Join me as I share tips and insights to help you leverage AI for regular updates in your business. Don’t miss out on this practical guide to enhancing your team’s productivity with automation!

Best ways to monitor and audit permissions across a SharePoint environment in Microsoft 365

image

What are the best ways to monitor and audit permissions across a SharePoint environment in Microsoft 365. There isn’t one single “magic button,” but rather a combination of tools and practices that form the most effective approach.

The “best” way depends on your specific needs (scale, complexity, budget, compliance requirements), but generally involves a multi-layered strategy:

1. Leveraging Built-in Microsoft 365 Tools:

  • Microsoft Purview Compliance Portal (Audit Log):

    • What it does: Records actions related to permissions and sharing. This includes granting access, changing permissions, creating sharing links, accepting/revoking sharing invitations, adding/removing users from groups, etc.

    • Pros: Centralized logging across M365 services (not just SharePoint). Captures who did what, when. Essential for forensic auditing and tracking changes over time. Can set up alerts for specific activities.

    • Cons: Reports events, not the current state of permissions easily. Can generate a large volume of data, requiring effective filtering and analysis. Default retention might be limited (90 days for E3, 1 year for E5/add-ons, up to 10 years with specific licenses). Doesn’t give you a simple snapshot of “who has access to Site X right now“.

    • Best for: Auditing changes to permissions, investigating specific incidents, monitoring for policy violations (e.g., excessive external sharing).

  • SharePoint Site Permissions & Advanced Permissions:

    • What it does: The standard SharePoint interface (Site Settings > Site Permissions and Advanced permission settings) allows site owners and administrators to view current permissions on a specific site, list, or library. The “Check Permissions” feature is useful for specific users/groups.

    • Pros: Direct view of current permissions for a specific location. No extra tools needed. Good for spot checks by site owners or admins.

    • Cons: Entirely manual, site-by-site. Not feasible for auditing across the entire tenant. Doesn’t scale. Doesn’t show how permissions were granted (direct vs. group) easily in aggregate. Doesn’t provide historical data.

  • Site Usage Reports (Sharing Links):

    • What it does: Found under Site Settings > Site Usage, this includes reports on externally shared files and sharing links (Anyone, Specific People).

    • Pros: Quick overview of sharing activity for a specific site, particularly external sharing links.

    • Cons: Limited scope (focuses on sharing links, not inherited or direct permissions). Site-by-site basis.

  • PowerShell (SharePoint Online Management Shell / PnP PowerShell):

    • What it does: Allows administrators to scriptmatically query and report on permissions across multiple sites, lists, libraries, and even items (though item-level reporting can be slow). PnP PowerShell is often preferred for its richer feature set.

    • Pros: Highly flexible and powerful. Can automate the generation of comprehensive current state permission reports across the tenant. Can export data to CSV for analysis. Can identify broken inheritance, unique permissions, group memberships, etc. Free (part of M365).

    • Cons: Requires scripting knowledge. Can be slow to run across very large environments, especially if checking item-level permissions. Scripts need to be developed and maintained. Requires appropriate administrative privileges.

    • Best for: Periodic, deep audits of the current permission state across the environment. Generating custom reports. Automating permission inventory.

  • Azure AD Access Reviews (Requires Azure AD Premium P2):

    • What it does: Automates the review process where group owners or designated reviewers must attest to whether users still need access via Microsoft 365 Groups or Security Groups that grant access to SharePoint sites (often via the Owners, Members, Visitors groups).

    • Pros: Proactive governance. Engages business users/owners in the review process. Reduces permission creep over time. Creates an audit trail of reviews.

    • Cons: Requires Azure AD P2 license. Primarily focuses on group memberships, not direct permissions or SharePoint groups (though M365 groups are the modern standard). Requires setup and configuration.

    • Best for: Implementing regular, automated reviews of group-based access to ensure continued need.

2. Third-Party Tools:

  • What they do: Numerous vendors offer specialized SharePoint/Microsoft 365 administration, governance, and auditing tools (e.g., ShareGate, AvePoint, Quest, SysKit, CoreView, etc.).

  • Pros: Often provide user-friendly dashboards and pre-built reports for permissions auditing. Can simplify complex reporting tasks compared to PowerShell. May offer advanced features like alerting, automated remediation workflows, comparison reporting (permissions changes over time), and broader M365 governance capabilities. Can often combine state reporting and change auditing.

  • Cons: Cost (licensing fees). Can have their own learning curve. Reliance on a vendor for updates and support. Need to grant the tool potentially high privileges.

  • Best for: Organizations needing comprehensive, user-friendly reporting and management without extensive PowerShell expertise, or those requiring advanced features and workflows not available natively. Often essential for large, complex environments or those with stringent compliance needs.

Recommended Strategy (The “Best Way”):

For most organizations, the most effective approach is a combination:

  1. Configure & Monitor the Purview Audit Log: Ensure auditing is enabled and understand how to search/filter logs. Set up alerts for critical permission changes or sharing events (e.g., creation of “Anyone” links if disallowed, granting owner permissions). This covers ongoing change monitoring.

  2. Perform Regular Audits using PowerShell or a Third-Party Tool: Schedule periodic (e.g., quarterly, semi-annually) comprehensive audits to capture the current state of permissions across all relevant sites. Focus on:

    • Sites with broken inheritance.

    • Direct user permissions (should be minimized).

    • Membership of Owners groups.

    • External sharing status.

    • Usage of SharePoint Groups vs M365/Security Groups.
  3. Implement Azure AD Access Reviews (if licensed): Use this for regular recertification of access granted via M365 and Security groups, especially for sensitive sites.

  4. Establish Clear Governance Policies: Define who can share, what can be shared externally, how permissions should be managed (use groups!), and the responsibilities of Site Owners.

  5. Train Site Owners: Ensure they understand the principle of least privilege and how to manage permissions correctly within their sites using M365 groups primarily.

  6. Use Built-in UI for Spot Checks: Empower admins and site owners to use the standard SharePoint UI for quick checks on individual sites as needed.

By combining proactive monitoring (Purview), periodic deep audits (PowerShell/Third-Party), automated reviews (Access Reviews), and clear governance, you create a robust system for managing and auditing SharePoint permissions effectively.

CIA Brief 20250426

image

Copilot+ PCs are the most performant Windows PCs ever built, now with more AI features that empower you every day –

https://blogs.windows.com/windowsexperience/2025/04/25/copilot-pcs-are-the-most-performant-windows-pcs-ever-built-now-with-more-ai-features-that-empower-you-every-day/

Explore practical best practices to secure your data with Microsoft Purview –

https://www.microsoft.com/en-us/security/blog/2025/04/25/explore-practical-best-practices-to-secure-your-data-with-microsoft-purview/

Introducing ActorInfoString: A New Era of Audit Log Accuracy in Exchange Online –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-actorinfostring-a-new-era-of-audit-log-accuracy-in-exchange-online/4408093

Microsoft Purview eDiscovery is getting a unified, streamlined experience starting May 26, 2025! –

https://techcommunity.microsoft.com/blog/azurepurviewblog/microsoft-purview-ediscovery-is-getting-a-unified-streamlined-experience-startin/4407225

Advanced deployment guide for Conditional Access Policy templates –

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/advanced-deployment-guide-for-conditional-access-policy-templates/4406767

2025: The Year the Frontier Firm Is Born –

https://www.microsoft.com/en-us/worklab/work-trend-index/2025-the-year-the-frontier-firm-is-born

Expanding reference capabilities with Microsoft 365 Copilot in Word –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/expanding-reference-capabilities-with-microsoft-365-copilot-in-word/4406054

Announcing Agentic Automation with Bidirectional Integration between Microsoft Copilot Studio & UiPath –

https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/announcing-agentic-automation-with-bidirectional-integration-between-microsoft-copilot-studio-uipath/

More insights from Microsoft 365 Copilot’s document summary –

https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/more-insights-from-microsoft-365-copilot%E2%80%99s-document-summary/4405814

Service principal required for Microsoft Entra ID –

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/service-principal-required-for-microsoft-entra-id/4405796

Researcher agent in Microsoft 365 Copilot –

https://techcommunity.microsoft.com/blog/microsoft365copilotblog/researcher-agent-in-microsoft-365-copilot/4397186

Microsoft 365 Copilot: Built for the era of human–agent collaboration –

https://www.microsoft.com/en-us/microsoft-365/blog/2025/04/23/microsoft-365-copilot-built-for-the-era-of-human-agent-collaboration/

The 2025 Annual Work Trend Index: The Frontier Firm is born –

https://blogs.microsoft.com/blog/2025/04/23/the-2025-annual-work-trend-index-the-frontier-firm-is-born/

Microsoft Purview protections for Copilot –

https://techcommunity.microsoft.com/blog/microsoftmechanicsblog/microsoft-purview-protections-for-copilot/4406384

Getting started with the new Purview Content Search –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/getting-started-with-the-new-purview-content-search/4405757

End of support for Windows 10, Windows 8.1, and Windows 7 –

https://www.microsoft.com/en-us/windows/end-of-support?r=1

RSAC 2025 new Microsoft Sentinel connectors announcement –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/rsac-2025-new-microsoft-sentinel-connectors-announcement/4404177

Microsoft AutoUpdate: Security Improvements to ManifestServer –

https://techcommunity.microsoft.com/blog/microsoft365insiderblog/microsoft-autoupdate-security-improvements-to-manifestserver/4405454

Summarize your emails with Microsoft 365 Copilot –

https://www.youtube.com/watch?v=HOefmtSc7jQ

Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative –

https://www.microsoft.com/en-us/security/blog/2025/04/21/securing-our-future-april-2025-progress-report-on-microsofts-secure-future-initiative/

Microsoft Security Copilot in Intune deep dive – Part 1: Features available in public preview –

https://techcommunity.microsoft.com/blog/intunecustomersuccess/microsoft-security-copilot-in-intune-deep-dive-%E2%80%93-part-1-features-available-in-pu/4406244

Microsoft Security Copilot | Copilot with Endpoint Privilege Management (EPM) and Microsoft Intune –

https://www.youtube.com/watch?v=KcrTRahDYMQ

Microsoft Security Copilot | Copilot assistance for Troubleshooting with Microsoft –

https://www.youtube.com/watch?v=xHXRgappHoA

Write Better Prompts with Copilot –

https://www.youtube.com/watch?v=zOSPcmnS2VU

Microsoft and LinkedIn release the 2024 Work Trend Index on the state of AI at work –

https://blogs.microsoft.com/blog/2024/05/08/microsoft-and-linkedin-release-the-2024-work-trend-index-on-the-state-of-ai-at-work/

After hours

The World Needs AI, But There’s a Problem – https://www.youtube.com/watch?v=SpMIs6AnUW8

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week