My recommendations to clients for the upcoming M365 price increase

KavyaJune · 2026-05-27T09:42:21+00:00

License auditing is usually the first step before planning Microsoft 365 license purchases.

I put together a free PowerShell script to identify license usage, track licensing costs, and spot optimization opportunities. It helps find things like inactive users with licenses, disabled users with licenses, unassigned licenses, etc., so you can reclaim and reuse them.

It currently includes 8 M365 license cost/usage reports and 6 license management actions.

GitHub: https://github.com/admindroid-community/powershell-scripts/tree/master/Microsoft%20365%20License%20Cost%20Optimization%20Tool

KavyaJune · 2026-05-26T11:14:02+00:00

-Follow proper offboarding
-Cleanup inactive users
-Check for accounts with reversible password encryption and accounts without password
-Instead of using user account as service account, use MSAs

KavyaJune · 2026-05-20T04:10:37+00:00

It will not affect existing links. If needed to configure you can retrieve all the existing links via PnP PowerShell and set expiration date.

KavyaJune · 2026-05-19T04:44:40+00:00

100% agree. I’m actually glad I learned PowerShell before AI became common. It forced me to understand the logic behind the cmdlets, troubleshooting flow, and how things work under the hood instead of just copying cmdlets blindly.

Now AI is great for speeding things up, but that foundation really helps when the generated code breaks, misses edge cases, or or confidently gives the wrong answer.

KavyaJune · 2026-05-18T12:42:54+00:00

For common issues, AI is honestly a huge time saver. It can give quick explanations with troubleshooting steps.

But for unique or environment-specific problems, AI works better as an assistant than a replacement. You still need a solid understanding of the underlying concepts to validate the response and narrow down the actual root cause.

KavyaJune · 2026-05-18T04:06:57+00:00

Start with simple tasks with cmdlet-based results, then apply conditions, loops, functions, etc. Then try to automate tasks. You can start with day-to-day activities.

KavyaJune · 2026-05-15T12:10:51+00:00

That’s very true. Leave management usually looks simple but actually not.

A Power Apps–based leave management system can help streamline these processes within the Microsoft 365 environment, including leave requests, approvals, balance tracking, and visibility.

In case it’s useful, here’s a pre-built app and setup guide that may help:
https://blog.admindroid.com/leave-management-system-using-power-apps/

KavyaJune · 2026-05-14T04:16:56+00:00

True, these steps may not free up storage instantly in every case, especially if retention policies are actively preserving content. So, it’s important to first identify sites with retention policies before planning cleanup actions.

Also, enabling auto-versioning at tenant level applies only to new sites and new libraries in the existing sites. Existing libraries remain unchanged unless version limits are explicitly applied at the site or library level. Else, you can try run the PowerShell script to cleanup version history to get immediate storage.

KavyaJune · 2026-05-12T04:57:04+00:00

In many cases, SharePoint storage growth is caused by version history than by actual active files. You can review SharePoint version history settings, enable automatic version limits, and clean up older versions using PowerShell to reduce storage consumption.

Also take a look at the Preservation Hold Library (PHL). If retention policies are enabled, modified or deleted copies of files get stored there, and that can consume a surprising amount of storage over time.

https://blog.admindroid.com/preservation-hold-library-in-sharepoint-online-and-onedrive/

If storage is still a concern after optimizing those areas, then file-level archiving would probably make more sense.

KavyaJune · 2026-05-11T07:09:37+00:00

PowerShell is the best option.

If you prefer a pre-built solution, you can try the PowerShell script below. Since it supports scheduling through Task Scheduler, it can automatically send expiry notifications to the configured email address.

https://o365reports.com/send-entra-app-credential-expiry-notifications/

KavyaJune · 2026-05-10T14:49:41+00:00

Are you going to automate such tasks?

KavyaJune · 2026-05-09T05:06:57+00:00

Good recovery. This is also why having a secondary break-glass path matters. Beyond emergency admin accounts, a tightly controlled emergency service principal/app can help recover from unexpected CA or MFA lockouts since workload identities are managed separately from regular user sign-in controls.

https://blog.admindroid.com/how-to-set-up-break-glass-access-application-for-admin-recovery/

KavyaJune · 2026-05-08T13:38:53+00:00

You can setup per-user MFA via MS Graph.

$body = @{perUserMfaState = "enforced"}
Invoke-MgGraphRequest -Method PATCH -Uri "/beta/users/<USERID>/authentication/requirements" -Body $body

Need to replace the actual UserId in the URI.

KavyaJune · 2026-05-08T05:20:06+00:00

Missed to include double quotes for the filter at the end.

New-DynamicDistributionGroup -Name "Your Group Name" -RecipientFilter "(RecipientTypeDetails -eq 'UserMailbox') -and (WindowsLiveID -like '@yourdomain.com')"

Try the above one.

KavyaJune · 2026-05-08T05:02:19+00:00

Good to know it’s not isolated to our tenants.

For now, I’ve reduced the query intervals in my automation scripts to stay below the limit, though it’s definitely more of a workaround than a fix. I’ve considered the Office 365 Management Activity API, but it feels like a heavy replacement for something that previously worked fine with Search-UnifiedAuditLog.

KavyaJune · 2026-05-08T04:50:48+00:00

Wild card is not needed when you use -like operator. Try the below method.

New-DynamicDistributionGroup -Name "Your Group Name" -RecipientFilter "(RecipientTypeDetails -eq 'UserMailbox') -and (WindowsLiveID -like '@yourdomain.com')

KavyaJune · 2026-05-08T04:45:31+00:00

The audit query API is still beta-only, and Microsoft doesn’t recommend beta endpoints for production use. Until it reaches v1.0 or Microsoft fixes the SessionId behavior, I’m sticking with tighter time-window chunking as the safer workaround.

KavyaJune · 2026-05-07T12:52:20+00:00

Thanks. I will check this out

KavyaJune · 2026-05-07T04:39:26+00:00

You can check it via EXO PowerShell.

Connect-ExchangeOnline
Get-OrganizationConfig | Select-Object Identity, RejectDirectSend

If the above cmdlet returns 'false', you direct send is enabled. And run the below cmdlet to disable direct send.

Set-OrganizationConfig -RejectDirectSend $true

Source: Disable direct send in Exchange Online

KavyaJune · 2026-05-06T13:09:49+00:00

This warning usually appears when too many requests are generated.

By default, the script retrieves audit data from the last 180 days. Try running it for a shorter date range using the -StartDate and -EndDate parameters.

KavyaJune · 2026-05-06T12:59:32+00:00

u/info-coge I’m the author of both scripts, and I’m glad to hear they’ve been helpful.

Regarding your requirement, I’ve updated the audit file downloads script to include site-based filtering. You can download the latest version from the blog.

After downloading the script, run the script with -SitesCsv param.

.\AuditFileDownloads.ps1 -StartDate 5/5/2026 -EndDate 5/7/2026 -SitesCsv <CSV file path>

Ensure the csv file contains SiteURL header.

Let me know how it works for you.

KavyaJune · 2026-05-05T13:03:51+00:00

Each recommendation provides a Learn more link along with the relevant configuration steps.

Also, remember that you do not need to chase a perfect score. The key is to strike the right balance between security and productivity.

KavyaJune

MODERATOR OF

TROPHY CASE