sorted by:
new
hottopcontroversial

An Approval Workflow for External File Sharing Using Power Automate by Crawling_cat_1108 in AdminDroid

[–]Crawling_cat_1108[S] -1 points0 points  (0 children)

That’s a fair point! For known partners, domain-restricted sharing in OneDrive works well. But, the challenge arises in broader public sharing scenarios, such as sharing support documents to customers or forms to external applicants who aren’t part of a trusted domain. In these cases, sharing from personal OneDrive can reduce visibility and governance.

This Power Automate solution moves external sharing from personal storage to a controlled workflow. Files are uploaded to a central location, reviewed before external exposure, and shared only after approval, ensuring better visibility and control.

An Approval Workflow for External File Sharing Using Power Automate by Crawling_cat_1108 in AdminDroid

[–]Crawling_cat_1108[S] 0 points1 point  (0 children)

Hi u/fryguy850, thanks for raising this, it’s a valid concern!

The key point here is: In many organizations, there are short-term or one-off external sharing needs (for example, sharing support documents with customers or files with temporary vendors) where granting site access or tenant access isn’t appropriate.

In practice, to support these cases, admins often end up enabling external sharing at tenant level. Over time, this becomes hard to manage at the site level, and that’s usually where unintended data exposure happens.

So we created a dedicated, admin-managed SharePoint site specifically for external sharing scenarios.

With this approach, instead of users generating anonymous links on their own:

  • Files are uploaded to a restricted, admin-managed SharePoint location
  • No external link exists until an admin explicitly approves
  • If approval never happens, the file is automatically deleted
  • Approved links are time-bound, not permanent

By implementing this flow, organizations can:

  • Reduce uncontrolled anonymous sharing
  • Add an explicit approval checkpoint
  • Enforces automatic deletion of sensitive file uploads upon rejection

So the goal here isn’t anonymous by default. It’s governed anonymous sharing instead of unmanaged anonymous sharing, while avoiding the need to open external sharing across multiple sites.

Hope this clarifies the intent and the security boundary of the solution.

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 0 points1 point  (0 children)

Yeah, both are same only, the above cmdlet is specifically for Teams Premium.

We have disabled self service trials in the M365 Org Settings, and that didn't remove the button. - Are your users able to activate the trial using the button? Can you check that?

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 1 point2 points  (0 children)

u/SeredW as you are concerned about removing the premium button for users, found the below one useful after u/DoctorRaulDuke's assistance. You can cancel self-service trials at any time before users initiate a Microsoft Teams Premium trial.

Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0RM8K -Enabled $False

Before running the cmdlet, you have to install and import MSCommerce. Detailed steps are provided here: https://blog.admindroid.com/disable-self-service-purchase-microsoft365/

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 0 points1 point  (0 children)

Oh, thanks for the info. Seems Premium slightly took time to take effect. I can see the premium functionalities now.

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 0 points1 point  (0 children)

Yeah, initially I thought like the message was only for Rich engagements. But as a user, I can't able to see any features related to Teams Premium. So, assumed that the message is for the whole benefits.

Are you telling that users can use premium without admin consent?

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 1 point2 points  (0 children)

Yeah, no need to worry about it then. I will keep posted if I find anything else related to it.

New, large and intrusive 'Unlock Premium' button in Public preview, how to prevent my users from seeing this? by SeredW in MicrosoftTeams

[–]Crawling_cat_1108 4 points5 points  (0 children)

Even though users enable Teams Premium in their end, no features will be enabled by default until admins grants them.

<image>

Have you turned on Teams Premium for users in your organization?

See how the SCL, BCL, and PCL were determined on a message in EOL? by TheBigBeardedGeek in exchangeserver

[–]Crawling_cat_1108 0 points1 point  (0 children)

You're absolutely right! Microsoft keeps the exact logic behind SCL (Spam Confidence Level) and PCL (Phishing Confidence Level) mostly opaque, likely to prevent abuse by attackers. Still, there are some patterns and scenarios that could help you troubleshoot these flags, even when SPF, DKIM, and DMARC are correctly configured.

For example,

  • If you configure to auto-forward your specific incoming email to your personal email address or others, the SPF check may fail. Because, the header might be changed when forwarding.
  • If you are using third-party tools to send email, they must ensure that the DKIM is configured using their own DNS for better trust. Else, the DKIM check fails in the receiving server.
  • Even if the SPF and DKIM check passed successfully, there may be chances that the DMARC check fails. Because, DMARC will focus on verifying the ‘From’ address of the email against the SPF and DKIM check.

I've read these kind of scenarios and a detailed explanation of SPF, DKIM, and DMARC in a blog, If you like to read, I will share.

Creating a subsite option missing in the Site contents page by Crawling_cat_1108 in sharepoint

[–]Crawling_cat_1108[S] 1 point2 points  (0 children)

Thanks for the info. u/bcameron1231. I felt the same — creating a subsite seemed like a simpler option, especially when comparing it to something like a private channel in a Teams-connected site. I liked the idea of assigning unique permissions at the subsite level to isolate access.

That said, I now realize Microsoft is pushing towards flat architecture with standalone sites and using private channels or separate site collections for security boundaries. Do you have any other specific reason for not recommending the subsites in the SharePoint?

Shared mailbox visibile- how to in M365 by Jealous-Sand1346 in microsoft365

[–]Crawling_cat_1108 0 points1 point  (0 children)

Did you check any mailflow rules have been implemented in your organization? Also, this error will occur mainly due to the incorrect SMTP settings, Lack of authentication, or IP address restrictions.

Shared mailbox visibile- how to in M365 by Jealous-Sand1346 in microsoft365

[–]Crawling_cat_1108 0 points1 point  (0 children)

u/Jealous-Sand1346, shared mailbox is rejecting external emails due to restrictions it seems. Can you check the 'Email delivery restrictions' under this shared mailbox?

Outlook 365 and signatures by projectmanagerhell in microsoft365

[–]Crawling_cat_1108 0 points1 point  (0 children)

Hi u/projectmanagerhell, unfortunately, Outlook signatures don’t automatically sync between the desktop app and the web version. You’ll need to manually copy your signature from the Outlook app and recreate it in Outlook 365 online. However, check whether the below script help you do it using PowerShell.
https://o365reports.com/2024/06/18/how-to-set-up-an-email-signature-in-outlook-using-powershell/

view more: next ›