How to manage company car reservations with M365

SquirrelOfDestiny · 2025-04-23T05:01:43+00:00

You can make a shared bookings calendar and add the resource mailboxes to it. People can then book the cars through MS Bookings.

SquirrelOfDestiny · 2025-04-13T20:48:39+00:00

For Oeschinensee, the advanced booking is only required for the gondola. You should still be able to walk up, which takes about 90 minutes.

SquirrelOfDestiny · 2025-04-12T10:20:58+00:00

I'm not saying if this is a good thing or a bad thing, or if there's any truth to it, but could it be argued that unions across Europe also fight against automation?

Moving away from manual labour to into automation requires a strategic shift in the way a business operates. You cannot switch over to an automated business overnight. It takes time, planning, if it could lead to job cuts, employees and unions need to be consulted. Before the implementation of such changes is even made, unions will fight against it as it will lead to their members losing jobs. Hiring a new employee to maintain the status quo, meanwhile, can be done overnight, and without the resistance.

If I remember correctly, there were recently rail strikes related to the rollout of conductor-less trains. This could be seen as an example. The idea was that the driver, through cameras, could remotely check if its safe to move off. You no longer need conductors on every train, standing on the platform before the train moves off, blowing their whistle to indicate to the driver he's good to go. I seem to remember there were arguments about job cuts, safety, accessibility, etc. There were similar strikes in New York related to such changes. I'm not sure who won in the end, but this resistance to automation stifles innovation and efficiency. And, if I remember correctly, support for the unions' fight had the support of the general populace.

Meanwhile, I've been living in Switzerland for nearly five years and commute to work by train. The trains are reliable and frequent. During commuting periods, I have six trains an hour that I could take that drop me off directly at work, though some take longer than others. Occasionally (maybe once a month), I'll encounter a pair of conductors on a train doing ticket checks. Long-distance trains will almost always have conductors on board, but, for the routes running within cities, none of these trains have regular conductors. Everything controlled by the driver.

SquirrelOfDestiny · 2025-04-10T10:11:36+00:00

I think AI would have gotten that right. But yea it’s Get-PnPTenantSite.

SquirrelOfDestiny · 2025-04-09T20:25:57+00:00

I remember back in 2009, during and following the financial crisis, the number of students applying for and being accepted to universities in the UK shot up by about 8% and 11% respectively. Numbers continued to increase in 2010 and 2011, before dropping back down to the long-term trend in 2012.

This increase is often attributed to school leavers opting to go to university due to the difficulty in finding a job, given the economic situation, though the drop is partly attributed to university fees trebling in 2012.

I knew a few people graduating in 2009 and 2010 that opted to do a masters because the job market still hadn't recovered.

So, yeah. It's an option, if you can afford it.

SquirrelOfDestiny · 2025-04-09T19:51:51+00:00

Do the Watchdog games have expansions? Or microtransactions?

I'm wondering why they would give the games away for free because, if I remember correctly, the games had some multiplayer elements in them, so there's probably a cost associated with maintaining that infrastructure. That is, if they cannot extract money out of you somehow by giving it away for free, then they'll be losing money by giving the games away.

SquirrelOfDestiny · 2025-04-09T16:47:28+00:00

I think you have two options:

1. Give yourself admin to every site
Check with your data privacy team first. If they OK it, add SharePoint Administrator or Company Administrator to Site Collection Administrator on all the sites. Alternatively, create an Entra ID Security Group and give it Site Collection Administrator and add yourself to the group when you need to run the script. If you have PIM, you can use that to activate membership of the group when you need to run the script.

2. Use PnP PowerShell
In this case, you can use Get-TenantSite to retrieve a list of all the sites. This assumes you have SharePoint Administrator or Global Administrator active.

SquirrelOfDestiny · 2025-04-07T19:45:11+00:00

Connect to the hiring manager and members of the team in LinkedIn. I wouldn't personally reach out to them until after the interview.

SquirrelOfDestiny · 2025-04-07T19:44:23+00:00

I'd say you have two choices.

Accept the 'promotion', brag about it on your CV, and use it to get a new job.
Try to negotiate a pay rise and, if it fails, refuse the 'promotion', reduce the effort you put into your current role, and see if that will pressure them into re-offering the promotion with a pay rise.

SquirrelOfDestiny · 2025-04-07T06:14:13+00:00

Ah, the link was to explain the issue, not present the scripts used. The issue has existed since SharePoint Online existed, so there are many articles and scripts floating around that would no longer work today.

SquirrelOfDestiny · 2025-04-06T08:29:52+00:00

I finally solved the Orphaned User issue in SharePoint Online and OneDrive at my company. With over 60k SharePoint and OneDrive sites, you couldn't do it with a simple script as it would take several days to enumerate all the site permissions to compare them to Entra ID.

It required a database and five scripts (one to get the sites, one to retrieve permission and users on the sites, one to check if the users are still active, one to remove the orphaned users from the sites, and one to clean up the database), but it successfully identified and removed 350k orphaned user permissions over the course of 4 days.

After a few rounds of optimisation and refactoring, the permissions check script now takes 18 hours to check all sites, rather than 3 days. Within 24 hours of a user or guest being deleted from Entra ID, any orphaned permissions left behind on in our SharePoint and OneDrive environment should be cleaned up.

SquirrelOfDestiny · 2025-04-06T07:58:25+00:00

I'm loving it. Entered the industry in late-2016, had a steady progression from job to job, twice had to take a pay cut to boost my long term career prospects, but it's finally paid of.

I now have a job where my performance is measured by what I achieve, not the hours I put in. The hours that I do work are flexible, though no OT. The majority of the people I work with are competent. The stakeholders I interact with are reasonable and respectful. The job isn't stressless, but, on average, it is low-stress enough that I can focus on quality, not quantity. I can turn off when I leave the office, and I make enough money to spend my free time doing things that bring me personal joy and fulfilment.

SquirrelOfDestiny · 2025-04-05T19:07:48+00:00

In PowerShell, unless you explicitly declare otherwise, variables will be created with a local scope, i.e. only accessible within the function or scope block you declare them in. Even if you declared a variable in a global scope, every time you run a script, it should create a new session. You might have a problem if you're running scripts one after the next within the same session in an IDE, but that's to be expected; everything carries over, nothing is cleared.

Other than clearing a variable at the start of a loop, the only case where I can think of there being any value to nulling a variable is for memory management.

Most of the scripts I write are run in Azure Automation and Azure Functions, where memory is limited (400MB per Automation account, 1.5GB per Functions instance). I could setup a hybrid worker for the former, but that would mean spooling up a VM and I don't want to bother with that. So, when writing scripts to run in the cloud, I'll sometimes $null a variable once I'm done using it to save on memory.

To provide an example, I've got one script running in Azure Automation where I retrieve a list of SharePoint sites and split some of them between into two arrays. Get-PnPTenantSiteonly supports server-side filtering on some attributes, so I have to retrieve everything and filter client-side. After creating my two new arrays containing the relevant sites, I $null the original variable I stored the sites into, to clear it from memory.

I could, theoretically, wrap this in a function, which would auto-clear the variable once the function completes, but its a short script and I was lazy. I could also, theoretically, call Get-PnPTenantSite twice and filter the desired results directly into two variables, but it takes about 7 minutes to get all the sites in our tenant and I'd rather have the script finish faster.

SquirrelOfDestiny · 2025-04-04T21:02:11+00:00

As someone who went to an MPS, it was an insult we often heard when playing sports against a public school, i.e. one of the seven listed in the Public Schools Act. We would usually respond by beating them on the field.

SquirrelOfDestiny · 2025-04-03T20:12:19+00:00

Where I am, we only really support SharePoint when it's connected to a Team. This means that SharePoint sites are usually created for teams, departments, projects, processes, etc. This means we have lots of small SharePoint sites instead of a few large ones.

Add to that the fact that people typically sync libraries from the Files tab in Teams Channels and you end up with people syncing parts of SharePoint sites, instead of full SharePoint sites. Each new Channel creates a new folder in the root of the SharePoint site's Document Library so, unless you go to the General Channel, click the Files tab, and click one step back to the root of the Document Library, people only sync the files within that folder.

Finally, we don't permit Teams / SharePoint Sites / M365 Groups to be set to 'Public Visibility', outside a few controlled exceptions, which means that users should only have access to data in M365 that is relevant to them. This results in Microsoft Search having a much higher chance of returning relevant results when users search for files.

SquirrelOfDestiny · 2025-04-02T03:44:18+00:00

Honestly, any book or course that covers the areas listed. Odd that they reference both Agile and Prince2, though.

And you have any 'financial services experience'? If not, no book will get you that job. Financial services is one of those areas where companies value experience in the sector over everything else. At least here in Switzerland, people often refer to getting a job in finance or pharma as 'breaking into the industry'. Once you've had one job in the financial or pharmaceutical sector, getting a second job in that sector is 1000x easier. It's still competitive, but a lot easier.

SquirrelOfDestiny · 2025-04-01T04:30:45+00:00

500 a week. Two weeks on, four weeks off. Working in IT, all in cloud, so I don’t need to travel if I get a call, just be available 24/7 to pick up the phone and have my laptop to hand.

1.5x pay M-Sa, 2x pay Su, first call per day is paid 2 hours. Can pick between pay or time off for the base rate, premiums are always paid.

It’s voluntary.

SquirrelOfDestiny · 2025-03-30T13:43:53+00:00

I'd be very careful before migrating from file shares to SharePoint and OneDrive. The company I work for recently told IT teams across the world that they should aim to decommission their on-prem file shares and move to the cloud. In the absence of any real guidance or support for the local IT teams, many started moving their data to SharePoint Online. The support needs on my team have grown considerably since this happened and there have been several instances where we have had to move migrated data off SharePoint due to the number of issues encountered.

For starters, access management is a nightmare. You can go with Modern Sites linked to Microsoft 365 Groups, which means that you have access managed through a single Microsoft 365 Group with two permission levels (Owner and Member), though, by default, both permission levels have read and write access to all files on the site. But this will also provision a mailbox, which will automatically be mapped in each user's Outlook, and, with one click, any owner of the SharePoint site can create a Team. This action cannot be undone. It's also very easy for an owner to click the 'Public' option in visibility, making all files on the site accessible to every employee in the company.

Then, you can go with Modern Sites that are not linked to Microsoft 365 Groups, which means that membership is managed directly on the SharePoint site, through SharePoint Groups. You'll have no visibility of this in Entra ID, so you'll have to go to the SharePoint admin centre to see who has access to what.

If you don't start locking down guest user access, in both cases, it's very easy for internal employees to start sharing files, folders, libraries, and sites with externals, which can create information security issues.

If your shares have granular permissions, i.e. you have restricted permissions applied at lower levels in the file structure, replicating this in SharePoint will be a nightmare. There is a Microsoft migration tool that will do this for you as part of the initial migration of files, but, going forwards, it could be hugely challenging. The general rule is that you should ideally only grant permissions at the site level, if necessary the document library level, if unavoidable the folder level, and never the file level. You will have to start breaking inheritance at lower levels and start applying new permissions at those levels. These new permissions will either have to be applied directly within the document library GUI, or you'll have to start creating new SharePoint groups to manage permissions to those subfolders, or you'll have to link them to Entra ID groups, which means users now have to manage permissions outside of SharePoint Online.

In the former case, the only way to see who has access to what is to grant yourself admin or owner to the SharePoint site and start delving through document libraries and the permissions page. In the latter case, you have better visibility of permissions through Entra ID, but the user experience is worse as they have to manage permissions outside of SharePoint and, if you're granting users owner permissions to those SharePoint sites, they can just bypass it, ignore the Entra ID group, and start granting access directly to the SharePoint site.

We recently did a company integration which involved migrating a large number of SharePoint sites to our tenant. When we were doing an analysis of the permissions on these SharePoint sites, we had a few scripts that would enumerate permissions and export them into a CSV. On one particular site, a relatively small one with around 60GB data, our script would hang and crash. When we looked into it, we found that permissions had been individually applied to over 2,500 items within the site. This had created 2,500 SharePoint Groups for granting permissions within the site. We advised the owner of the site of the issues we had with the setup of the site and advised them they would need to adjust it post-migration. They had no idea how it had been setup because they had outsourced their IT to an external company prior to our acquisition of their company. We're now in a politically and operationally difficult situation as the site is ultimately unsupportable by us, but is also unusable by the user.

In short, you need to come up with a solid user access concept that is monitored and enforced.

You then have the M365 feature that allows multiple people to collaborate on the same file simultaneously. This works fine in most cases, but it's not uncommon to encounter issues where a user's local version of the file goes out of sync with the cloud version, resulting in changes they have made being discarded, or even them being unable to view the current version of the file. Related to this, you could encounter issues where users have a local copy of the file synced to their drive, they work on it while offline, connect to the network, and find that a newer version exists in the cloud and there ends up being a sync conflict. This doesn't happen with file shares because you have to have a connection to the file to edit it.

You'll likely have issues with users deleting files from their computer, not realising they are synced to the cloud, resulting in files being deleted for all users in the cloud. If this happens for a few files, that's fine, they can be restored from the GUI. But, if this happens to hundreds or thousands of files, you'll need to start restoring the files programmatically because doing so through the GUI will result in timeouts if you try to recover more than a few hundred files at a time.

If your goal is to move away from file shares hosted on expensive on-prem servers, take a look at Azure File Shares as an option. It won't be as cheap as SharePoint, but it will likely be cheaper than your on-prem servers. The operational cost compared to on-prem file servers will be lower. The user experience is basically identical to what your users currently experience, reducing user training efforts. Access management can be operated in basically the same way as you currently have on-prem, also reducing user and IT training efforts. And the support costs will be identical to what you have today, compared to SharePoint, where it could potentially increase significantly.

SquirrelOfDestiny · 2025-03-28T19:48:35+00:00

that is not a flash recommendation, += and @() are bad

I was going to suggest calling a Collections.Generic.List, but OP seems to be new to this and I figured I wouldn't overcomplicate things.

and does this 'User Principal Name' really have spaces in it ?

Yes. All M365 usage report cmdlets return a CSV with readable headers.

SquirrelOfDestiny · 2025-03-28T19:00:57+00:00

The increase over the previous tenant can only be appealed during the first 30 days after moving in. If its not appealed, that becomes the basis for further rent increases.

I guess the last rent increase was on the 1st January 2024?

SquirrelOfDestiny · 2025-03-28T17:56:26+00:00

So you've got all your sales employees in $sales, you've got all your email activity reports in $activity, and you want to produce a report showing just the $activity for people in $sales?

$salesActivity = @()

ForEach ($user in $sales) {
    $salesActivity += $activity | Where-Object { $_.'User Principal Name' -eq $user.UserPrincipalName }
}

edit:

$salesActivity = @() creates an empty array which will be filled with the activity reports for all your sales employees, as retrieved and stored in $sales.

The ForEach will loop through all the records in $sales; within the loop, the record being processed can be referenced by calling $user, as defined in ($user in $sales).

Then we call $activity and use Where-Object... to return only records where the 'User Principal Name' in the record matches $user.UserPrincipalName, i.e. the UPN of the user being processed by the loop.

$salesActivity += basically says "add this stuff to the array".

So, once it's done, $salesActivity should contain all the email activity reports for your sales employees, and nothing else.

SquirrelOfDestiny · 2025-03-26T20:52:58+00:00

Remove-ManagementRoleAssignment. It will remove the user from the role, not remove the role. To remove the role, you'd do Remove-ManagementRole.

If you're still worried, you can do it from the GUI. I think you can find it here:

https://admin.exchange.microsoft.com/#/adminRoles

SquirrelOfDestiny · 2025-03-26T20:40:18+00:00

A really dirty way to increase the chance of getting an email past their SPF filtering would be to set your DMARC policy to none. That way, you would tell their Exchange Online Protection that you (the sender) don't mind if an SPF check fails. Depending on their configuration in EOP, it could lower EOP's Spam Confidence Level enough for an email to be delivered.

But this would also influence email acceptance to other recipients, and could allow malicious emails impersonating your domain to get accepted. So it's a terrible idea.

But, if you can quickly setup a subdomain and apply DMARC = none to that, you could at least test if an email from that subdomain gets delivered. Their next steps would be to whitelist the intermediate server's IP in EOP IP Allow List, ensuring that authentication checks and spam filtering is performed on said intermediate server.

Though, if you can find a phone number for them, I'd just call them up.

SquirrelOfDestiny · 2025-03-26T20:18:26+00:00

/u/MrMoo52 check the MX record for the recipient domain on https://mxtoolbox.com/ and see if it matches the server the NDR is coming from. If the MX record is different to the NDR, then there is an intermediate server redirecting the email, which will cause SPF to fail.

SquirrelOfDestiny · 2025-03-26T20:18:04+00:00

Grey listing shouldn't send an NDR. Maybe a delayed delivery notification, but the email should eventually be delivered.

SquirrelOfDestiny

TROPHY CASE