When you apply your company brand to customize the look of your organization’s email messages, you can also specify an expiration for these email messages. With Microsoft Purview Advanced Message Encryption, you can create multiple templates for encrypted emails that originate from your organization. Using a template, you can control how long recipients have access to mail sent by your users.
When an end user receives mail that has an expiration date set, the user sees the expiration date in the wrapper email. If a user tries to open an expired mail, an error appears in the OME portal.
You can only set expiration dates for emails to external recipients.
With Microsoft Purview Advanced Message Encryption, anytime you apply custom branding, Microsoft 365 applies the wrapper to email that fits the mail flow rule to which you apply the template. You can only use expiration if you use custom branding.
Microsoft 365 E5 subscription
Compliance Administrator Permissions
How to create a custom branding template to force mail expiration by using PowerShell
Using a work or school account that has sufficient permissions in your organization, such as Compliance Administrator, start a Windows PowerShell session and connect to Exchange Online. For instructions, see Connect to Exchange Online PowerShell.
Run the New-OMEConfiguration cmdlet
Where:
Identity is the name of the custom template.
ExternalMailExpiryInDays identifies the number of days that recipients can keep mail before it expires. You can use any value between 1–730 days.
More information about Microsoft Purview Advanced Message Encryption
Microsoft Purview’s Data Loss Prevention (DLP) now allows you to prevent Microsoft 365 Copilot from processing emails and other content marked with specific sensitivity labels by configuring DLP policies in the Microsoft Purview portal.
By creating a DLP policy with the “Content contains > Sensitivity labels” condition for the Microsoft 365 Copilot policy location, you can restrict Copilot from using this sensitive content in its responses and summarizations, thereby enhancing data protection.
This feature will allow DLP policies to provide detection of sensitivity labels in emails as enterprise grounding data and restrict access of the labeled emails in Microsoft 365 Copilot chat experiences. This feature only works for emails on or after 1/1/2025.
How this will affect your organization:
Organizations with no existing DLP for Microsoft 365 Copilot policies are not impacted. Customers with the required licenses will be able to go to the Microsoft Purview portal to create policies in the Data Loss Prevention solution. Admins can also go to Data Security Posture Management for AI (DSPM for AI) to see recommendations for creating Microsoft 365 Copilot policies.
Admins should create a new DLP policy using the Copilot location to use this feature:
Microsoft Copilot will be able to answer questions based on content shared onscreen during a Teams meeting.
Microsoft: “Copilot will be able to understand slides, documents, spreadsheets, and websites, or anything else shared onscreen. Users will be able to ask simple recall questions, such as “Show me the content that was shared on the screen” or more specific questions like “what was the Sales target number” if it was shared on a previous slide. Users will also be able to combine screen-share with transcript and chat data to ask, “Show me all the slides and the feedback on each slide,” or “Rewrite the paragraph based on the comments from the audience”.”
Microsoft Update at August 2025
After further review, we are not able to continue rolling this out at this time. We apologize for any inconvenience. Now, Copilot in Teams can analyze content shared on-screen during a meeting when recording is enabled. This, along with meeting transcript and meeting chat, enables users to ask Copilot to summarize or find specific information from screen-shared content (e.g., ‘Which products had the highest sales?’), consolidate insights across both the conversation and presentation (e.g., ‘What was the feedback per slide?’), and draft new content based on the entire meeting (e.g., ‘Rewrite the paragraph shared on the screen incorporating the feedback from the chat’). This works for any content shared while sharing your desktop screen (including but not limited to documents, slides, spreadsheets, and websites, irrespective of platform or app). Support for PowerPoint Live and Whiteboard in Teams will be available at a later date.
Microsoft has introduced Security Copilot agents in Microsoft Purview (preview) to assist organizations automate and scale triage across Data Loss Prevention (DLP) and Insider Risk Management (IRM). These AI-powered agents are built on the Microsoft Security Copilot platform and leverage Security Compute Units (SCUs) to reason over alerts, analyze content, and priorities risk—at scale.
The Microsoft Purview Triage Agents run on Security Compute Units (SCU). Your organization must have SCUs provisioned for the agents to run SKU/subscriptions licensing.
When you deploy an agent, and when you edit triggers, you can select whether the agent will run automatically based on a set schedule or Agent will run manually on one alert at a time . If you select Run automatically based on a set schedule, the agent will triage the alerts that are included in the Select Alert timeframe setting.
Microsoft Defender is updating the Export-QuarantineMessage cmdlet to include a new -PasswordV2parameter for plain text passwords, replacing the old -Password parameter. Microsoft offer the -PasswordV2 parameter as a new experience that allows admins and users to pass plain text for their passwords when exporting Quarantine items in PowerShell cmdlet. Admins and users should use the -PasswordV2parameter, because using the previous -Password parameter may cause errors and –Password won’t be available in the longer term.
For files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the files are exported in Base64 format.
Export-QuarantineMessage cmdlet functionality before this rollout:
Export-QuarantineMessage cmdlet functionality after this rollout:
Use the Export-QuarantineMessage cmdlet to export quarantined messages and files from your cloud-based organization. Messages are exported to .eml message files so you can open them in Outlook.
This example exports the specified message with attachments that was quarantined as malware:
The first command exports the quarantined message and attachments to the variable $f. The message and attachments are stored in the Eml property (the $f.eml value) as Base64 (based on the $f.BodyEncoding value).
The second command converts the Eml property from Base64 to bytes and stores the result in the variable $bytes.
The third command writes the quarantined message and attachments to the specified .eml file.
Microsoft announce some important updates to M365 Copilot Chat that will enhance security and user experience, following:
Integration with SafeLinks:
M365 Copilot Chat will integrate with SafeLinks in Defender for Office 365 to provide time-of-click URL protection for the hyperlinks included in its chat responses.
This change applies to users with Microsoft Defender for Office 365 Plan 1 or Plan 2 service plans. No policy configuration is needed within the SafeLinks policy.
Within Microsoft Defender for Office 365 Security Center, URL protection report will show the relevant summary and trend views for threats detected and actions taken on URL clicks.
Native Time-of-Click URL Reputation Check:
For users without SafeLinks protection (which is available as part of Microsoft Defender for Office 365), M365 Copilot Chat will natively enable time-of-click URL reputation check for the hyperlinks returned in its chat responses.
Hyperlink Redaction Changes:
M365 Copilot Chat will no longer redact hyperlinks in its chat responses if they are found in the grounding data used to generate the responses.
When this will happen:
General Availability (Worldwide): We will begin rolling out in late March 2025 and expect to complete by late May 2025.
Rollout will start on desktop and web and will complete with mobile versions. We plan to extend these updates to Copilot Chat experiences in Office apps in the future.
How this will affect your organization:
These updates are designed to enhance the security of the links included in M365 Copilot Chat response, ensuring that users are protected from malicious URLs.
What you need to do to prepare:
You may consider updating your training and documentation as appropriate to ensure users are aware of the change in behavior with hyperlinks in M365 Copilot Chat.
A new usage report for the new and classic Microsoft Outlook for Windows is being added to the Microsoft Exchange admin center.
This is the same data made available via the Microsoft 365 admin center usage report in March and is intended to make the data more easily accessible to Outlook admins who regularly use the Exchange admin center.
When this will happen:
General Availability (Worldwide): We began rolling out early May 2025 and expect to complete by late May 2025.
How this will affect your organization:
The new report Outlook for Windows Usage will be added to the Reports section in the EAC. This report will provide admins with detailed insights into user activity on the new Outlook for Windows versus the classic Outlook for Windows. The report includes a line chart showing the sum of users by endpoint over different time periods (days/weeks/months) and a data table with columns for email address, last activity date, and usage status for new and classic Outlook. You can export the data to csv and filter and search in the report.
The new report will be available by default in the Exchange admin center at Reports > Outlook for Windows Usage:
Examples of User details reports:
What you need to do to prepare:
This rollout is happening automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to update any relevant documentation.
Familiarize yourself with the new report and its features. Ensure that your organization’s admins have access to the EAC and are aware of the new reporting capabilities to support their new Outlook migration efforts.
In 2018, Microsoft announced that they’ll no longer making feature updates to Exchange Web Services (EWS) in Exchange Online, and advised developers to move to Microsoft Graph.
In 2023, Microsoft announced that on October 1, 2026, they will start blocking EWS requests to Exchange Online.
Today, in Microsoft ongoing commitment to enhance the security and control mechanisms of Exchange Web Services (EWS), Microsoft announcing a significant change in the behavior of the EWSEnabled tenant-wide switch in Exchange Online. This modification provides a more robust framework for managing EWS access within organizations, ensuring both flexibility and security, and is necessary as they continue to work in there plan to disable EWS starting October 2026.
Current Behavior
The EWSEnabled flag can be set at both the tenant (organization) level and the user (mailbox) level. Currently, when the flag is set to true at the user level, it takes precedence over the organization-level setting. If the setting is Null, it means the setting is not enforced at that level. If Org and user-level are both Null, the default behavior is to allow. This hierarchical structure means that if the organization-level flag is set to false, but the user-level flag is set to true, EWS requests from that user are still allowed. In other words:
Organization Level
User Level
EWS Requests
True or <null>
True or <null>
Allowed
True or <null>
False
Not Allowed
False
True
Allowed
False
False or <null>
Not Allowed
This approach has led to inconsistencies and security concerns. It can be challenging for administrators to ensure uniform policy enforcement across their organization, particularly in large and complex environments.
New Behavior
To address these issues, we are altering the behavior so that EWS will only be allowed if both the organization-level and user-level EWSEnabled flags are true. Here’s a simplified view of the new logic:
Organization Level
User Level
EWS Requests
True or <null>
True or <null>
Allowed
True or <null>
False
Not Allowed
False
True or <null>
Not Allowed
False
False
Not Allowed
In short, EWS will be permitted only if both the organization and user-level allow it. This change ensures that administrators have better control over EWS access and can enforce policies more consistently across their entire organization.
This change will rollout worldwide starting April 2025.
Tenant-level setting
The first thing to check is your tenant setting. To do this, simply run this command in Exchange Online PowerShell
If the EWSEnabled flag is empty (the default), or set to True – this change won’t affect you, but we still advise you read the per-user settings information below to make sure it matches your expected settings.
If your EWSEnabled flag is set to False, you might see some impact when we enforce this new logic change on your tenant unless you take action now. We encourage you to review the section below to ensure your per-user settings reflect your desired state for who can and cannot use EWS, and then proactively change the tenant wide switch to True to ensure uninterrupted access for users and apps.
User-level setting
As discussed earlier, even if your tenant-wide EWSEnabled switch has been set to False, it’s currently still possible to use EWS, if the per-user setting is set to True (default setting for every mailbox).
To check if EWS is Enabled or Disabled for a specific mailbox, you can run:
📌📖 Title of Presentation: How to Perform an Automated Google Workspace Migration to Microsoft 365 (New)
I’m excited to share some insights about the amazing features of How to Perform an Automated Google Workspace migration to Microsoft 365. Migrating from Google Workspace to Microsoft 365 can be quite a daunting task, particularly when dealing with mailboxes over 100 GB. But fear not! In our presentation, we will delve into the challenges and solutions for a successful migration, catering to both normal and large mailboxes. We will start by discussing the various challenges that come with such a migration. From there, we will move on to the importance of thorough planning to ensure a smooth transition. Next, we will introduce a new way of migrating from Google Workspace to Microsoft 365, detailing the methods to handle large mailboxes effectively. To make things even more engaging, we will have a live demo to showcase the process in action. And of course, we will wrap things up with a Q&A session to address any questions or concerns you may have.
Challenges
Planning
New way of migration from Google Workspace migration to Microsoft 365
Methods to migrate large mailboxes to Microsoft 365
Demo
Q & A
❤️ Join us on Saturday, 22 February 2025, from 19:00 to 20:00 (GMT+2) to gain invaluable insights from Joanna. We are honored to have her share her expertise at our conference! A big thank you to Joanna for her valuable help and selfless contribution to the community. We are truly grateful for her presence and look forward to learning from her expertise. Don’t miss this opportunity to learn from one of the best in the industry!
Catastrophic Failure 