Check Azure AD for expiring SSO certificates
Office 365 (AAD) Wednesday, 28 July 2021 by paul

The following PowerShell script will check Azure AD Applications to see if any, using SSO, have a certificate that has expired or will do so within a specific period.

# List expired (or will expire within 30 days) AzureAD application certificates
Import-Module AzureAD

try { 
    $var = Get-AzureADTenantDetail 
   catch [Microsoft.Open.Azure.AD.CommonLibrary.AadNeedAuthenticationException] { 

#Change this to the number of days out you want to look
$days = 30

# Get list of Azure AD apps that use single sign-on
$SAMLApps = Get-AzureADServicePrincipal -All $true | Where-Object {($_.Tags -contains "WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1") -or ($_.Tags -contains "WindowsAzureActiveDirectoryCustomSingleSignOnApplication")}

Write-Host "Checking for certificates that expire within $days days"
$count = 0
$expiredcount = 0
foreach ($App in $SAMLApps) {
    $AppID = ""
    foreach ($KeyCredential in $App.KeyCredentials) {
        if ( $KeyCredential.EndDate -lt (Get-Date).AddDays($daysOut) ) {
            if (($App.ObjectId) -ne $AppID) {
                # Expired/expiring crtificate
                Write-Host " Certificate Name: " ($App.DisplayName) " - Expiration Date: " $KeyCredential.EndDate -Foreground red
                $AppID = ($App.ObjectId)
                $expiredcount = $expiredcount + 1
        else {
            # Valid certificate
            Write-Host " Certificate Name: " ($App.DisplayName) " - Expiration Date: " $KeyCredential.EndDate -Foreground green
        $count = $count + 1

# Output summary
Write-Host "There are $expiredcount certificates (of $count checked) due to expire or expired."


Disable self-service purchases in Microsoft 365
Office 365 (Self-Service) Wednesday, 28 July 2021 by paul

With the recent addition of Windows 365 there are more products which can be purchased by end users using self-service.

The following PowerShell script will disable all the self-service purchase policies.

# For all self-service purchase products set to disabled
Import-Module -Name MSCommerce

# Get list of all product self-service policies where purchase is enabled
try { 
        $products = Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | where {$_.PolicyValue -eq 'Enabled'}
catch { 
        # Connect to service
        Write-Host "Connecting to service" -foreground yellow
        $products = Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | where {$_.PolicyValue -eq 'Enabled'}
foreach($product in $products){
    # disable self-service purchase
    Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $product.ProductID -Enabled $false    
# List products to confirm all disabled
Write-Host "Check policies are set to disabled" -foreground green
Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase


Outlook Edge Extension
Office 365 (Edge) Wednesday, 07 July 2021 by paul

Microsoft have released an extension for their Edge Browser which allows Outlook users to access their email without opening a dedicated tab in the browser.

They will also be “advertising” this extension in Outlook for Windows and Outlook on the web.

“Mini” version of Outlook on the web Extension (one-click flyout)

Microsoft Outlook Extension:

Microsoft 365 Roadmap:

Edit: After "feedback" (complaints) from users Microsoft has backtracked and will no longer prompt the users to install the Edge extension in Outlook apps. They can still install it from the extension store.

Site List XML file not updating in Internet Explorer
Microsoft (Internet Explorer) Tuesday, 25 May 2021 by paul

If Internet Explorer does not update enterprise site list when changes are made then you can manually remove the xml file from the IE cache to force it to download it again.

  1. Close Internet Explorer
  2. Go to Control panel
  3. Select “Internet Options”
  4. On “General” tab press “Settings” button
  5. Press “View Files” button
  6. Find site list xml (default name SiteList.xml) file
  7. Delete the file
  8. Restart Internet Explorer
IMAP access to Exchange Online mailbox stopped working
Office 365 (Exchange) Friday, 16 April 2021 by paul

Recently users have been unable to access Exchange Online mailboxes using IMAP protocol and basic authentication.

The reason for this issue is basic authentication is being deprecated and is in the process of being changed from on by default to only being on when a tenant admin allows it.


1. Go to Modern Authentication admin portal:

2. Tick the IMAP4 box and save.

Then can authenticate with IMAP within an hour.

This is only a temporary fix as support for basic authentication will be removed from Exchange Online in 2nd half of 2021:

Page 1 of 89 (446 Articles) << 1 2 3 4 5  Next >>