Garbage In, Speed Out": How a Junior SharePoint Admin's Routine Ticket Almost Exposed an Entire Payroll Through Microsoft 365 Copilot

A support ticket.

One spreadsheet.

One junior SharePoint administrator.

Nothing looked suspicious.

The user confirmed the file opened correctly, the ticket was closed, and another task was marked as completed.

A week later, someone opened Microsoft 365 Copilot and asked a simple question:

>

Less than five seconds later, Copilot returned the answer.

No hacking.

No broken passwords.

No security bypass.

Just permissions.

This article tells the story of how a routine SharePoint task can quietly become an oversharing incident, why Microsoft Search and Microsoft 365 Copilot amplify existing permission issues, and how Zero Trust, Microsoft Purview, Sensitivity Labels, and SharePoint Advanced Management (SAM) help prevent it.

If you're deploying Microsoft 365 Copilot—or planning to—you may want to review your SharePoint permissions before your users do.

Read the full story here:

https://medium.com/@renato.rossi.ferreira/the-junior-admin-the-spreadsheet-and-copilot-a-lesson-on-sharepoint-oversharing-b8947b969cde?sharedUserId=renato.rossi.ferreira

I'd genuinely like to hear how your organization is tackling SharePoint oversharing in the Copilot era.

reddit.com
u/Johnny_Utah_RRF — 19 hours ago

Stop Guessing: A Practical Guide to Microsoft 365 Logs for Troubleshooting and Security Investigations

Hi everyone,

After working with Microsoft 365 environments for several years, I've noticed that many administrators rely almost exclusively on the Unified Audit Log when troubleshooting issues or investigating security incidents.

The reality is that Microsoft 365 provides a much broader logging ecosystem. Depending on the scenario, the information you need may actually be in Exchange Online, Entra ID, Microsoft Purview, Defender XDR, SharePoint, Teams, or other services.

To help IT professionals navigate this, I wrote a practical guide that covers:

  • Understanding the different Microsoft 365 log sources
  • When to use each log
  • Where to find the right information
  • Tips for troubleshooting and incident investigations
  • Best practices for correlating events across Microsoft 365 services

My goal wasn't to create another documentation summary, but rather a practical reference that administrators and security professionals can use during real-world investigations.

I'd love to hear your feedback and learn how you approach Microsoft 365 logging in your own environment.

You can read the article here:

https://medium.com/@renato.rossi.ferreira/stop-guessing-the-ultimate-guide-to-microsoft-365-logs-3bc88d6e2f8d

Questions for the community:

  • Which Microsoft 365 logs do you use most often?
  • Have you ever solved an incident thanks to a log that many admins overlook?
  • Are there any logging sources you think deserve more attention?

Looking forward to the discussion!

reddit.com
u/Johnny_Utah_RRF — 2 days ago

My AB-900 study notes: Understanding Exchange Online, Mailboxes, Security and Copilot (looking for feedback)

Hi everyone,

I'm currently preparing for the Microsoft AB-900 exam and while studying Exchange Online, I decided to organize my notes into an article.

I tried to go beyond just memorizing definitions and understand the practical differences between:

- User Mailbox

- Shared Mailbox

- Distribution Groups

- Mail Flow

- Message Trace

- Microsoft Purview

- Copilot integration with Exchange Online

My goal was to connect the certification concepts with real-world Microsoft 365 administration scenarios.

I wrote this as a personal study resource and I'm sharing it here because I would really appreciate feedback from people who work with Exchange Online/Microsoft 365.

If you have suggestions, corrections, or different approaches for explaining these concepts, I would love to learn from your experience.

Article:

https://medium.com/@renato.rossi.ferreira/exchange-online-copilot-understanding-mailboxes-security-and-the-new-era-of-productivity-in-ffb9299c3e00

Thanks for taking the time to read it. Looking forward to your feedback!

reddit.com
u/Johnny_Utah_RRF — 10 days ago

SonicOS 7.3 - How to block a specific subdomain (keep.google.com) while keeping the main domain allowed?

Hi everyone,

I'm facing a challenge on a SonicWall running SonicOS 7.3.0-7012.

We currently have a custom FQDN/URI List allowing access to google.com. However, I need to block a specific sub-app/subdomain: keep.google.com.

I have two main questions for the community:

  1. Does an "Allow" rule for a main domain always override a specific "Deny" rule for a subdomain in SonicOS 7? If I have google.com allowed, will the firewall ignore a block rule for keep.google.com?
  2. What is the best practice to achieve this split-horizon block on SonicOS 7.x? Should I handle this via App Control, Content Filtering (CFS) with Forbidden Domains, or specific FQDN Address Objects matched with Access Rules?
reddit.com
u/Johnny_Utah_RRF — 12 days ago
▲ 4 r/microsoft365+1 crossposts

[AB-900 Series - Part 2] Microsoft 365 Copilot, Tenant Configuration and Domains Explained

Hi everyone,

I’m continuing my AB-900: Microsoft 365 Fundamentals preparation series.

In the previous article, I introduced the foundation concepts of Microsoft 365 administration. In this second part, I explore three important pillars:

  • Microsoft 365 Copilot usage and license management;
  • Microsoft 365 Tenant configuration (Org Settings);
  • Default and custom domain configuration.

The goal of this series is to connect Microsoft certification concepts with practical scenarios that administrators face in real Microsoft 365 environments.

I also included a practical demonstration using the Microsoft 365 Admin Center and a small knowledge check at the end of the article.

I would appreciate your feedback:

  • Are these topics useful for your Microsoft 365 learning journey?
  • What topics would you like to see in the next parts?

Article:
https://medium.com/@renato.rossi.ferreira/microsoft-365-admin-center-the-3-essential-settings-you-need-to-know-b893c757327c

Thanks for following the series!

reddit.com
u/Johnny_Utah_RRF — 21 days ago

I'm Studying for the AB-900 Exam and Sharing My Learning Journey

Hi everyone!

I'm currently preparing for the Microsoft AB-900 certification, and I've decided to document and share my entire learning journey with the community.

My goal is to create a study path that includes not only the materials I'm using but also my own understanding of each topic as I learn. For every exam objective, I'll share both the theoretical concepts and practical examples, using well-known platforms and resources from the Microsoft ecosystem.

One important detail: English is not my native language, and I'm also relatively new to many of these technical platforms. Because of that, this journey is focused on learning step by step, explaining concepts in a simple way, and showing how someone with limited experience can gradually build knowledge and confidence.

I'll be publishing articles, notes, study guides, and hands-on demonstrations, documenting what works, what I learn, and the challenges I encounter along the way.

If you're also studying for AB-900, just starting your cloud journey, or have already passed the exam, I'd love to hear your feedback, suggestions, and recommendations. Learning together is always more effective than learning alone.

Thanks for following my journey, and I hope the content helps others who are starting from the same point as me! 🚀☁️📚

medium.com
u/Johnny_Utah_RRF — 27 days ago

Guide AB-900 ALL FREE

I’m currently studying and sharing everything I learn completely FREE through articles on Medium.

My goal is to make technology and Microsoft certifications easier to understand while documenting my own learning journey.

I’d love for you to follow along, read the articles, and share your feedback. Let me know what you liked, what could be improved, and what topics you’d like to see next.

Together, we learn faster, grow stronger, and help each other succeed.

🚀 Follow my journey, join the discussion, and let's build knowledge together!

https://medium.com/@renato.rossi.ferreira/understanding-microsoft-365-copilot-licensing-what-every-administrator-should-know-85e52c93db50

reddit.com
u/Johnny_Utah_RRF — 27 days ago
▲ 7 r/TeamsAdmins+1 crossposts

How I stopped manually checking Teams channels and automated the whole audit with PowerShell

Was asked to identify all Teams channels inactive for 90+ days across the entire tenant. Manual checking wasn't an option — dozens of teams, hundreds of channels.

Built a PowerShell script using Microsoft Graph API that scans every channel, checks the last message date, flags anything inactive or completely empty, and exports a clean CSV report.

Wrote up the full process with step-by-step explanation and the complete ready-to-use script: 🔗 https://medium.com/@renato.rossi.ferreira/how-i-audit-unused-microsoft-teams-channels-4986a60f872c

Happy to answer questions or take feedback on the script!

reddit.com
u/Johnny_Utah_RRF — 1 month ago