Hey everyone 👋

I’m currently working on an Asset Management System built on the Microsoft 365 platform, and the plan is to release it as open source in less than 2 weeks.

The goal is to create something practical and easy to deploy for organizations already using M365/SharePoint/Power Platform.

Right now I’m looking for:
Pilot testers

Feature requests / ideas

Feedback from IT admins or M365 users

Suggestions on what would make it genuinely useful

Would love to hear what features you would expect in an asset management solution 👀

If anyone is interested in testing or contributing ideas, feel free to comment or DM me.

I have a user who’s One Drive on his Windows 11 Laptop keeps crashing. Even when we uninstall it, and remove every file pertaining to OneDrive, restart and reinstall OneDrive from the exe file on the site. It doesn’t no resolve it. It’s been happening for a few days now, he is the only user whose One Drive issue has taken the longest to solve!

Years ago MS used to charge for the toll free dial-in numbers for Teams meetings, then they were free but you needed a separate license SKU to activate it for users. Is this still the case for M365 E3/E5 licenses? If so, what's the add-on called? I'm having trouble finding out and our vendor is slow to get answers.

I think I completely locked myself out of my M365 tenant.

I enabled a Conditional Access policy requiring “Phishing-resistant MFA” for all admin accounts.

I DO have:

• a passkey created in Microsoft Authenticator
• Windows Hello for Business configured

But both are rejected during sign-in.

I only get a generic error:
“Something went wrong”
with no additional details at all.

I expected Authenticator passkeys and WHfB to satisfy the phishing-resistant MFA requirement, but apparently not in my setup.

Has anyone already hit this exact issue?
Is there a known limitation/bug with Authenticator passkeys + Authentication Strength policies?

Right now I have no active admin session left open.

EDIT : ITS WORKING AGAIN

I finally managed to access the tenant by signing into a PC with my admin account and configuring Windows Hello. The PIN failed, but fingerprint authentication finally worked and let me back in.

I disabled the CA immediately and created a proper break-glass account. I fully admit I was careless, but honestly Microsoft also shares some responsibility here because this whole flow is clearly not mature enough yet.

PS: Some people here are honestly malicious and seem to enjoy seeing a fellow admin in trouble. Human mistakes happen very quickly, and a situation like this can genuinely keep you awake all night.

Update ....

same version number but it is fixed..

Latest Outlook has decided this is better

https://preview.redd.it/6xkobmqjr12h1.png?width=279&format=png&auto=webp&s=f943ceafd3225abd767fa229075c995ee05a2638

It used to be right justified and so much easier to read...

This is the reply by Outlook questions...

Talk about bulldozing customers

 AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

This behavior is a result of recent Outlook UI changes and is not configurable back to the previous, right‑justified unread count using any supported setting in the provided documentation.

There is currently no option documented to revert this layout change. To influence future design, submit feedback directly from Outlook so it reaches the product team:

1. In Outlook, open the Help or Feedback menu (for example, Help > Feedback or File > Feedback, depending on the Outlook version).
2. Choose Send a Suggestion (or similar option).
3. Describe that the unread count alignment change reduces usability and request an option to restore right‑justified unread counts.

For general guidance on providing product feedback, see the Microsoft 365 feedback documentation referenced below.

>A maintenance update to correct — and enhance — handling of comma-separated values (CSV) for the --operations parameter in the MDM-agnostic, unified, user-friendly macOS script to repair, reset, or remove Microsoft 365 components.

Background

A December 2023 Microsoft 365 Reset (2.0.0b1) via Jamf Pro Self Service post detailed a “quick-and-dirty Jamf Pro Policy hack for testing Microsoft_Office_Reset_2.0.0.pkg” (which still works as advertised today, more than 895 days later).

However, while conducting some internal training, I was pained by how user un-friendly the workflow seemed — even if it did get the job done — which motivated the development of the modern, unified approach that Microsoft-365-Reset.zsh now delivers.

Overview

The Microsoft-365-Reset.zsh script seeks to provide an MDM-agnostic, unified, user-friendly approach to all of Paul’s Office-Reset goodness.

Additionally, one resolution to the nightmare that is the Adobe Acrobat Add-in Removal for Microsoft 365 is also included.

Changes in 1.2.0

This maintenance release focuses on CSV handling for the --operations parameter:

• Constrained the interactive operation picker to only the operations listed in the CSV when --operations / Jamf $5 is provided (addresses #15; thanks, andreilabin!)
• Fixed --operations / Jamf $5 CSV parsing so comma-separated operation IDs are treated as separate selections in silent mode (addresses #16; thanks, meschwartz!)

Hey there! I'm new to reddit, this is my first post. FYI, I don't usually post anywhere, but Microsoft made me super angry and I would like to know if anyone had a similar issue.

So last year I needed to use Microsoft office for some documents, so in a rush I accidentally created a Business Basic account(which is pricier that personal one). I realized after my billing went through, at that time it was a free trial so no worries. Although, after I finished with my documents, I tried to unsubscribe and couldn't find the unsubscribe button anywhere, and I was really busy, so I decided to find the way to unsubscribe later.

Then I was caught up in work and forgot to unsubscribe... That's fine, my bad... fast forward to May 2026, and I found out that I'm still monthly subscribed and have paid over 13,000 Yen (which is around 100 US$, which is a big deal in Japan).

So I struggled but found a way to unsubscribe, only to know that I'm subscribed for another year... My subscription will last till April 2027, although I never use it... ;((

I contacted customer support for help, but they said that there is nothing I could do, because 7 days passed since my subscription renewed and like it or not I have to pay monthly until April 2027....(ToT)

Is there anything I can do to stop this?? Is this even legal??

I hate throwing my money down the drain, cuz I'm broke... Somebody please help! Any opinion will be helpful!

P.S: I know that I'm in the wrong here, since I didn't cancel after the free trial, but they made it so confusing to quit and I really didn't have time when this all happened.

Previously we were managed by an MSP. When they gave us control of our tenant, we manage it now. They left everything setup the way they did include the partner relationships for the MOSA licensing. We started transferring everything to MCA licensing.

So, my question is what the difference between MOSA and MCA licensing, mainly is there any benefits over the other, and for security reasons is it safe to remove the GDAP and other partner relationships?

If we wanted to start using MOSA, if its better, do we need to find our own partner and what is involved in doing that?

Thanks,

Hi everyone,

I need to move a ~700 GB folder from one user's OneDrive for Business to another user's OneDrive for Business, without downloading the data locally.

I have Global Admin permissions and our environment includes:

• Office 365 E3
• EMS E3

What solution do you recommend?

Trying to get unused licenses out of our tenant: people who left, accounts that haven't logged in for months, service accounts sitting on premium SKUs. PowerShell works but it's tedious to keep running every quarter.

What's everyone actually using? Native admin center, a tool, script, or just living with the waste?

I got a new iPhone yesterday and my Microsoft Authenticator app stopped working. I am now completely locked out of my Microsoft 365 account and cannot access email, SharePoint, or Power Automate.

I am the sole admin of my tenant and the only employee of my business. Everything is shut down until this is resolved.

What I've tried:

• Reinstalled Authenticator
• Tried all alternate sign-in options — none registered
• Accessed Entra admin center and clicked "Require re-register MFA" and "Revoke sessions" — this locked me out of Entra too
• Submitted Microsoft support ticket (2605180010000159) last night with no response
• Sent two escalation emails with no response

Is there any way to escalate this or a direct contact at Microsoft who can help? Or any workaround I'm missing?

I signed up for Microsoft 365 a few years ago. We use all that at work but back then, I had my email on Apple's Mail App. They required us to switch to Outlook app a few months ago.

I realized I rarely use Microsoft products on my personal device (I'd use it for some work from home but don't really need to anymore) so I canceled the subscription. It's set to expire in a couple of months.

But I remembered I'm using Outlook on my MacBook and iPhone to receive work emails. Is this going to be impacted or is it something on my work's side?

I've been using my Microsoft account on my Macbook fot the past 3 years without any problem. I could edit everything in Word and other apps etc. When I tried to continue working on my Word document today, it suddenly said my account only lets me see my document in view mode. It happens on all the other accounts I have, including my university account which theoretically grants me access to all the Microsoft365 apps, but they all don't work in exactly the same way. Is it Mac-Microsoft being greedy and forcing me to buy an active subscription, or is there a solution to this problem?

Hey r/Microsoft365,

I've spent the last while building something that scratches a very specific itch and I'd love some honest feedback — and ideally a few teams willing to kick the tires before I open source it.

What is it?

A self-hosted, Docker-based platform for managing Microsoft 365 configuration across multiple tenants at scale. The core idea: your tenant configurations live in Git as desired state, and the platform drives automated deployment, backup, and maintenance against those tenants using pipelines — all from a central web portal.

It's not a hosted SaaS. You host it. You own your data.

The problem it solves

Managing M365 configuration across multiple tenants is a mess. Everyone ends up with their own half-documented process, things drift from your intended baseline, someone makes a change manually and it never gets tracked, and auditing what was in place and when becomes nearly impossible.

I wanted something that treated M365 tenant config the way good engineering teams treat infrastructure — as code, versioned, reviewable, and deployable.

How the baseline and deployment model works

The platform is built around a shared baseline repository — a set of JSON config files representing your desired M365 state, organised by workload:

• conditional-access/ — Named Locations and CA policies
• intune/ — All Intune configurations
• exchange/ — Transport rules and mail settings
• authentication-policies/ — FIDO2, TAP, SMS, etc.
• groups/ — Security and M365 groups
• enterprise-apps/ — App registrations
• entra-id-consentpermissions/ — Consent policies and permission classifications
• sharepoint-settings/, teams/, custom-attributes/

There's also a baseline-remove/ folder — configs placed here get deleted from tenants on the next deploy run, after new configs are safely applied first.

When a deployment pipeline runs against a tenant, it:

1. Clones the shared baseline repo
2. Reads all JSON files from the relevant workload folders
3. Deploys them to the tenant via Microsoft Graph API (and Exchange/Intune APIs where needed)
4. Applies any removals from baseline-remove/

Resources deploy in dependency order — custom attributes and groups first, then Conditional Access, then Intune, then everything else — so you're never deploying a CA policy that references a named location that doesn't exist yet.

The result: update the baseline once, and every tenant gets the change on their next deploy. Tenant-specific overrides live in each tenant's own repo alongside the baseline clone.

Key platform capabilities

• Multi-tenant portal — manage any number of tenants from a single interface, with scoped access so different admins only see what they should
• Parameterized deployment pipelines — granularly choose which modules to deploy and whether the run can create, update, or delete resources
• WhatIf / plan phase — preview exactly what would change before anything is applied
• Automated backup pipelines — scheduled backups of tenant config committed back to Git; full audit trail
• Policy viewer & drift detection — browse and diff any tenant's config against desired state in the portal, with field-level normalization so cosmetic noise doesn't pollute the diff
• Approval workflows — deployments can require an explicit approval before they execute
• User compliance views — sign-in log analysis sourced from Git-backed daily exports, not live Graph API calls
• Intune tooling — app management (Chocolatey, WinGet, custom packages), ADMX files, OS version control for compliance policies
• Groups management — group config and sync integrated into pipelines and UI
• Delegated auth per tenant — device-code onboarding per tenant; refresh tokens managed internally, isolated from portal login
• Setup wizard — guided first-run covering Entra app registration, database config, blob backup, and platform bootstrap
• All-in-one container — single Docker image (portal + internal Git server + pipeline runner); deployable on-prem or to Azure App Services (reverse proxy with pre-authentication recommended)

Maintenance automation — and where I'd especially love your input

The platform can run scheduled or on-demand maintenance pipelines against any tenant, with a task picker UI and a WhatIf mode that previews changes without applying them. Current tasks:

• Group Split Rebalancing — rebalances members across split/overflow groups
• Exchange Default Font — enforces a standard default font across OWA/Outlook
• Exchange GAL Visibility — corrects Global Address List visibility flags across mailboxes
• Intune Device Auto-Rename — renames devices to match a naming convention
• Intune Primary User Assignment — assigns or corrects the primary user on managed devices
• Entra ID Device Cleanup — removes stale/inactive devices from Entra ID

This is the area I most want input on. What recurring M365 maintenance tasks do you find yourself scripting and running ad-hoc that you wish were automated, auditable, and triggerable from a central UI? What would you add to this list?

What it is NOT

• Not a SaaS product — no cloud offering, you host it
• Not an end-user tool — this is for admins and engineers managing tenants
• This post is about the platform; the baseline/policy content itself is a separate concern

Where it's at

It's working and running against real tenants, but it's pre-open-source. I want to clean things up, write proper docs, and get feedback from a handful of teams who would actually use something like this before publishing it publicly.

What I'm looking for

• Honest feedback — does this solve a real problem for you, or is this already solved by something I've missed?
• Maintenance task suggestions — what would you automate if you could?
• Early testers — if you manage multiple M365 tenants and would be willing to stand this up in a lab or test environment, I'd love to hear from you. I'll provide setup docs and direct support.

Drop a comment or DM me. Not selling anything — just trying to build something useful and get it into the world in a state worth sharing.

Happy to answer questions about the architecture, how auth works, the pipeline model, or anything else.

I'm fully aware this may have no solution but I figured it'd be worth a shot to ask here.

In my school district every student got a Microsoft office 365 account to do our assignments. When we graduate, that account gets deleted.
I had a couple of word files on that account that I wanted to keep, so I figured I could save them if i drag and dropped them into my pc.
I didn't check in on the files for a while after I graduated, but recently when I tried to open it on a new MS account.

What i got was a message saying the file was probably corrupted or something like that. I had the same files "saved" in a memory card, but turns out it was only a shortcut to the file?

Honestly I'm just mildly upset.
I've never been the best with this kind of thing but I really want to know of there's any hope of me getting these files fixed and able to open in my new MS account.

Have a question for Enterprise Admins for your org. We are running M365 and have a concern of end users being able to install Claude Connector for Outlook, and then sign into that connector with their personal Claude account (via personal email address).

We do offer Claude Enterprise accounts for some end users, along with ChatGPT enterprise for the entire org, but we all know how end users can do weird stuff and end up signing in with personal free accounts.

Executives are ok with the AI connectors, but want to ensure we are only using the paid account versions to prevent the models from learning from our data via the free avenue.

The current way I can think to control how end users are able to sign-in to their Outlook connectors is:

• control what connectors are available via 365 Admin Center
• only allow authorized apps
• only authorize enterprise AI apps (along with other apps the org uses)
• then force SSO via Entra

Does anyone have any experience implementing this kind of control?

I inherited a tenant of a small company that was bought by our company. Their AD users are all synced to an AD that is now longer available as the previous MSP has offboarded the client and deleted their VMs. furthermore they didn't even have their own cloud sync, the MSP managed Entra through their account and a GDAP agreement.

So moving the the users outside the sync scope obviously won't work for me.

I guess my only option is to somehow nuke the ImmutableID with MSGraph? How does that work? All the information I find points to this was no problem with Set-MsolUser but is a huge pain in Graph? Any pointers to how this is done?