Welcome to my blog!

Exchange Online, Microsoft 365, Office 365

Lack of service-side validation allows group guest user restrictions bypass via OWA

August 16, 2025September 17, 2025 Vasil Michev

A recent exploration into how OWA enforces guest user restrictions for Microsoft 365 Group releaved that client-side checks are used, and in turn restrictions could be bypassed by crafting a request with modified payload. After doing the responsible thing and reporting this issue to Microsoft, I am now bringing you some additional details on it, after the corresponding fix has been rolled out worldwide. …

Continue readingLack of service-side validation allows group guest user restrictions bypass via OWA

Exchange Online, Microsoft 365, PowerShell

Upcoming changes to the Connect-IPPSSession cmdlet (the EnableSearchOnlySession switch)

August 12, 2025August 25, 2025 Vasil Michev

A recent message center post, MC1131771, notified us about upcoming changes to PowerShell connectivity to the Security & Compliance endpoint. In particular, starting Aug 31st, some cmdlets exposed via said endpoint will require you to leverage the -EnableSearchOnlySession parameter when running the Connect-IPPSSession cmdlet. The set of cmdlets includes: New-ComplianceSearchAction …

Continue readingUpcoming changes to the Connect-IPPSSession cmdlet (the EnableSearchOnlySession switch)

Entra ID, Exchange Online, Microsoft 365, OWA

Did you know: My Groups and guest access restrictions

August 4, 2025 Vasil Michev

In this article we describe some inconsistencies in the behavior of My Groups portal when it comes to handling Microsoft 365 Group’s guest access restriction settings. Read on to get the details. …

Continue readingDid you know: My Groups and guest access restrictions

Uncategorized

How to export unsanitized HAR files with Chrome and Edge

July 31, 2025 Vasil Michev

If using Chrome, open DevTools, hit the gear icon in the top right corner of the DevTools dock (or press F1 while it is in focus), then under Preferences, locate the Network section and toggle the Allow to generate HAR with sensitive data checkbox. If using Edge, open DevTools and look for the … menu in the top right corner, then hit it to select Settings, or press F1 to the same effect. Then Preferences and toggle the Allow to generate HAR with sensitive data checkbox under the Network section. …

Continue readingHow to export unsanitized HAR files with Chrome and Edge

Graph API, Microsoft 365, Office 365, OneDrive for Business, SharePoint Online

How to bulk rename items in SharePoint Online and OneDrive for Business

July 28, 2025July 28, 2025 Vasil Michev

In this article, we examine some basis examples for renaming items (files) stored in SharePoint Online or OneDrive for Business, in bulk. The code samples leverage the Graph SDK for PowerShell’s cmdlet, and a sample using PnP PowerShell is provided as well. As for the scenarios we cover, we start with a simple rename to lowercase, followed by CSV-based example and an example that leverages both the item’s properties and fields. …

Continue readingHow to bulk rename items in SharePoint Online and OneDrive for Business