Thursday, September 2, 2021

Who "Touched" My Files !?

As the saying goes, one thing leads to another. I recently had a request to flag any access to a SharePoint folder and alert on it. There are many ways (as I have found) to accomplish this. Depending on who wants to be alerted, and what kind of licensing you have in Office 365, will depend on the path you take.

Audit Log Search

The easiest way to do this (albite being very broad, and not very customizable), is using the Audit log curtesy of Microsoft Auditing Service. To set this up, just simply follow the instructions here to setup the "Admin Role" to view the audit logs (please don't ask why this is in Exchange).

Once that is done, you can create an audit retention policy in the Compliance Centre (at the time of writing 😜) to retain the logs for however many days you need (based on your compliance policies).

Then use the search option to search through the logs as required...


Cloud App Security

Another way to do this is Microsoft CAS (Cloud App Security). You may create an Activity Filter and set an alert from the GUI which will flag any such access like the below.

However, if you want to be more discrete, you can use the MCAS API access method to run a PowerShell script that will do this for you either regularly or on-demand.

Note: Before you can run the script, you will need to install the MCAS module, create a CAS API Token, and save the provided secret key and URL to be used by the script.

Download v.0.1 - 2017-09-13 -get-McasFileAccess.ps1

Monday, July 27, 2020

Teams Focusing Status


Focusing

I love the new "Focusing" mode in Teams; this came by surprise as the feature was lit up in August 2019 but simply put your status to "Do Not Disturb". I haven't seen an announcement about this, but apparently, there is now a new specific status called "Focusing" which is slightly different from the traditional "Do Not Disturb" status.

Setting this up is currently restricted to using MyAnalytics to subscribe to a "Focus" plan (which there is only one right now). As you may already know, this wouldn't go down well with me; I needed to know how this actually works, and try and have my own plan.

Creating a new meeting invite with the exact same options as the one created by MyAnalytics didn't do the job, so I dived into the underlying meta-data of the meeting invite; and figured out the three pieces of information that Teams looks for to determine if this meeting item is a "Focusing" entry.

  • Most importantly, this meeting needs to only have one person "YOU"
  • The internal flag "IsDoNotDisturbTime" has to be set to true
  • The internal flag "IsBookedFreeBlocks" has to be set to true
To help anyone who wants to set their own schedule, away from MyAnalytics, I have written a little VBA snippet that can be used in outlook after selecting a "focus" meeting that you have created yourself.

Download
v.0.0.2 - 2022.02.28 - ToggleFocusing.vba