What You No Longer Need After Skype for Business Online’s Retirement

Many tenants still carry Skype for Business (SfBO) and Lync-era DNS baggage years after moving to Microsoft Teams. This post explains which legacy DNS records you can safely remove, when to keep the SIP federation record, and how to audit and clean up across all your verified domains.

1) Why these records existed

Historically, Skype for Business Online and Lync used several DNS records to enable client sign‑in, service discovery, and SIP routing:

Why SMTP DANE Is a Powerful Addition to Email Security

Email remains one of the most critical communication tools for businesses, but it’s also a frequent target for cyberattacks. To combat spoofing, phishing, and impersonation, many organizations already rely on SPF, DKIM, and DMARC. These protocols help verify the sender’s identity and ensure message integrity. However, they don’t fully protect the transport layer—the actual path your email takes across the internet.

Introduction

Email Security Challenges: A Brief Overview

In today’s digital age, email remains a fundamental communication tool for individuals and businesses alike. However, its widespread use also makes it a prime target for cyber threats. Email security challenges are diverse and evolving, ranging from spam and malware distribution to more sophisticated threats like phishing and spoofing attacks. These attacks not only compromise sensitive information but also damage the trust and integrity of communication channels.

With this post, I will take you on the journey to enable FIDO authentication for Office 365 as an alternative to the Authenticator app or as an addition to the Authenticator app.

What is FIDO

FIDO stands for “Fast IDentity Online” and provides a passwordless authentication method with a passkey like the Yubikey 5. FIDO allows you to log into many websites and devices without entering a password. In-depth information about FIDO can be found on the FIDO Alliance website.

Lately, I have been working on some self-service tooling so that the employees can do specific tasks themselves, like updating members of a Shared Mailbox instead of creating a ticket and asking IT to do this. To build this solution, we have developed an Azure Function with API management as the back-end and a PowerApp as the front-end.

Our team uses PowerShell a lot, and the easiest way to communicate with Exchange Online is using PowerShell.

This week I will share a tool I use daily as a non-native English speaker and writer; spelling and grammar are not my best skills, so about five years ago, I found Grammarly.

What is Grammarly

Grammarly is a service that assists you with your writing skills. It marks your spelling and grammar mistakes and explains why things are a mistake and how you can improve it. It works by default in the browser, Microsoft Office, an app on your machine, and a keyboard on your mobile. Lately, it also got a function to work as a screen reader, so applications that it does not support by default can benefit from it.

Assigning permissions to a Managed Identity is more complex than an app registration; the only way is thru PowerShell or Microsoft Graph. So this time, I created a simple script to add permissions to a Managed Identity using the Graph PowerShell modules.

Prerequisites

You need two modules for this:

• Microsoft.Graph.Applications
• Microsoft.Graph.Authentication

Rights

The rights that are needed to assign rights and find the correct IDs are

• Directory.Read.All
• AppRoleAssignment.ReadWrite.All

The script

$objectID = "<ObjectID of the Managed Identity>"
$ServicePrincipal = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'"
$approle = $ServicePrincipal.AppRoles | Where-Object {$_.Value -eq "Sites.Selected" -and $_.AllowedMemberTypes -contains "Application"}
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $objectID -PrincipalId $objectID -ResourceId $ServicePrincipal.Id -AppRoleId $appRole.Id

You need to find some Identifiers before assigning permission to the Managed Identity. In the above script, Microsoft.Graph application permission ‘sites.selected’ is given to the Managed Identity. The resourceId is the id of Microsoft.Graph ServicePrincipal.

In PowerShell 7, I have noticed that on my machine the Progress bar was not showing by default. I found that annoying, so I searched for how to get it back; this was very easy in the end.

Reveiling it again

All you have to do is add this line of code to your script

$ProgressPreference = 'Continue'

Show it at the top

This line will display the progress bar again; the only difference with the previous PowerShell versions is that it now shows it inline instead of at the top of the window.

In the last few weeks, I took some time to refactor most of my scripts and Azure Automation script to use the Microsoft Graph Modules over the Azure AD Module. As I explained in my previous blog, the Azure AD module is declared deprecated.

How to start updating

The first thing to do of course is to install the latest Microsoft Graph Modules with:

Install-Module Microsoft.Graph

Connecting to the Graph

Connecting to the Microsoft Graph is almost the same as via Azure AD, except there are a few extra options

Five years ago, I wrote an article about enabling PIM roles with Powershell, and last week I took it upon myself to convert it using the Microsoft Graph PowerShell modules

Why would you move?

The primary reason to start moving to the graph modules is that the AzureAD and other modules were declared deprecated last year; see this post for all the details https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-change-management-simplified/ba-p/2967456 The modules still work but will not get any updates anymore. All effort of Microsoft is being put into the Microsoft Graph and Microsoft Graph Modules.