Recently, a user received the following error message in Teams when trying to schedule a webinar and send email notifications:

Editing isn't available because your org hasn't finished setting up your email domain for M365 notifications yet. Contact your admin for help.

From what I could see, the user was licensed correctly and they have the permissions they need in the Teams Events settings. I searched for the text of the error message, but couldn't find any results on Google.

Here are the steps for how I got it working.

After some looking around, I found that Microsoft changed the requirements on February 1, 2026 to require additional setup in M365.

Starting February 1, 2026, organizations using premium custom HTML templates for Teams Events email notifications must set up and verify their sending domain in Microsoft 365. Without this, custom templates can't be used, and event emails must originate from an authenticated, customer-owned domain.

After reading this note, I was able to find the option in the M365 Admin center.

Before getting started, you must have the Global Administrator role in Entra ID/M365, or a custom role with the MSGraph permission microsoft.directory/organization/allProperties/allTasks

The user will need an M365 license with Teams (any Business or Enterprise license: Business Standard, E3, etc.) and a Teams Premium license.

Also, make sure that you have allowed Teams Webinars for the user from the Event settings page: https://admin.teams.microsoft.com/one-policy/settings/events

1. Navigate to the M365 Admin center: https://admin.cmd.ms/ and click Settings > Org settings
2. Search for “Teams”
3. Click on the “Send email notifications from your domain” option.
4. In the configuration pane, enable the “Use a custom send-from domain address” and add something like “noreply” and select your primary domain.
5. Click the Save button.

After changing this option, it can take about an hour for the changes to take effect. The user may need to restart Teams and/or log out and back in for the policies to refresh.

Additional information

• https://learn.microsoft.com/en-us/microsoftteams/manage-email-communications
• https://learn.microsoft.com/en-us/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide

Discuss...

I love VS Code. It's got all of the features and tools that I need for coding and testing.

When I'm working on a file in the Editor pane and I want to run it or test a command in the Integrated Terminal, I have to manually navigate to the folder where the with a series of cd commands and Tab autocompletes.

If I exit or restart the Terminal, the working directory switches back to the root of my workspace and I have to repeat the process over again.

I have to deal with this annoying quirk dozens of times during the day and it gets very repetitive to keep typing cd.

To make my life easier, I added the keyboard shortcut Ctrl+Alt+c on my Windows machine to change the Integrated Terminal's working directory to the folder of the file I'm currently editing. This shortcut basically sends the command cd 'directory of the current file' so I don't have to keep typing it.

Run this script in the VS Code Integrated Terminal with PowerShell:

$json = @'
// Place your key bindings in this file to override the defaults
[
    {
        "key": "ctrl+alt+c",
        "command": "workbench.action.terminal.sendSequence",
        "args": {
            "text": "cd \"${fileDirname}\"\u000D"
        },
        "when": "editorTextFocus"
    }
]
'@

Set-Content -Path "$env:APPDATA\Code\User\keybindings.json" -Value $json -Encoding UTF8

After running this code in the Integrated Terminal, open the Command Palette (Ctrl+Shift+p), type and run “Developer: Reload Window”. This will reload Code and apply the new shortcuts.

Now, you can use the keyboard shortcut Ctrl+Alt+c to quickly change the Integrated Terminal's working directory to the folder of the file you're currently editing.

Discuss...

I use VSCode for all my coding. One thing I appreciate about the PowerShell module in VSCode is how it recommends best practices inline with my script.

One of the recommended best practices for PowerShell is to use a list of approved verbs that define which words can be used in functions. This makes sense—I love the way PowerShell uses the Verb-Noun structure to keep things standardized and avoid confusion.

Sometimes the recommended list of verbs doesn't include what I'm trying to do, like “Check” or “Verify”. When I write a function using an unapproved verb, VSCode puts an orange squiggly line and these alerts get counted with others that I would consider more important:

This makes my VSCode environment noisy and it can be difficult to sift through all the alerts to try to identify real issues. After some digging, I found a way to hide these alerts without turning off the whole PSScriptAnalyzer feature.

Note: In the code examples, I've removed the signature blocks. Don't change or delete this section in your environment—If you do, you'll need to re-install the PowerShell extension and/or VSCode.

Windows

On Windows, the configuration file for this feature is located at C:\Users\USERNAME\.vscode\extensions\ms-vscode.powershell-2025.0.0\examples\PSScriptAnalyzerSettings.psd1

Open the file and move the PSUseApprovedVerbs from IncludeRules into the ExcludeRules section.

Here is my updated PSScriptAnalyzerSettings.psd1 file:

@{
    # ...
    IncludeRules = @('PSAvoidDefaultValueSwitchParameter',
                     'PSMisleadingBacktick',
                     'PSMissingModuleManifestField',
                     'PSReservedCmdletChar',
                     'PSReservedParams',
                     'PSShouldProcess',
                     'PSAvoidUsingCmdletAliases',
                     'PSUseDeclaredVarsMoreThanAssignments')

    # ...
    ExcludeRules = @('PSUseApprovedVerbs')
    # ...
}

MacOS

On MacOS, the configuration file is here: /Users/USERNAME/.vscode/extensions/ms-vscode.powershell-2025.0.0/modules/PSScriptAnalyzer/1.23.0/Settings/CmdletDesign.psd1

Note: Your module version might be different, so verify you have the correct path.

Comment out the 'PSUseApprovedVerbs' word like this:

@{
    IncludeRules=@( #'PSUseApprovedVerbs',
                   'PSReservedCmdletChar',
                   'PSReservedParams',
                   'PSShouldProcess',
                   'PSUseShouldProcessForStateChangingFunctions',
                   'PSUseSingularNouns',
                   'PSMissingModuleManifestField',
                   'PSAvoidDefaultValueSwitchParameter')
}
# ...

Conclusion

After updating the file, restart VSCode. This should prevent that pesky popup and the alerts from appearing.

Discuss...

Over the past few weeks, I've been working on a demake of the Nebula Bytes Betweenle game in Pico8.

There are some bugs in the way the scale is calculated and I want to add a two player mode, but it's ready for play now!

Play it here: https://www.lexaloffle.com/bbs/?tid=147870

Discuss...

Kicking off 2025 with a certification! Just passed the SC-100 Exam and I am now a Microsoft Certified: Cybersecurity Architect Expert.

I've been working with a company that uses When I Work for employee scheduling and time tracking. This week, they wanted to onboard the service to Entra ID so that users can have a seamless sign on experience through their Microsoft account and the IT admins can secure logins with Conditional Access and other features in the M365 platform.

In my experience, every time I setup SAML Single Sign-On with SaaS apps in Entra ID, the language to get the integration setup is all over the place. Entity IDs, ACS, Issuer URLs, Endpoint URLs, Consumer URLs, Authority URLs, OAuth token endpoints—it's very confusing and changes for each service.

For this project, we couldn't find a guide for onboarding WhenIWork to Entra ID for Single Sign-On, so I wanted to write these steps down for other admins who need it. Big thanks to Sam Guerra for figuring this out.

To make these changes, you'll need these permissions at the minimum:

• Entra ID – Application Administrator Role (or Global Administrator)
• WhenIWork – Admin Role

If you're running Windows, you will also need Local Admin permissions to install the OpenSSL package on your PC (more info below).

Setup the Enterprise Application in Entra ID

First, navigate to the Entra ID/Azure AD portal: https://azad.cmd.ms/

Search for and open up the “Enterprise Application” blade. Click the “New Application” button:

Click the “Create your own application” button. Add a descriptive title like “When I Work SSO”, “WhenIWork” or something similar, then click the “Create” button:

Update the SAML attributes

WhenIWork requires the Unique User Attribute in Entra ID to be set as “user.Mail” instead of the default “user.userPrincipalName”.

To change this, scroll down to section 2 “Attributes & Claims” and click the “Edit” button:

Click on the row “Unique User Identifier (Name ID)”:

Change the “Source attribute” dropdown and set it to “user.mail”:

Save all of the changes and return to the WhenIWork “Single sign-on” blade.

Add information from WhenIWork to Entra ID

When your Enterprise Application is setup, we will need to get some information from WhenIWork using an account with Admin permissions.

Open the following URL in a new tab https://appx.wheniwork.com/settings/saml and login, or open the WhenIWork admin console, login, and navigate to the Gear icon > General Settings at the top right of the page:

Then, select the “SAML SSO” option from the menu on the left:

In the other tab with Entra ID, navigate to the SSO blade located at Manage > Single sign-on and click the “SAML” option:

To make things easier, move the WhenIWork SAML window on the left side of the screen, and the Entra ID Enterprise Application page to the right.

Copy the following values from WhenIWork over to the Entra ID “Basic SAML Configuration” page and click the “Save” button when finished.

Add information from Entra ID to WhenIWork

Now that you've added the information to Entra from WhenIWork, you will need to add some information in the other direction.

In Entra ID, navigate back to the Single sign-on blade and scroll down to the fourth section on the “SAML-based Sign-on” page. Copy the following values from Entra ID over into WhenIWork:

Get the certificate fingerprint

Download the Certificate file. In the Entra ID tab, navigate to the “Single sign-on” blade of the Enterprise Application, scroll down to section 3 “SAML Certificates” and download the “Certificate (Base 64)” file in the .cer format.

Now, you'll need to get the Certificate Fingerprint (not the Thumbprint listed in Entra ID) from the .cer file. This is a bit of a pain and requires some manual intervention.

Here are the instructions for both Windows and MacOS to generate the fingerprint:

Windows

These steps were performed on Windows 11.

On a Windows PC, you will need to download and run an OpenSSL application to generate the fingerprint.

Open a new tab and download the Win64OpenSSLLight EXE file directly from this link: https://slproweb.com/download/Win64OpenSSLLight-340.exe

Alternatively, navigate to the product page and download the version you need: https://slproweb.com/products/Win32OpenSSL.html

Install the EXE file and open the app from the Start menu named “win64 OpenSSL Command Prompt:

Run the following command to generate the thumbprint, changing the -in location to where you downloaded the file:

openssl x509 -fingerprint -sha256 -in "C:\Users\TimDAnnecy\Downloads\When I Work.cer"

Copy the output to the clipboard:

Now, you need to remove the : colon characters from the Fingerprint string.

You can do this manually, or by pasting it into Notepad and using the Find & Replace tool (Ctrl + H) to “Replace all” and remove all colon characters. Once cleaned up, Copy the Fingerprint to the clipboard.

Now, you need to remove the : colon characters from the Fingerprint string.

You can do this manually, or by pasting it into Text Edit and using the Find & Replace tool (Ctrl + H) to “Replace all” and remove all colon characters. Once cleaned up, Copy the Fingerprint back to the clipboard.

MacOS

Note: These steps were performed on MacOS Sequoia 15.2 (24C98)

On a Mac, the OpenSSL app is pre-installed and you can generate the thumbprint with a single command.

Open the Terminal app and run the following command, changing the location to where you downloaded the file:

openssl x509 -fingerprint -sha256 -in /Users/tim/Downloads/When\ I\ Work.cer

Copy the Fingerprint output to the clipboard:

Now, you need to remove the : colon characters from the Fingerprint string.

You can do this manually, or by pasting it into TextEdit and using the Find & Replace tool (Command + F) to “Replace all” and remove all colon characters. Once cleaned up, Copy the Fingerprint back to the clipboard.

Paste the Fingerprint into WhenIWork

Once you have the Fingerprint copied to the clipboard, return to the WhenIWork SAML page and paste the value into the “Certificate Fingerprint (SAML)” field and click the “Save” button.

Test the integration

Now that the attributes have been added in WhenIWork and in Entra ID, test to make sure the configuration is working by clicking the “Test this application” button:

Click the “Test sign-in” button. If everything comes back successfully, you've configured the Entra ID side correctly.

Try signing into WhenIWork by navigating to the app in the M365 Waffle menu:

Alternatively, navigate to the main WhenIWork homepage and click the “Login” link that the top right: https://wheniwork.com

On the login page, click the “Third Party Connect” button:

Choose “SAML”:

Type the company name, account ID, or subdomain and click the “Login” button.

Note: If you don't know the Account ID, you can get it by signing in with your Admin account (non-SSO sign in) and navigating to Gear icon > General Settings at the top right of the page. This information is in the Account ID field.

If SAML is configured correctly, you'll get the Entra ID sign in flow and can sign in using your Microsoft account.

Conclusion

Thanks again to Sam Guerra for figuring out the certificates in this flow.

Discuss...

A client I've been working with needed a way to check the warranty status of thousands of Lenovo laptops they own. The end goal was to import the warranty expiration dates into Freshservice so they can estimate device lifecycles and find out which users needed laptop replacements.

Right now, Lenovo doesn't offer an API that could do this and I would need to look up each laptop one-by-one.

To solve this problem and avoid manual lookups, I wrote a short PowerShell script that takes the serial number, scrapes Lenovo's warranty check page and gets the warranty information for the device, then outputs to a PowerShell object with the regular and upgrade warranty statuses and the end dates.

In my use case, I exported all devices from Intune into a .csv file, filtered on all Lenovo devices, then ran the Get-LenovoWarrantyInformation script against all of them in a for loop. I exported to a clean .csv file that I could then upload into the Freshservice inventory.

Here's the script:

# Get-LenovoWarrantyInformation.ps1
# Get Lenovo warranty information via web scrape using serial number.
# Example: Get-LenovoWarrantyInformation -SerialNumber 'BLAH'
# Tim D'Annecy 2024

function Get-LenovoWarrantyInformation {
    param (
        [Parameter(Mandatory = $true)]
        [string]$SerialNumber
    )

    $Url = "https://csp.lenovo.com/ibapp/il/WarrantyStatus.jsp?serial=$($SerialNumber)"

    $htmlContent = Invoke-WebRequest -Uri $Url -UseBasicParsing
    $parsedHtml = $htmlContent.Content
    $WarrantyStatus = [regex]::Match($parsedHtml, "Status:&nbsp;<\/b><span[^>]*><b>(.*?)<\/b>", [System.Text.RegularExpressions.RegexOptions]::IgnoreCase).Groups[1].Value.Trim()
    $WarrantyEndDate = [regex]::Match($parsedHtml, 'End Date:&nbsp;<\/b>(.*?)<\/td>', [System.Text.RegularExpressions.RegexOptions]::IgnoreCase).Groups[1].Value.Trim()
    $UpgradeWarrantyStatus = [regex]::Match($parsedHtml, "Upgrade Warranty Information.*?Status:&nbsp;<\/b><span[^>]*><b>(.*?)<\/b>", [System.Text.RegularExpressions.RegexOptions]::Singleline).Groups[1].Value.Trim()
    $UpgradeWarrantyEndDate = [regex]::Match($parsedHtml, 'Upgrade Warranty Information.*?End Date:&nbsp;<\/b>(.*?)<\/td>', [System.Text.RegularExpressions.RegexOptions]::Singleline).Groups[1].Value.Trim()
    $UpgradeWarrantyExcluding = [regex]::Match($parsedHtml, 'Upgrade Warranty Information.*?Excluding:&nbsp;<\/b>(.*?)<\/td>', [System.Text.RegularExpressions.RegexOptions]::Singleline).Groups[1].Value.Trim()

    $WarrantyInfo = [PSCustomObject]@{
        SerialNumber             = $SerialNumber
        WarrantyStatus            = if ($WarrantyStatus) { $WarrantyStatus } else { 'N/A' }
        WarrantyEndDate          = if ($WarrantyEndDate) { $WarrantyEndDate } else { 'N/A' }
        UpgradeWarrantyStatus     = if ($UpgradeWarrantyStatus) { $UpgradeWarrantyStatus } else { 'N/A' }
        UpgradeWarrantyEndDate   = if ($UpgradeWarrantyEndDate) { $UpgradeWarrantyEndDate } else { 'N/A' }
        UpgradeWarrantyExcluding = if ($UpgradeWarrantyExcluding) { $UpgradeWarrantyExcluding } else { 'N/A' }
    }

    return $WarrantyInfo
}

Also available on GitHub Gist: 

There is no error catching or rate limiting for the script, so run at your own risk!

I hope this is helpful as a workaround, since Lenovo doesn't offer a proper API and this saved me a lot of time.

Discuss...

I recently received a request to update the Azure Data Factory Linked Service connector to Salesforce. When they login, they get the following warning message:

Your Data Factory has pipelines that are still utilizing the legacy connector versions. Please kindly upgrade to the latest connector version at your earliest convenience. For your reference, you can view all the relevant linked services here.

When I click on the “View all” link, I can see that there's a Linked Service with the “Salesforce (Legacy)” type listed:

This post will discuss the steps for upgrading this connector to use the modern OAuth method for authentication and how to update your Azure Data Factory flows with the new Salesforce connector.

To perform these actions, you will need at least the following permissions:

• Contributor access to the Azure Data Factory
• System Administrator profile in Salesforce

Prepare Salesforce configuration

To begin, we have to configure Salesforce to use an app for OAuth authentication.

1. Login to Salesforce and navigate to Settings > Setup

1. Navigate to Apps > App Manager

1. Click “New Connected App”

1. Select “Create an External Client App” and click the “Continue” button.

1. I the popup, enter a name like “Azure Data Factory” and fill in the required contact information.

1. Expand the option for “API (Enable OAuth Settings” and check the box for “Enable OAuth”.

1. In the “Callback URL” field, enter both URLs:

• https://adf.azure.com/
• https://*.azure.com

In the OAuth Scopes section, add the following permissions to the right side:

• Full access (full)
• Perform requests at any time (refreshtoken, offlineaccess)

1. Check the box “Enable Client Credentials Flow” and accept the confirmation popup.

Once completed, click “Create”.

1. Return to the External Client App Manager page. Click on the arrow next to your Azure Data Factory app, and click “Edit Policies”.

1. Expand the “OAuth Policies” section.

Edit the Run As (Username) field with the login name for the Service Account in Salesforce. This Service Account should have the “Salesforce Integration” User License applied to it.

Click the “Save” button when finished.

1. Now that the Connected App is created, retrieve the Key and Secret for Azure Data Factory.

Inside the External Client App Manager menu for your Azure Data Factory app, navigate to the Settings tab. Expand the “OAuth Policies” section and click “Consumer Key and Secret”.

1. Copy both values to a Notepad document or other scratch pad.

These values will be used to configure Azure Data Factory.

Configure Azure Data Factory

Now that the Salesforce side is configured, you can create a new Linked Service in Azure Data Factory to connect.

1. Navigate to Azure Data Factory: https://adf.azure.com/

Navigate to Manage > Linked services > New

1. Search for and select “Salesforce”:

1. Name the Linked Service “Salesforce” and enter the Salesforce Environment URL, formatted like https://tenant.my.salesforce.com/or a Sandbox environment, use: https://tenant.sandbox.my.salesforce.com/

1. Copy and paste the values from Salesforce into Azure Data Factory:

• Consumer Key = Client ID
• Consumer Secret = Client secret

Set the Salesforce API version to: 54.0

1. Click the “Test connection” button to ensure it's working, then click the “Create” button to save the Linked Service.

Update Azure Data Factory resources

Now that the new Linked Service is added, you will need to update all of the legacy resources that use that Linked Service.

1. Navigate to Manage > Linked Services and click on the “Salesforce (Legacy)” Linked Service.

In the pane to the right, these Datasets will need to be updated by clicking on the item, and changing the configuration.

1. Update each of the related objects by changing the Linked Service in the dropdown to the new Salesforce connection.

Be sure to make sure all of your Pipelines are using this new Linked Service and that there are no query issues. Once you're sure, you can delete the old Linked Service for “Salesforce (Legacy)”.

References

• Configure Azure Data Factory for Salesforce 2024 (datatoolspro.com) [A]

• Linked services – Azure Data Factory & Azure Synapse | Microsoft Learn

• Copy data from and to Salesforce – Azure Data Factory & Azure Synapse | Microsoft Learn

Discuss...

Last week after our All Hands Meeting, I joined my CREO coworkers at Boxyard RTP for Happy Hour.

Seeing people in person is great and the charcuterie was delicious!

Over the weekend, I finished coding a demake of the New York Times Connections game in Pico8.

There are a lot of bugs in the code right now, but it's playable and I was able to squeeze in the puzzles from July, August, and the first week of September and came right under the Pico8 cartridge size limit.

Play it here! https://www.lexaloffle.com/bbs/?tid=144092

Discuss...