Wow, what a week coming out of Microsoft Ignite! There is SO much coming out of a variety of sources this week. Yours truly was feature in a ThreatLocker promotional video this week to talk about zero trust security.

Enjoy all of this great PowerShell content! And for those of you in the US, have a great Thanksgiving!

Real World PowerShell Scripting from a Sysadmin

Jake’s Tech has a great, real life anecdote about using PowerShell in the field as a SysAdmin.

Azure CLI and Azure PowerShell Get Major Updates at Microsoft Ignite 2025

Microsoft announced substantial improvements to Azure CLI and Azure PowerShell at Ignite 2025, focusing on quality, security, and user experience enhancements Microsoft Community Hub. Notable updates include new What-If and Export Bicep parameters that leverage AI to preview resource changes and generate Bicep templates Microsoft Community Hub. The Azure PowerShell team also introduced improvements for handling MFA claims challenges, enabling proper authentication when conditional access policies require MFA Microsoft Community Hub. Services updated span ACR, AKS, App Service, ARM, Backup, Cosmos DB, Container apps, an Microsoft Community Hubd many more.

https://techcommunity.microsoft.com/blog/azuretoolsblog/azure-cli-and-azure-powershell-ignite-2025-announcement/4471182

Microsoft Launches Preview of Exchange Admin API to Replace EWS

Microsoft launched the preview of the Exchange Admin API on November 17, intended to close known feature gaps in the Graph APIs and allow developers to migrate from Exchange Web Services before Microsoft retires EWS in October 2026 office365itpros. The new API functions as a time-limited solution that allows clients to submit cmdlets for processing. It’s designed specifically to help organizations transition away from EWS before the deprecation deadline.

https://office365itpros.com/2025/11/17/exchange-admin-api-preview/

Get the AI Hype Cycle Right

Jeffrey Snover, our beloved creator of PowerShell, has a great article on the AI Hype Cycle on his blog.

https://www.jsnover.com/blog/2025/11/20/getting-the-ai-hype-cycle-right/

Purview Launches New DLP Policy to Control Copilot Prompts

A new DLP policy for Copilot prompts monitors blocked sensitive information types like credit card numbers to prevent their use in Copilot prompts office365itpros. According to a session at Ignite on November 18, Purview will implement features like DLP checking for agent prompts as part of the Agent 365 framework, notified as MC1181998 and due Office 365 IT Pros for public preview later this month. The new policy operates separately from the existing DLP policy for Copilot that checks files with sensitivity labels.

https://office365itpros.com/2025/11/19/purview-dlp-copilot-prompts/

The PSADT Framework Explained

Andrew Pla sits down with Dan Cunningham, Strategic Innovation Leader for PowerShell App Deployment Toolkit (PSADT), to talk about the history, architecture, and evolution of the open-source framework used for enterprise software deployment.

Automating Microsoft 365 with PowerShell December 2025 Update Released

The December 2025 update (version 18) of the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download Office 365 IT Pros. The biggest new feature is the ability to restore soft-deleted security groups, just like it’s been possible to do for Microsoft 365 Groups since 2016 Office 365 IT Pros. Another change is that the default app management policy can now be updated through the Entra admin center, which controls details such as whether apps can use app secrets for authentication Office 365 IT Pros. Microsoft has also started to burn down the Microsoft Graph PowerShell SDK open issues list, with V2.31 and V2.32 proving to be stable releases Office 365 IT Pros.

https://office365itpros.com/2025/11/21/automating-microsoft-365-18/

Removing Inactive Entra ID User Accounts with PowerShell

The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts, but the same can be done with PowerShell to avoid the cost of Entra ID Governance licenses or create a bespoke workflow better suited to business needs office365itpros. Azure Automation provides an excellent platform for processing this type of workflow, offering scheduling capabilities and centralized management for inactive account detection and remediation scripts.

https://office365itpros.com/2025/11/17/removing-inactive-entra-id-accounts-powershell/

Microsoft Ignite 2025 Keynote Delivers Microsoft 365 Announcements

The Microsoft Ignite 2025 keynote announced additional functionality for Microsoft Copilot users in an update rolling out in January 2026, where Chat in Outlook will expand its ability to reason from a single email thread to a complete mailbox, and Copilot Chat gains the ability to create Word, Excel, and PowerPoint files from web data Office 365 IT Pros. Word, Excel, and PowerPoint will gain an agent mode to expand the ability of apps to reason over web data and the current file to create content, though the agent feature is only available if the tenant allows people to connect and use the Anthropic Claude model Office 365 IT Pros. Microsoft also announced the bundling of Security Copilot in Microsoft 365 E5, with tenants receiving 400 Security Compute Units per month for every 1,000 user licenses, up to 10,000 SCUs per month Office 365 IT Pros.

https://office365itpros.com/2025/11/19/ignite-2025-day-1/

Agent 365: Microsoft’s New Control Plane for AI Agents Unveiled at Ignite

Microsoft introduced Agent 365 as the central control system for managing AI agents inside organizations, providing one place to secure, monitor, and govern every agent built or used TechCabal. Instead of treating agents like simple tools, Agent 365 gives each one a unique identity through Microsoft Entra ID, helping control what each agent can access and reducing the risk of data exposure or misuse TechCabal. Agent 365 focuses on four key areas: Registry for tracking all agents, Access control with unique identities, Security integration with Microsoft Defender and Purview, and Visualization dashboards showing how agents interact with people and systems TechCabal.

https://techcabal.com/2025/11/20/5-key-announcements-from-microsoft-ignite-2025/

WhatsApp Malware Campaign Uses PowerShell for Astaroth Deployment

Sophos analysts are investigating a persistent multi-stage malware distribution campaign targeting WhatsApp users in Brazil that started on September 24, 2025, tracked as STAC3150, which delivers archive attachments containing a downloader script that retrieves multiple second-stage payloads Sophos. The malicious file launches PowerShell to retrieve second-stage payloads, including scripts that collect WhatsApp user data and an MSI installer that delivers the Astaroth banking trojan Sophos. In late September incidents, PowerShell was used to retrieve the second-stage payloads via IMAP from an attacker-controlled email account, then in early October, the campaign shifted to HTTP-based communication using PowerShell’s Invoke-WebRequest command Sophos.

https://news.sophos.com/en-us/2025/11/20/whatsapp-compromise-leads-to-astaroth-deployment/

Microsoft November 2025 Security Updates Address 63 CVEs

Microsoft released its November 2025 security patches, addressing a total of 63 Common Vulnerabilities and Exposures across various areas of the Windows environment, including fixes for Nuance PowerScribe software, Configuration Manager, Microsoft Office Excel, SQL Server, Azure Monitor Agent, Windows Smart Card components, DirectX, and several other applications NT Compatible. Many of these vulnerabilities have high base scores on the CVSS scale but are considered difficult to exploit due to specific requirements or conditions needed to trigger them NT Compatible. Several Excel vulnerabilities share a CVSS base score of 7.8, while SQL Server’s vulnerability CVE-2025-59499 received an 8.8 score.

https://www.ntcompatible.com/story/microsoft-november-2025-security-updates

Event Roundup

PSConfEU 2026 Call for Speakers The call for speakers is now open for PSConfEU 2026, taking place in Wiesbaden, Germany on June 1-4, 2026. Submission deadline is December 14, 2025.

https://sessionize.com/psconfeu26

PowerShell + DevOps Global Summit 2026 Save the date: April 13-17, 2026 in Bellevue, WA. The premier PowerShell community event returns next spring.

https://www.powershellsummit.org/