Connecting LinkedIn to Office 365 with Just a Bit of PowerShell
In October 2018, I wrote about the process of connecting Office 365 accounts to LinkedIn accounts so that Office 365 can fetch LinkedIn information about contacts and include it in Office 365 people cards. At that time, tenant administrators had to define a list of individual users allowed to use the LinkedIn connection in Azure Active Directory. This implementation worked, but it was clearly inefficient for larger organizations where thousands of people might want to use LinkedIn. Microsoft therefore announced on April 25 (MC178371) that access is granted to members of a specific group rather than individual users.
The change makes sense. It’s easier to update membership of a security group than inputting lists of individual users into the Azure portal, if only because you can update group membership with PowerShell.
New Security Group Required
The change means that you must create a new security group in Azure Active Directory. If preferred, you can use a distribution list or Office 365 group instead, but a security group is better because it doesn’t show up in the GAL. You can’t use a dynamic group.
Once the group is selected, you can add users who currently have access to LinkedIn today (because they were assigned individual access) to the group by fetching the membership using an Azure app. The result is a set of GUIDs for the accounts (Figure 1).
Figure 1: A list of GUIDs for the accounts allowed to access LinkedIn
Updating Group Membership with PowerShell
Clicking the link to export the GUIDs to a CSV file creates a file called Users.CSV in the workstation’s Downloads folder. The file is supposed to contain the GUIDs but several attempts to create a populated file failed using Chrome, Edge (Chrome), and Internet Explorer. I eventually gave up and updated the membership of the security group using PowerShell.
——– ———– ———–
# Retrieve the GUID for the group used to control LinkedIn access
Get-AzureADGroup -SearchString LinkedIn
ObjectId DisplayName Description
-------- ----------- -----------
86a8e632-5dd3-4fa9-a962-08d41e353a19 LinkedIn Connections People allowed to use the LinkedIn
# Update memberships with the GUIDs for the accounts to receive access
Add-AzureADGroupMember -ObjectId 86a8e632-5dd3-4fa9-a962-08d41e353a19 -RefObjectId d446f6d7-5728-44f8-9eac-71adb354fc89
After some quick cut and paste, all of the previous users who had access were added to the group. I verified the membership was correct with:
# Retrieve membership of the group used to control LinkedIn Access
Get-AzureADGroupMember -ObjectId
86a8e632-5dd3-4fa9-a962-08d41e353a19
ObjectId DisplayName UserPrincipalName UserTyp
e
-------- ----------- ----------------- -------
eff4cd58-1bb8-4899-94de-795f656b4a18 Tony Redmond Tony.Redmond@office365itpros.com Member
d36b323a-32c3-4ca5-a4a5-2f7b4fbef31c Kim Akers Kim.Akers@office365itpros.com Member
d446f6d7-5728-44f8-9eac-71adb354fc89 James Abrahams James.A.Abrahams@office365itpros.com Member
cad05ccf-a359-4ac7-89e0-1e33bf37579e James Ryan James.Ryan@office365itpros.com Member
Updating Azure with the Security Group
With a fully populated group, I went to the Azure Active Directory portal and updated the User settings to make sure that the correct group was selected (Figure 2).
Figure 2: Updating Azure Active Directory with the group to control LinkedIn connections
All we’ve done so far is replace the set of individual LinkedIn connection assignments with a security group whose membership controls who can access LinkedIn data from Office 365. It’s worth emphasizing that individual users must still approve their connection to LinkedIn before Office 365 can retrieve and display contact data.
Updating the Security Group to Add More People for LinkedIn Access
The important thing is that because access is now controlled by a security group, we can easily update the membership of that group to assign access to additional people. For instance, here’s how to assign access to every mailbox in a tenant.
# Add all mailboxes to the set of accounts allowed to access LinkedIn contacts
$Mbx = (Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox |Select UserPrincipalName, ExternalDirectoryObjectId)
ForEach ($M in $Mbx) {
Add-AzureADGroupMember -ObjectId 86a8e632-5dd3-4fa9-a962-08d41e353a19 -RefObjectId $M.ExternalDirectoryObjectId }
You’ll see errors if you try to add a member that already exists in the group. A check to see if a member already exists would solve the problem, but this code is just for illustrative purposes. Clearly, it’s possible to create all sorts of filters to control who gets access if you wish.
For more information about the LinkedIn connection to Office 365, see Chapter 3 of the Office 365 for IT Pros eBook.
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
One Reply to “LinkedIn Connector for Office 365 Uses Group to Control Users Allowed to Access Contacts”
Comments are closed.