How to Track the Progress of an Auto-Label Policy

Auto-label policies are a good way to assign retention labels to important files stored in SharePoint Online and OneDrive for Business. The big problem is tracking the progress of auto-labeling. In this article, we explore how to use events logged in the Office 365 audit log to figure out what files are labeled and how long it takes the auto-label policies to process the files. The example explored here is an auto-label policy for Teams meeting recordings.

Speeding Up the Groups and Teams Activity Report by Replacing PowerShell with Graph API Calls

Sometimes it’s wise to give PowerShell scripts a turbo boost. This is certainly true for the Groups and Teams Activity report script, where a large amount of PowerShell processing has been replaced with speedy Microsoft Graph API calls. The result is much faster processing, which means that the script is more useful in large tenants. I still wouldn’t try to run it against 100,000 groups, but anything smaller should be OK. I think!

New PowerShell Controls Available to Control Default Sharing Links for SharePoint Sites

New PowerShell commands for sensitivity labels can configure default sharing link settings for SharePoint Online sites. Any site assigned a label configured for default sharing links inherits those settings within 24 hours. The new settings are in public preview now with general availability expected later this year. They build on the existing set of controls for container management available for sensitivity labels and show how powerful it is for organizations to be able to deploy management policy settings via labels.

Finding Who’s Assigned a License for Individual Office 365 Applications

Finding out which Azure AD accounts have licenses (service plans) for different applications isn’t difficult. You can do it with either PowerShell or the Microsoft Graph API. This article explains how to use PowerShell (and the equivalent Graph API call) to find accounts which have a certain license (service plan) enabled or disabled. Once you know how to navigate license data in Azure AD accounts, you can take the code and adapt it for different purposes.

Microsoft Lays Out Future for Azure AD PowerShell Module

Anyone writing PowerShell code against Azure Active Directory probably uses the Azure AD module. In June 2022, Microsoft will deprecate the API underpinning the Azure AD module. Tenants who want to use PowerShell to create scripts to automate administrative processes will need to move to Graph API calls or use the Microsoft Graph PowerShell SDK. Either way, there’s a bunch of work to do to upgrade scripts.

How to Report Membership of Microsoft 365 Compliance Role Groups

Compliance role groups control access to Microsoft 365 compliance functionality. A new permissions page makes it easier to manage these groups in the Microsoft 365 compliance center, where you can also manage the Azure AD roles used by Microsoft 365 compliance. If you want to generate a report about who holds what role, you’ve got to use PowerShell. The code is easy once you know which roles you want to report.

Microsoft Releases V2.3.1 of the Teams PowerShell Module

Without any fanfare, Microsoft released V2.3.1 of the Microsoft Teams PowerShell module on May 10. The new module contains some fixes but little extra functionality. Essentially, this release is all about clearing the decks to prepare for the retirement of Skype for Business Online on July 31, 2021. Those who use the old Skype for Business Online connector need to upgrade their scripts before it stops working on May 15, 2021.

Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts

Without warning (for security reasons), Microsoft stopped the Exchange Online Set-User cmdlet being able to update the work and mobile numbers for Azure AD accounts. We don’t know what kind of security concerns caused Microsoft to take this action, but it might be associated with administrative roles. In any case, this disappointing example of how to communicate with customers might end up with people having to update some PowerShell scripts – and no one likes unexpected work.

How to Create an Azure AD B2B Collaboration Policy

Azure B2B collaboration is used by Microsoft 365 Groups-based apps like Teams, Planner, and Yammer to create new guest accounts. You can update settings in the Azure AD portal to stop new accounts from specific domains or restrict guests to a list of known domains. But before you go ahead and update the settings, it’s a good idea to know where existing guest accounts come from. It’s easy to create a report with PowerShell. The next step might be to remove guests from offending domains.

Microsoft Brings the Top Senders and Recipients Report Back from the Dead

For whatever reason, Microsoft decided to cancel plans to remove the Top Senders and Recipients report from the SCC, citing customer feedback as the reason. The thing is that the SCC report and its underlying cmdlet use an old data source. The Microsoft Graph Reports API is the modern approach and an adequate replacement usage reports is available in the Microsoft 365 admin center. I really can’t understand why anyone would want to keep the old report as it’s not very good at all.

Why Typed Variables Matter When Using Microsoft 365 PowerShell Cmdlets

PowerShell pros know the secrets of typed variables and why this matters when cmdlets return data, but some of us have been doing things wrong for years. Which is why I spent a couple of hours contemplating the differences between typed and untyped variables when handling items returned by cmdlets. They say that old dogs can’t learn new tricks. I beg to differ…

How to Create a Report of Managers and Their Direct Reports from Azure AD

Azure AD holds information about managers and their direct reports. It’s easy for that data to go out of date, so we create a report to tell us who are the managers and how many direct reports they have. Azure AD has some cmdlets to retrieve information about managers and direct reports, but as it turns out, the older Get-User cmdlet is the best way to proceed.

How to Decrypt SharePoint Online Documents Using PowerShell and the Graph API

Sensitivity labels are a great way to protect confidential documents stored in SharePoint Online. Sometimes the documents must be decrypted. This article explains how to build a PowerShell script which uses Graph API calls to navigate to a folder in a SharePoint Online document library and decrypt the protected documents found in the folder.

Microsoft Updates Teams PowerShell Module to 2.0

Microsoft has released V2.0 of the Teams PowerShell module. It brings some welcome improvements, notably the inclusion of all the management cmdlets, but has a downside too. The new cmdlets for managing teams templates are not easy to use and some authentication issues affect the Connect-MicrosoftTeams cmdlet after a change in authentication libraries. Microsoft has some work to do to improve this version of the module.

Microsoft Imposes Consistency for New Teams Settings

Microsoft is changing the way new teams are created in the Teams admin center to make sure that their settings are consistent with teams created in other interfaces. It’s a good idea because it means that all teams are then created equal. Organizations who wish to use different settings can update teams once they’re created using either PowerShell or the Graph API.

How to Create a Report About the Membership of Microsoft 365 Groups (and Teams)

There are many examples of PowerShell scripts which create reports about the membership of Microsoft 365 Groups. Most are slow. This version is faster because of its per-user rather than per-group approach to processing. The output is a nice HTML report and two CSV files containing a list of memberships in Microsoft 365 Groups and summary data for each user in the tenant.

Printing a Report of Microsoft 365 Group (Team) Membership

Many people want to print off membership details of Microsoft 365 groups, which makes it curious why Microsoft doesn’t support the option in Teams, OWA, or other applications. Fortunately, it is very easy to extract and report membership with PowerShell. Here’s how to generate a HTML report with a CSV file on the side.

How to Report Audit Events Generated for Sensitivity Labels

Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.

New Format Rolls Out for Incoming Webhook URLs Used by Teams and Groups

The inbound webhook connector used by Teams and Microsoft 365 Groups to accept information from external sources is getting a new format. Existing connectors must be updated by April 11, 2021. If not, data will stop flowing into the target channel or group, and that would be a bad thing.

Use the Graph API to Work with Azure AD Access Reviews

You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.

Introducing the Office 365 for IT Pros GitHub Repository

Need a PowerShell script to do something with Office 365? You might find a script or at least an idea – in the Office 365 for IT Pros GitHub Repository. We have created over 80 scripts as examples and demonstrations of how to get stuff done in an Office 365 tenant with PowerShell. You’re welcome to use anything in the repository and especially welcome to fix our bugs.

How to Rebuild Delegate Access for a Calendar with PowerShell

Sometimes delegate access for an Exchange Online calendar goes awry due to corrupted items in the mailbox. To help sort out problems, Microsoft has upgraded the Remove-MailboxFolderPermission cmdlet to do the work that used to be done by a multi-phase fix performed using the MFCMAPI or EWS editor utilities. The nice thing is that this method is quick, simple, and works well.

Why New TLS Requirement Stops PowerShell Scripts Sending Email

Exchange Online now insists on TLS 1.2 connections between email clients and servers. PowerShell scripts using the Send-MailMessage cmdlet will fail. The problem is easily solved by forcing PowerShell to use TLS 1.2 to connect, but it does mean that some work is needed to check scripts (before they fail).

How to Retrieve Information About Microsoft 365 Service Incidents

All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.

How to Use Bing Images as Custom Backgrounds in Teams Meetings

Bing publishes a new image daily in its home page. You can download the images and use them as custom background for Teams meetings. A PowerShell script automates the task and downloads the images for the last seven days and cleans up any Bing images older than 30 days.. It’s a nice way to use some attractive images to liven up Teams meetings.

Skype for Business Online Connector Retires in February 2021

Microsoft will retire the Skype for Business Online (PowerShell) Connector on February 15, 2021. Office 365 tenants need to check scripts to replace the connector with the Teams PowerShell module, which contains the necessary cmdlets to connect to the policy management endpoint. Once connected, scripts can interact with objects like Teams messaging and meeting policies.

How to Use PowerShell to Remove Calendar Items from Exchange Online

Microsoft wants to retire the Search-Mailbox cmdlet from Exchange Online. But while the cmdlet available, it does a great job of removing mailbox items. If you get the search query right! In this example, we explain how to write a script to clear out calendar items from the mailboxes of multiple users.

Keeping an Accurate Office 365 Tenant Directory is Important

Many Office 365 features depend on accurate user account data in Azure AD. Here’s how to use PowerShell to track down accounts with missing properties. Once you know which accounts need to be updated, it’s easy to insert the missing properties. Boring, but easy…

How to Update Teams to Send Meeting Invitations to All Members

Teams depends on Microsoft 365 groups. You can add groups as meeting attendees and expect that members of those groups will receive meeting invitations. But they won’t unless you update group settings to force Office 365 to send invitations to all members. The job is easily done with PowerShell, and we show how in this post.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

New Location for Teams Compliance Records Breaks Scripts

Without saying anything, Microsoft changed where Microsoft 365 stores Teams compliance records in user and group mailboxes. The logic behind the change is impeccable even if it will cause PowerShell scripts to break. In addition, any ISV claiming to backup Teams by copying compliance records has some work to do.

Search the Office 365 Audit Log for Events Performed Against Objects

The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,

How to Get and Update the Exchange Online Management PowerShell Module

Version 2.0.4 of the Exchange Online Management PowerShell module is now available for download from the PowerShell Gallery. The new release contains many useful enhancements including support for Ubuntu Linux and several versions of MacOs.

Microsoft Launches V1.1.6 of PowerShell Module for Teams

Microsoft has launched version 1.1.6 of the PowerShell module for Teams (MicrosoftTeams). The new module makes the Skype for Business Online connector unnecessary because it contains the New-CsOnlineSession cmdlet needed to create a new session to use the cmdlets used to manage Teams policies.

How to Monitor New Guest Accounts Added to Teams

You can easily add people from outside your Office 365 tenant to the membership of Teams, but some oversight of who those people are and what teams they join is probably needed. This PowerShell script shows how to find records in the Office 365 audit log and figure out if they relate to the creation of new guest accounts before sending email asking to justify the addition of the new account.

How to Report Office 365 User Activity Using the Graph API and PowerShell

PowerShell hash tables are very efficient at retrieving data, which is just what’s needed when thousands of Office 365 accounts need processing. Our script to analyze usage data extracted from the Microsoft Graph was turbo-charged when we replaced list objects with hash tables, all of which makes it much easier to identify underused Office 365 accounts and save some money on licensing spend.

Speeding Access to Office 365 PowerShell Data Using Where Instead of Where-Object

The Office 365 for IT Pros eBook includes many PowerShell examples, and while we mostly concentrate on illustrating the principles of how PowerShell is used to solve problems, we do care about performance. Which is why we’re always interested in finding ways to speed up our code. This this article we explore how to use the Where method to replace the Where-Object cmdlet to filter objects. The good news is that it’s an easy way to get better code performance.

Updated Version of the Graph User Statistics Script Available

Office 365 usage data for several workloads is available through the Microsoft Graph. A PowerShell script is available to grab Graph data and use it to figure out if accounts are in active use. V1.2 of GetGraphUserStatisticsReport.PS1 is available in GitHub and should be better performing when processing thousands of accounts.