Why Typed Variables Matter When Using Microsoft 365 PowerShell Cmdlets

PowerShell pros know the secrets of typed variables and why this matters when cmdlets return data, but some of us have been doing things wrong for years. Which is why I spent a couple of hours contemplating the differences between typed and untyped variables when handling items returned by cmdlets. They say that old dogs can’t learn new tricks. I beg to differ…

How to Create a Report of Managers and Their Direct Reports from Azure AD

Azure AD holds information about managers and their direct reports. It’s easy for that data to go out of date, so we create a report to tell us who are the managers and how many direct reports they have. Azure AD has some cmdlets to retrieve information about managers and direct reports, but as it turns out, the older Get-User cmdlet is the best way to proceed.

How to Decrypt SharePoint Online Documents Using PowerShell and the Graph API

Sensitivity labels are a great way to protect confidential documents stored in SharePoint Online. Sometimes the documents must be decrypted. This article explains how to build a PowerShell script which uses Graph API calls to navigate to a folder in a SharePoint Online document library and decrypt the protected documents found in the folder.

Microsoft Updates Teams PowerShell Module to 2.0

Microsoft has released V2.0 of the Teams PowerShell module. It brings some welcome improvements, notably the inclusion of all the management cmdlets, but has a downside too. The new cmdlets for managing teams templates are not easy to use and some authentication issues affect the Connect-MicrosoftTeams cmdlet after a change in authentication libraries. Microsoft has some work to do to improve this version of the module.

Microsoft Imposes Consistency for New Teams Settings

Microsoft is changing the way new teams are created in the Teams admin center to make sure that their settings are consistent with teams created in other interfaces. It’s a good idea because it means that all teams are then created equal. Organizations who wish to use different settings can update teams once they’re created using either PowerShell or the Graph API.

How to Create a Report About the Membership of Microsoft 365 Groups (and Teams)

There are many examples of PowerShell scripts which create reports about the membership of Microsoft 365 Groups. Most are slow. This version is faster because of its per-user rather than per-group approach to processing. The output is a nice HTML report and two CSV files containing a list of memberships in Microsoft 365 Groups and summary data for each user in the tenant.

Printing a Report of Microsoft 365 Group (Team) Membership

Many people want to print off membership details of Microsoft 365 groups, which makes it curious why Microsoft doesn’t support the option in Teams, OWA, or other applications. Fortunately, it is very easy to extract and report membership with PowerShell. Here’s how to generate a HTML report with a CSV file on the side.

How to Report Audit Events Generated for Sensitivity Labels

Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.

New Format Rolls Out for Incoming Webhook URLs Used by Teams and Groups

The inbound webhook connector used by Teams and Microsoft 365 Groups to accept information from external sources is getting a new format. Existing connectors must be updated by April 11, 2021. If not, data will stop flowing into the target channel or group, and that would be a bad thing.

Use the Graph API to Work with Azure AD Access Reviews

You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.

Introducing the Office 365 for IT Pros GitHub Repository

Need a PowerShell script to do something with Office 365? You might find a script or at least an idea – in the Office 365 for IT Pros GitHub Repository. We have created over 80 scripts as examples and demonstrations of how to get stuff done in an Office 365 tenant with PowerShell. You’re welcome to use anything in the repository and especially welcome to fix our bugs.

How to Rebuild Delegate Access for a Calendar with PowerShell

Sometimes delegate access for an Exchange Online calendar goes awry due to corrupted items in the mailbox. To help sort out problems, Microsoft has upgraded the Remove-MailboxFolderPermission cmdlet to do the work that used to be done by a multi-phase fix performed using the MFCMAPI or EWS editor utilities. The nice thing is that this method is quick, simple, and works well.

Why New TLS Requirement Stops PowerShell Scripts Sending Email

Exchange Online now insists on TLS 1.2 connections between email clients and servers. PowerShell scripts using the Send-MailMessage cmdlet will fail. The problem is easily solved by forcing PowerShell to use TLS 1.2 to connect, but it does mean that some work is needed to check scripts (before they fail).

How to Retrieve Information About Microsoft 365 Service Incidents

All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.

How to Use Bing Images as Custom Backgrounds in Teams Meetings

Bing publishes a new image daily in its home page. You can download the images and use them as custom background for Teams meetings. A PowerShell script automates the task and downloads the images for the last seven days and cleans up any Bing images older than 30 days.. It’s a nice way to use some attractive images to liven up Teams meetings.

Skype for Business Online Connector Retires in February 2021

Microsoft will retire the Skype for Business Online (PowerShell) Connector on February 15, 2021. Office 365 tenants need to check scripts to replace the connector with the Teams PowerShell module, which contains the necessary cmdlets to connect to the policy management endpoint. Once connected, scripts can interact with objects like Teams messaging and meeting policies.

How to Use PowerShell to Remove Calendar Items from Exchange Online

Microsoft wants to retire the Search-Mailbox cmdlet from Exchange Online. But while the cmdlet available, it does a great job of removing mailbox items. If you get the search query right! In this example, we explain how to write a script to clear out calendar items from the mailboxes of multiple users.

Keeping an Accurate Office 365 Tenant Directory is Important

Many Office 365 features depend on accurate user account data in Azure AD. Here’s how to use PowerShell to track down accounts with missing properties. Once you know which accounts need to be updated, it’s easy to insert the missing properties. Boring, but easy…

How to Update Teams to Send Meeting Invitations to All Members

Teams depends on Microsoft 365 groups. You can add groups as meeting attendees and expect that members of those groups will receive meeting invitations. But they won’t unless you update group settings to force Office 365 to send invitations to all members. The job is easily done with PowerShell, and we show how in this post.

New Exchange Online Admin Center Loses Some Magic, But It’s the Future

Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.

New Location for Teams Compliance Records Breaks Scripts

Without saying anything, Microsoft changed where Microsoft 365 stores Teams compliance records in user and group mailboxes. The logic behind the change is impeccable even if it will cause PowerShell scripts to break. In addition, any ISV claiming to backup Teams by copying compliance records has some work to do.

Search the Office 365 Audit Log for Events Performed Against Objects

The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,

Updates for the Exchange Online Management Module

Version 2.0.4 of the Exchange Online Management PowerShell module is now available for download from the PowerShell Gallery. The new release contains many useful enhancements including support for Ubuntu Linux and several versions of MacOs.

Microsoft Launches V1.1.6 of PowerShell Module for Teams

Microsoft has launched version 1.1.6 of the PowerShell module for Teams (MicrosoftTeams). The new module makes the Skype for Business Online connector unnecessary because it contains the New-CsOnlineSession cmdlet needed to create a new session to use the cmdlets used to manage Teams policies.

How to Monitor New Guest Accounts Added to Teams

You can easily add people from outside your Office 365 tenant to the membership of Teams, but some oversight of who those people are and what teams they join is probably needed. This PowerShell script shows how to find records in the Office 365 audit log and figure out if they relate to the creation of new guest accounts before sending email asking to justify the addition of the new account.

How to Report Office 365 Account Activity Using the Graph API and PowerShell

PowerShell hash tables are very efficient at retrieving data, which is just what’s needed when thousands of Office 365 accounts need processing. Our script to analyze usage data extracted from the Microsoft Graph was turbo-charged when we replaced list objects with hash tables, all of which makes it much easier to identify underused Office 365 accounts and save some money on licensing spend.

Speeding Access to Office 365 PowerShell Data Using Where Instead of Where-Object

The Office 365 for IT Pros eBook includes many PowerShell examples, and while we mostly concentrate on illustrating the principles of how PowerShell is used to solve problems, we do care about performance. Which is why we’re always interested in finding ways to speed up our code. This this article we explore how to use the Where method to replace the Where-Object cmdlet to filter objects. The good news is that it’s an easy way to get better code performance.

Updated Version of the Graph User Statistics Script Available

Office 365 usage data for several workloads is available through the Microsoft Graph. A PowerShell script is available to grab Graph data and use it to figure out if accounts are in active use. V1.2 of GetGraphUserStatisticsReport.PS1 is available in GitHub and should be better performing when processing thousands of accounts.

The 1-2-3 of Exchange Online Certificate Based Authentication for PowerShell

Exchange Online PowerShell is a critical automation tool for many Office 365 tenants. In 2021, Microsoft will remove basic authentication for PowerShell, so it’s time to change over to modern authentication. For scripts that run as batch or background jobs, that means converting to certificate-based authentication. In this post, we explore how to get the self-signed cert to glue everything together.

Analyzing Quarantined Messages with PowerShell

Exchange Online Protection puts problem messages into quarantine if it suspects that they contain spam, malware, or a phishing attempt. Instead of using the Security and Compliance Center GUI to work with quarantined messages, you can analyze details of quarantined messages with PowerShell to create some basic statistics and find messages that should be released.

Microsoft 365 Admin Center Manages Default Authentication Policy for Exchange Online

The Microsoft 365 admin center includes the ability to manage settings for the default Exchange Online authentication policy. You might have other policies to allow selective access with basic authentication to some protocols; these policies must be managed with PowerShell. Authentication policies are part of the journey to eliminate basic authentication from Exchange Online, now expected to happen in mid-2021.

How to Find and Reassign Orphaned OneDrive for Business Accounts

OneDrive for Business accounts belonging to ex-employees can be reassigned to others during the deletion workflow, but orphan accounts can accumulate over time. This post describes a PowerShell script to find orphan OneDrive accounts and add a user to the site so that anything there can be retrieved.

How to Bulk Assign Policies to Teams Users in Batch Jobs

Teams supports the ability to assign policies to up to 5,000 users with background jobs. This makes it much easier to assign new policies to large groups of users. Unless you like writing your own PowerShell scripts to handle Teams policy assignment, this is definitely something that all Teams administrators need to know about.

How to Archive Microsoft 365 Groups and Teams with PowerShell

Once Microsoft 365 Groups and Teams reach the end of their useful life, it’s good to archive them so that their data stays online and available for eDiscovery. A recent request looked for help to archive 600 Groups at the end of the academic year. The script described here might help solve the problem.

How to Make Sure That You Use the Latest Office 365 PowerShell Modules

Many PowerShell modules are available for Office 365 applications. Keeping them up to date can be a pain, so here’s a PowerShell script to automate the task. Using the latest modules means that you can access new and updated cmdlets, which might make all the difference to your scripts.

How to Generate an Email Report About Deleted Stream Videos

Microsoft Stream doesn’t support Office 365 retention policies, so you can’t make sure that videos are kept for eDiscovery or compliance purposes. But a little lateral thinking and some PowerShell code quickly gives us a solution based on events from the Office 365 audit log, including emailing the report to someone designated to review videos before final deletion.

How to Find Guests in Microsoft 365 Groups and Teams Where Guests are Prohibited

You can apply an Office 365 Sensitivity Label to control different aspects of Groups, Teams, and Sites. One of the settings controls whether guest users are allowed in group membership. We explain how to use PowerShell to search groups assigned a label to block guest access for existing guests, just in case you want to remove them.

The Need to Upgrade PowerShell Scripts that Send Email via Exchange Online

The combination of Exchange Online and PowerShell allows Office 365 admins to send messages for all manner of reasons. These scripts depend on SMTP AUTH connections and change is coming in this area with the deprecation of basic authentication. It’s a good idea to take an inventory of scripts that send email, including those that use the .NET classes to do the job.

How to Track and Report Video Uploads to Stream

Microsoft Stream will tell you how much of the tenant storage allocation has been consumed by uploaded videos, but not who’s uploading the videos. You can find out by looking for video upload events in the Office 365 audit log. Once found, it’s a matter of processing the events to extract useful information!