PowerShell pros know the secrets of typed variables and why this matters when cmdlets return data, but some of us have been doing things wrong for years. Which is why I spent a couple of hours contemplating the differences between typed and untyped variables when handling items returned by cmdlets. They say that old dogs can’t learn new tricks. I beg to differ…
Azure AD holds information about managers and their direct reports. It’s easy for that data to go out of date, so we create a report to tell us who are the managers and how many direct reports they have. Azure AD has some cmdlets to retrieve information about managers and direct reports, but as it turns out, the older Get-User cmdlet is the best way to proceed.
Sensitivity labels are a great way to protect confidential documents stored in SharePoint Online. Sometimes the documents must be decrypted. This article explains how to build a PowerShell script which uses Graph API calls to navigate to a folder in a SharePoint Online document library and decrypt the protected documents found in the folder.
Microsoft has released V2.0 of the Teams PowerShell module. It brings some welcome improvements, notably the inclusion of all the management cmdlets, but has a downside too. The new cmdlets for managing teams templates are not easy to use and some authentication issues affect the Connect-MicrosoftTeams cmdlet after a change in authentication libraries. Microsoft has some work to do to improve this version of the module.
Microsoft is changing the way new teams are created in the Teams admin center to make sure that their settings are consistent with teams created in other interfaces. It’s a good idea because it means that all teams are then created equal. Organizations who wish to use different settings can update teams once they’re created using either PowerShell or the Graph API.
There are many examples of PowerShell scripts which create reports about the membership of Microsoft 365 Groups. Most are slow. This version is faster because of its per-user rather than per-group approach to processing. The output is a nice HTML report and two CSV files containing a list of memberships in Microsoft 365 Groups and summary data for each user in the tenant.
Many people want to print off membership details of Microsoft 365 groups, which makes it curious why Microsoft doesn’t support the option in Teams, OWA, or other applications. Fortunately, it is very easy to extract and report membership with PowerShell. Here’s how to generate a HTML report with a CSV file on the side.
Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.
The inbound webhook connector used by Teams and Microsoft 365 Groups to accept information from external sources is getting a new format. Existing connectors must be updated by April 11, 2021. If not, data will stop flowing into the target channel or group, and that would be a bad thing.
You can create an Azure AD Access Review for all guests in teams and groups in your tenant and then see what’s happening with the Graph API. In this case, we use PowerShell with the API to grab the access review data and create a report about the overall status of the review in a tenant.
Need a PowerShell script to do something with Office 365? You might find a script or at least an idea – in the Office 365 for IT Pros GitHub Repository. We have created over 80 scripts as examples and demonstrations of how to get stuff done in an Office 365 tenant with PowerShell. You’re welcome to use anything in the repository and especially welcome to fix our bugs.
Sometimes delegate access for an Exchange Online calendar goes awry due to corrupted items in the mailbox. To help sort out problems, Microsoft has upgraded the Remove-MailboxFolderPermission cmdlet to do the work that used to be done by a multi-phase fix performed using the MFCMAPI or EWS editor utilities. The nice thing is that this method is quick, simple, and works well.
All services suffer outages or incidents. The Service Communications API allow Office 365 tenants to retrieve information about incidents programmatically and report details in whatever way they want. In this post, we show how to use PowerShell to fetch service messages with the API and filter for recent incidents. After that, it’s just a matter of presenting the details.
Bing publishes a new image daily in its home page. You can download the images and use them as custom background for Teams meetings. A PowerShell script automates the task and downloads the images for the last seven days and cleans up any Bing images older than 30 days.. It’s a nice way to use some attractive images to liven up Teams meetings.
Microsoft will retire the Skype for Business Online (PowerShell) Connector on February 15, 2021. Office 365 tenants need to check scripts to replace the connector with the Teams PowerShell module, which contains the necessary cmdlets to connect to the policy management endpoint. Once connected, scripts can interact with objects like Teams messaging and meeting policies.
Microsoft wants to retire the Search-Mailbox cmdlet from Exchange Online. But while the cmdlet available, it does a great job of removing mailbox items. If you get the search query right! In this example, we explain how to write a script to clear out calendar items from the mailboxes of multiple users.
Many Office 365 features depend on accurate user account data in Azure AD. Here’s how to use PowerShell to track down accounts with missing properties. Once you know which accounts need to be updated, it’s easy to insert the missing properties. Boring, but easy…
Teams depends on Microsoft 365 groups. You can add groups as meeting attendees and expect that members of those groups will receive meeting invitations. But they won’t unless you update group settings to force Office 365 to send invitations to all members. The job is easily done with PowerShell, and we show how in this post.
Microsoft says that the new EAC is ready to use. While we don’t deny the fact, we think some of the magic that existed in previous portals has gone. PowerShell is replaced by the Graph as the foundation for the EAC. Progress happens, but it’s sad when a feature like command logging is left in the mists of the past.
The Office 365 audit log is a great source of information about what happens inside a Office 365 tenant. Searching the audit log takes practice, but it turns up lots of insight. This article covers how to use the ObjectIds and FreeText parameters to find information about what happens to an object,
Version 2.0.4 of the Exchange Online Management PowerShell module is now available for download from the PowerShell Gallery. The new release contains many useful enhancements including support for Ubuntu Linux and several versions of MacOs.
Microsoft has launched version 1.1.6 of the PowerShell module for Teams (MicrosoftTeams). The new module makes the Skype for Business Online connector unnecessary because it contains the New-CsOnlineSession cmdlet needed to create a new session to use the cmdlets used to manage Teams policies.
PowerShell hash tables are very efficient at retrieving data, which is just what’s needed when thousands of Office 365 accounts need processing. Our script to analyze usage data extracted from the Microsoft Graph was turbo-charged when we replaced list objects with hash tables, all of which makes it much easier to identify underused Office 365 accounts and save some money on licensing spend.
The Office 365 for IT Pros eBook includes many PowerShell examples, and while we mostly concentrate on illustrating the principles of how PowerShell is used to solve problems, we do care about performance. Which is why we’re always interested in finding ways to speed up our code. This this article we explore how to use the Where method to replace the Where-Object cmdlet to filter objects. The good news is that it’s an easy way to get better code performance.
Office 365 usage data for several workloads is available through the Microsoft Graph. A PowerShell script is available to grab Graph data and use it to figure out if accounts are in active use. V1.2 of GetGraphUserStatisticsReport.PS1 is available in GitHub and should be better performing when processing thousands of accounts.
Microsoft 365 Groups are used by applications like Teams and Yammer. The PowerShell Get-UnifiedGroup cmdlet finds groups, but can it find the groups enabled for Teams and Yammer? Here’s some idle musing on the topic which might or might not interest you.
Exchange Online PowerShell is a critical automation tool for many Office 365 tenants. In 2021, Microsoft will remove basic authentication for PowerShell, so it’s time to change over to modern authentication. For scripts that run as batch or background jobs, that means converting to certificate-based authentication. In this post, we explore how to get the self-signed cert to glue everything together.
The Microsoft 365 admin center includes the ability to manage settings for the default Exchange Online authentication policy. You might have other policies to allow selective access with basic authentication to some protocols; these policies must be managed with PowerShell. Authentication policies are part of the journey to eliminate basic authentication from Exchange Online, now expected to happen in mid-2021.
OneDrive for Business accounts belonging to ex-employees can be reassigned to others during the deletion workflow, but orphan accounts can accumulate over time. This post describes a PowerShell script to find orphan OneDrive accounts and add a user to the site so that anything there can be retrieved.
Teams supports the ability to assign policies to up to 5,000 users with background jobs. This makes it much easier to assign new policies to large groups of users. Unless you like writing your own PowerShell scripts to handle Teams policy assignment, this is definitely something that all Teams administrators need to know about.
Once Microsoft 365 Groups and Teams reach the end of their useful life, it’s good to archive them so that their data stays online and available for eDiscovery. A recent request looked for help to archive 600 Groups at the end of the academic year. The script described here might help solve the problem.
Many PowerShell modules are available for Office 365 applications. Keeping them up to date can be a pain, so here’s a PowerShell script to automate the task. Using the latest modules means that you can access new and updated cmdlets, which might make all the difference to your scripts.
Microsoft Stream doesn’t support Office 365 retention policies, so you can’t make sure that videos are kept for eDiscovery or compliance purposes. But a little lateral thinking and some PowerShell code quickly gives us a solution based on events from the Office 365 audit log, including emailing the report to someone designated to review videos before final deletion.
You can apply an Office 365 Sensitivity Label to control different aspects of Groups, Teams, and Sites. One of the settings controls whether guest users are allowed in group membership. We explain how to use PowerShell to search groups assigned a label to block guest access for existing guests, just in case you want to remove them.
Microsoft Stream will tell you how much of the tenant storage allocation has been consumed by uploaded videos, but not who’s uploading the videos. You can find out by looking for video upload events in the Office 365 audit log. Once found, it’s a matter of processing the events to extract useful information!