How to Generate a Report About OneDrive for Business Storage

It used to be more difficult to generate a report about the storage used by OneDrive for Business sites in an Office 365 tenant. Now it takes just a few lines of PowerShell. Here’s an example of a simple but powerful script to do the job.

Discovering URLs for SharePoint Online and OneDrive for Business Sites

If you want to include SharePoint Online and OneDrive for Business locations in an Office 365 content search, you need to know the URLs of the target sites. Finding the URLs can be problematic, but here’s some easy ways to do the job. PowerShell, as usual, comes up trumps…

How to Post Notifications About Inactive Mailboxes to Teams

Being able to generate a report of mailbox activity is nice, but being able to filter the report to find potentially inactive mailboxes and post that information to Teams is even better. A recent article explains how to generate the report; in this post we explain how to extract information from the report to and post updates about inactive users to Teams.

How to Use PowerShell Logging to Track Potential Attacks Against Office 365

Office 365 tenant administrators often make extensive use of PowerShell. It’s a great tool to get work done across all the Office 365 workloads. However, hackers like PowerShell too, and it could be used to attack your tenant. If that happens, having PowerShell logs will allow you to find out exactly what the attacker did and where. With this in mind, shouldn’t you enable PowerShell logging?

Reporting Group-Enabled SharePoint Online Sites

It’s easy to create a list of group-enabled SharePoint Online sites using the Get-SPOSite cmdlet. But it’s much more interesting to probe a little deeper to uncover extra information about the group using the GroupId property returned if you specify the Detailed parameter. This post explains a PowerShell script written to examine the possibilities, including how to highlight sites belonging to deleted groups that are kept by retention policies.

Using Teams App Permission Policies

Teams App Permissions policies allow Office 365 tenants to exert a fine degree of control over the apps users are allowed to install. You can amend the default policy or create new policies and assign the policies to user accounts through the Teams Admin Center or with PowerShell.

Microsoft Deprecates the AADRM (Rights Management) PowerShell Module

Microsoft has announced the deprecation of the PowerShell module for the Azure Active Directory Rights Management service (AADRM). But don’t worry; it’s replaced by the Azure Information Protection (AIPService) module. Deprecation happens in July 2020, so you’ve lots of time to revise any scripts that use AADRM cmdlets.

SharePoint Online Site Swap Feature Rolling Out

Microsoft announced the roll-out of the Site Swap feature for SharePoint Online. You can only do this with PowerShell, but the process is quick and easy and works well (assuming your new site is ready to go). Who doesn’t like one-line PowerShell commands that do a lot of work with minimum effort!

Setting Auto-Replies for Shared Mailboxes with PowerShell

A question about how best to set auto-replies for Exchange Online shared mailboxes to respond to messages arriving during a public holiday gives another chance for PowerShell to show how useful it is. You could do the work with Flow, but PowerShell is more flexible and capable when dealing with multiple shared mailboxes.

Analyzing Exchange Message Delete Events in the Office 365 Audit Log

Exchange Online writes audit records into the Office 365 audit log when messages are deleted by delegates and administrative action. We can analyze the audit records to find out who deleted a specific message. Some challenges exist to interpret the audit records for admin-generated deletions (for example, when you run Search-Mailbox), but it’s easy enough to code the necessary checks in PowerShell.

How to Find Azure Active Directory Administrative Accounts Unprotected by MFA

Microsoft makes a strong case that all Azure Active Directory accounts should be protected with multi-factor authentication (MFA). That’s a great aspiration, but the immediate priority is to check accounts holding administrative roles. This post explains how to use PowerShell to find and report those accounts.

Microsoft Breaks PowerShell Command Logging in Exchange Online Admin Center

The ability to see the PowerShell commands executed by Exchange administrative centers has existed since Exchange 2007. Now something has changed in Exchange Online and the command log is blank. It’s sad because many administrators learned to use PowerShell by examining how Microsoft used it to manage Exchange. Let’s hope that Microsoft fixes this bug soon.

Excluding Inactive Mailboxes from Org-Wide Retention Holds

Exchange Online supports inactive mailboxes as a way to keep mailbox data online after Office 365 accounts are removed. Inactive mailboxes are available as long as a hold exists on them. You can update mailbox properties to exclude all or some org-wide holds. If you exclude holds from a mailbox, you run the risk that Exchange will permanently remove the mailbox. If that’s what you want, all is well, but if it’s not, then you might not be so happy.

Using PowerShell to Add Teams to the Groups Expiration Policy

How best to add every team in your tenant to the Office 365 Groups Expiration Policy? Well, one way is to check all groups for Teams. Another is to use Get-Team to return the set of teams and process those. But then you should think about how to mark the teams that are in the policy in such a way that you don’t process them again. It’s easy to do this with one of the Exchange Online custom attributes.

How to Use Teams App Setup Policies to Control the Apps Available to Users

Teams App Setup policies allow tenant administrators to modify the set of apps shown in the Teams navigation bar,. You can add your own apps and move apps around and then assign policies to select groups of users individually or using PowerShell. This is part of a set of features designed to make apps more manageable within enterprises. The next step will be Teams app permission policies (not yet available).

LinkedIn Connector for Office 365 Uses Group to Control Users Allowed to Access Contacts

The LinkedIn connector for Office 365 now uses a group to control the set of user accounts allowed to connect their accounts to LinkedIn. It’s a good change because it makes the connection easier to manage. Even so, you might still need to use PowerShell to manage the membership of the group, especially if you want to add multiple people to the group at one time.

Limiting SharePoint Storage for Teams

One of the great things about Teams is the way that it orchestrates Office 365 resources like SharePoint Online sites. The downside is that a tenant’s valuable SharePoint storage quota might be absorbed by a profusion of Teams. To offset the problem, you can apply lower limits to sites belonging to Teams and the best approach is to use PowerShell for the job.

Teams Admin Center Adds Delete and Archive Capabilities

The Teams Admin Center now boasts the ability to delete teams and (if you don’t want to get rid of them altogether) archive teams. And unarchive teams back into use. All is good, even if Microsoft is making slow progress at building out Teams management functionality. Some of the slowness is due to dependencies, some because of other factors.

Adding Multiple Office 365 Users with the Microsoft 365 Admin Center

The Office 365 Admin Center offers the option to bulk-create user accounts. Loading up a CSV file with details and having it processed is simple enough, but the resulting accounts need some work before they are fit for purpose and ready for people to use. Here’s how the bulk creation process works and why we think it has some flaws.

Finding the SharePoint URLs for Teams

Every Office 365 group (and team) has a SharePoint site. But how to find the URLs of all the sites used by teams in a tenant. One PowerShell answer came from Syskit, but it’s an old technique and we can do better now by fetching a list of teams in the tenant and then retrieving the URL for each team-enabled group.

Making Sure Everyone’s Covered by an Office 365 Supervision Policy

Although Office 365 supervision policies are intended to monitor a subset of user communications, usually involving specific groups of people, you might want to use a policy to monitor all email. In that case, how do you make sure that your policy has everyone in scope? The problem is that supervision policies don’t support dynamic distribution lists, so you need to do some work to build and maintain a distribution list containing all user mailboxes.

Configuring PowerShell for Office 365

If you work with Office 365 through PowerShell, you probably have your own script to connect to the various services. If you don’t want to write your own script, you can download one from GitHub or the TechNet Gallery. This article covers two that you might like to try, including one with a GUI to choose which Office 365 services it should connect to.

Automating Office 365 with PowerShell and Flow

PowerShell is hugely useful when the time comes to automate Office 365 processes. Other tools exist that can help, including Flow. Maybe it’s the right time to consider Flow, especially when it is highly capable of knitting together different Office 365 components to get work done.

How to Use Search-Mailbox to Remove Items from Multiple Mailboxes

The Search-Mailbox cmdlet is a very powerful weapon for Exchange administrators. It has some quirks, but the Invoke-Command cmdlet helps us get around one, which is how to use a different search query for each mailbox processed in a set of mailboxes.

Exchange Online Transport Rule to Encrypt Sensitive Email

Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.

Tuning PowerShell for Office 365 Group Membership

A recent article prompted a check to see whether a PowerShell recommendation made sense and delivered better performance when executing a command to extract the membership of Office 365 Groups performance. As it turns out, the recommendation is valid, but whether you notice any difference is arguable.

How to Post Information to Microsoft 365 Groups or Teams Channels

It’s easy to create a webhook connector to post information to a team channel or an Microsoft 365 group. What might not be quite so easy is formatting the JSON payload. Here’s how to use a template card to simplify the process.

Service Domain Prefix Appears and Disappears in Exchange Online Cmdlets

A change made to fix a problem in Exchange Online introduced another problem in that service domains started to show up as prefixes in the data returned by PowerShell cmdlets. Microsoft has reversed the change, but the way things happened creates some questions.

Adding Global Contacts for an Office 365 Tenant

You can use a public folder to store and share global email contacts, but a better approach is to use Exchange mail contacts. These objects show up in the Exchange GAL and OAB and are available to all Outlook clients (and some third-party clients too).

Sending Email with PowerShell and Exchange Online

You can use the Send-MailMessage cmdlet in a PowerShell script to send mail messages via Exchange Online. And sometimes your IP address might be listed as a spammer, which is bad. All in all, authenticated client submission seems best.

How to Use PowerShell to Report Retention Policies for SharePoint Online Sites

Knowing how retention policies process Office 365 data can be hard to understand, especially if multiple policies are involved. Office 365 doesn’t give a global view of how retention policies affect workloads, but here’s how to use PowerShell to find out what policies process the sites in a tenant.

How to Report the Connection Protocol Used by Outlook Mobile Clients

Microsoft has refreshed the Outlook Mobile architecture (now called “Microsoft Sync Technology”). They suggest that you run some PowerShell to report clients connecting via the old and new architectures. Their code works, but we think ours is better.

How to Populate Team or Group Membership from Email Distribution Lists

Exchange Online distribution lists can be used to populate the membership of Office 365 Groups or Teams by applying a little PowerShell magic. Here’s how.

Tip: Make Sure to Add Owners as Members When Creating New Teams

Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.

How to Report the MFA Status for Azure AD Accounts

When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.

How to Report Files Protected by Sensitivity Labels

The availability of Azure Information Protection and Office 365 sensitivity labels allow tenants to protect important and confidential files. That’s nice, but it’s even better when you know what files are protected. Here’s how to use PowerShell to create a report about those files.

How to Find and Report Inactive Distribution Lists

A recent correspondent asked how to find inactive distribution lists in Exchange Online. We didn’t have a good answer in the book, so here’s some PowerShell code to do the trick.