It used to be more difficult to generate a report about the storage used by OneDrive for Business sites in an Office 365 tenant. Now it takes just a few lines of PowerShell. Here’s an example of a simple but powerful script to do the job.
If you want to include SharePoint Online and OneDrive for Business locations in an Office 365 content search, you need to know the URLs of the target sites. Finding the URLs can be problematic, but here’s some easy ways to do the job. PowerShell, as usual, comes up trumps…
Being able to generate a report of mailbox activity is nice, but being able to filter the report to find potentially inactive mailboxes and post that information to Teams is even better. A recent Petri.com article explains how to generate the report; in this post we explain how to extract information from the report to and post updates about inactive users to Teams.
Office 365 tenant administrators often make extensive use of PowerShell. It’s a great tool to get work done across all the Office 365 workloads. However, hackers like PowerShell too, and it could be used to attack your tenant. If that happens, having PowerShell logs will allow you to find out exactly what the attacker did and where. With this in mind, shouldn’t you enable PowerShell logging?
It’s easy to create a list of group-enabled SharePoint Online sites using the Get-SPOSite cmdlet. But it’s much more interesting to probe a little deeper to uncover extra information about the group using the GroupId property returned if you specify the Detailed parameter. This post explains a PowerShell script written to examine the possibilities, including how to highlight sites belonging to deleted groups that are kept by retention policies.
Teams App Permissions policies allow Office 365 tenants to exert a fine degree of control over the apps users are allowed to install. You can amend the default policy or create new policies and assign the policies to user accounts through the Teams Admin Center or with PowerShell.
Microsoft has announced the deprecation of the PowerShell module for the Azure Active Directory Rights Management service (AADRM). But don’t worry; it’s replaced by the Azure Information Protection (AIPService) module. Deprecation happens in July 2020, so you’ve lots of time to revise any scripts that use AADRM cmdlets.
Microsoft announced the roll-out of the Site Swap feature for SharePoint Online. You can only do this with PowerShell, but the process is quick and easy and works well (assuming your new site is ready to go). Who doesn’t like one-line PowerShell commands that do a lot of work with minimum effort!
A question about how best to set auto-replies for Exchange Online shared mailboxes to respond to messages arriving during a public holiday gives another chance for PowerShell to show how useful it is. You could do the work with Flow, but PowerShell is more flexible and capable when dealing with multiple shared mailboxes.
Exchange Online writes audit records into the Office 365 audit log when messages are deleted by delegates and administrative action. We can analyze the audit records to find out who deleted a specific message. Some challenges exist to interpret the audit records for admin-generated deletions (for example, when you run Search-Mailbox), but it’s easy enough to code the necessary checks in PowerShell.
Microsoft makes a strong case that all Azure Active Directory accounts should be protected with multi-factor authentication (MFA). That’s a great aspiration, but the immediate priority is to check accounts holding administrative roles. This post explains how to use PowerShell to find and report those accounts.
The ability to see the PowerShell commands executed by Exchange administrative centers has existed since Exchange 2007. Now something has changed in Exchange Online and the command log is blank. It’s sad because many administrators learned to use PowerShell by examining how Microsoft used it to manage Exchange. Let’s hope that Microsoft fixes this bug soon.
Exchange Online supports inactive mailboxes as a way to keep mailbox data online after Office 365 accounts are removed. Inactive mailboxes are available as long as a hold exists on them. You can update mailbox properties to exclude all or some org-wide holds. If you exclude holds from a mailbox, you run the risk that Exchange will permanently remove the mailbox. If that’s what you want, all is well, but if it’s not, then you might not be so happy.
How best to add every team in your tenant to the Office 365 Groups Expiration Policy? Well, one way is to check all groups for Teams. Another is to use Get-Team to return the set of teams and process those. But then you should think about how to mark the teams that are in the policy in such a way that you don’t process them again. It’s easy to do this with one of the Exchange Online custom attributes.
Teams App Setup policies allow tenant administrators to modify the set of apps shown in the Teams navigation bar,. You can add your own apps and move apps around and then assign policies to select groups of users individually or using PowerShell. This is part of a set of features designed to make apps more manageable within enterprises. The next step will be Teams app permission policies (not yet available).
The LinkedIn connector for Office 365 now uses a group to control the set of user accounts allowed to connect their accounts to LinkedIn. It’s a good change because it makes the connection easier to manage. Even so, you might still need to use PowerShell to manage the membership of the group, especially if you want to add multiple people to the group at one time.
One of the great things about Teams is the way that it orchestrates Office 365 resources like SharePoint Online sites. The downside is that a tenant’s valuable SharePoint storage quota might be absorbed by a profusion of Teams. To offset the problem, you can apply lower limits to sites belonging to Teams and the best approach is to use PowerShell for the job.
The Teams Admin Center now boasts the ability to delete teams and (if you don’t want to get rid of them altogether) archive teams. And unarchive teams back into use. All is good, even if Microsoft is making slow progress at building out Teams management functionality. Some of the slowness is due to dependencies, some because of other factors.
The Office 365 Admin Center offers the option to bulk-create user accounts. Loading up a CSV file with details and having it processed is simple enough, but the resulting accounts need some work before they are fit for purpose and ready for people to use. Here’s how the bulk creation process works and why we think it has some flaws.
Every Office 365 group (and team) has a SharePoint site. But how to find the URLs of all the sites used by teams in a tenant. One PowerShell answer came from Syskit, but it’s an old technique and we can do better now by fetching a list of teams in the tenant and then retrieving the URL for each team-enabled group.
Although Office 365 supervision policies are intended to monitor a subset of user communications, usually involving specific groups of people, you might want to use a policy to monitor all email. In that case, how do you make sure that your policy has everyone in scope? The problem is that supervision policies don’t support dynamic distribution lists, so you need to do some work to build and maintain a distribution list containing all user mailboxes.
If you work with Office 365 through PowerShell, you probably have your own script to connect to the various services. If you don’t want to write your own script, you can download one from GitHub or the TechNet Gallery. This article covers two that you might like to try, including one with a GUI to choose which Office 365 services it should connect to.
PowerShell is hugely useful when the time comes to automate Office 365 processes. Other tools exist that can help, including Flow. Maybe it’s the right time to consider Flow, especially when it is highly capable of knitting together different Office 365 components to get work done.
The Search-Mailbox cmdlet is a very powerful weapon for Exchange administrators. It has some quirks, but the Invoke-Command cmdlet helps us get around one, which is how to use a different search query for each mailbox processed in a set of mailboxes.
Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.
A recent article prompted a check to see whether a PowerShell recommendation made sense and delivered better performance when executing a command to extract the membership of Office 365 Groups performance. As it turns out, the recommendation is valid, but whether you notice any difference is arguable.
It’s easy to create a webhook connector to post information to a team channel or an Microsoft 365 group. What might not be quite so easy is formatting the JSON payload. Here’s how to use a template card to simplify the process.
A change made to fix a problem in Exchange Online introduced another problem in that service domains started to show up as prefixes in the data returned by PowerShell cmdlets. Microsoft has reversed the change, but the way things happened creates some questions.
You can use a public folder to store and share global email contacts, but a better approach is to use Exchange mail contacts. These objects show up in the Exchange GAL and OAB and are available to all Outlook clients (and some third-party clients too).
You can use the Send-MailMessage cmdlet in a PowerShell script to send mail messages via Exchange Online. And sometimes your IP address might be listed as a spammer, which is bad. All in all, authenticated client submission seems best.
Knowing how retention policies process Office 365 data can be hard to understand, especially if multiple policies are involved. Office 365 doesn’t give a global view of how retention policies affect workloads, but here’s how to use PowerShell to find out what policies process the sites in a tenant.
Microsoft has refreshed the Outlook Mobile architecture (now called “Microsoft Sync Technology”). They suggest that you run some PowerShell to report clients connecting via the old and new architectures. Their code works, but we think ours is better.
Teams has released version 0.9.6 of its PowerShell module. You should upgrade to the new module because it fixes some bugs and allows administrators to manage any team, even when they’re not a team owner.
Exchange Online distribution lists can be used to populate the membership of Office 365 Groups or Teams by applying a little PowerShell magic. Here’s how.
Teams offers a number of ways to create new teams, which is good. However, if you create a new team with PowerShell, make sure that you add the team owners to the members list as otherwise they won’t be able to access Planner.
When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.
The availability of Azure Information Protection and Office 365 sensitivity labels allow tenants to protect important and confidential files. That’s nice, but it’s even better when you know what files are protected. Here’s how to use PowerShell to create a report about those files.
A recent correspondent asked how to find inactive distribution lists in Exchange Online. We didn’t have a good answer in the book, so here’s some PowerShell code to do the trick.
Office 365 doesn’t include a way to export a list of Teams in a form that can be imported by Power BI, but PowerShell makes it an easy task to accomplish. Here’s a script to help solve the problem.
Team owners can set the picture for their teams, but can tenant administrators do the same thing? As it turns out, no. But there’s a reason why.