Microsoft Deprecates the AADRM (Rights Management) PowerShell Module

Microsoft has announced the deprecation of the PowerShell module for the Azure Active Directory Rights Management service (AADRM). But don’t worry; it’s replaced by the Azure Information Protection (AIPService) module. Deprecation happens in July 2020, so you’ve lots of time to revise any scripts that use AADRM cmdlets.


SharePoint Online Site Swap Feature Rolling Out

Microsoft announced the roll-out of the Site Swap feature for SharePoint Online. You can only do this with PowerShell, but the process is quick and easy and works well (assuming your new site is ready to go). Who doesn’t like one-line PowerShell commands that do a lot of work with minimum effort!

Setting Auto-Replies for Shared Mailboxes with PowerShell

A question about how best to set auto-replies for Exchange Online shared mailboxes to respond to messages arriving during a public holiday gives another chance for PowerShell to show how useful it is. You could do the work with Flow, but PowerShell is more flexible and capable when dealing with multiple shared mailboxes.

Analyzing Exchange Message Delete Events in the Office 365 Audit Log

Exchange Online writes audit records into the Office 365 audit log when messages are deleted by delegates and administrative action. We can analyze the audit records to find out who deleted a specific message. Some challenges exist to interpret the audit records for admin-generated deletions (for example, when you run Search-Mailbox), but it’s easy enough to code the necessary checks in PowerShell.

Finding Azure Active Directory with Admin Roles Not Protected with MFA

Microsoft makes a strong case that all Azure Active Directory accounts should be protected with multi-factor authentication (MFA). That’s a great aspiration, but the immediate priority is to check accounts holding admin roles. This post explains how to use a PowerShell script to find and report those accounts.