Tony Redmond
Announcements!
Microsoft Forces Move from Azure AD Cmdlets for License Management
(practical365.com)
Some Cmdlets Cease Working on June 30, 2022
By: Tony Redmond submitted:Jun 16 2022
Some Cmdlets Cease Working on June 30, 2022
By: Tony Redmond submitted:Jun 16 2022
Microsoft Graph PowerShell SDK V2.0 Reaches General Availability
(office365itpros.com)
The Microsoft Graph PowerShell SDK V2 attained general availability on July 4, 2023. Microsoft did a
By: Tony Redmond submitted:Jul 14 2023
The Microsoft Graph PowerShell SDK V2 attained general availability on July 4, 2023. Microsoft did a
horrible job of announcing the news, but now that the SDK V2 is available, it's time to migrate scripts from earlier versions. Splitting the V1.0 and beta cmdlets into different modules is a big difference, as is renaming the beta cmdlets. But other points exist to consider as you migrate from the Microsoft Graph PowerShell SDK V1 to V2.
By: Tony Redmond submitted:Jul 14 2023
Microsoft Retires Azure Automation Run As Accounts in September 2023
(office365itpros.com)
Microsoft plans to retire Azure Automation Run As Accounts on September 30, 2023 and replace them
By: Tony Redmond submitted:Feb 10 2023
Microsoft plans to retire Azure Automation Run As Accounts on September 30, 2023 and replace them
with managed identities. I don't have any issue with the proposal because managed identities are more secure and a better overall solution. It would have been nice if Microsoft had communicated the change more broadly. I guess if you were in the know, you found out about this development, but maybe the average Microsoft 365 tenant administrator might have struggled to discover what's happening.
By: Tony Redmond submitted:Feb 10 2023
Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts
(office365itpros.com)
Without any warning, Microsoft seems to have introduced a restriction to the Set-User cmdlet in the
By: Tony Redmond submitted:Jun 16 2022
Without any warning, Microsoft seems to have introduced a restriction to the Set-User cmdlet in the
Exchange Online management PowerShell module. The change happens when you connect a new PowerShell session to Exchange Online and the cmdlets are downloaded into a session.
By: Tony Redmond submitted:Jun 16 2022
PnP PowerShell Changes Its Entra ID App
(office365itpros.com)
On August 21, 2024, news emerged that the PnP PowerShell module will transition from using a
By: Tony Redmond submitted:Aug 30 2024
On August 21, 2024, news emerged that the PnP PowerShell module will transition from using a
multi-tenant Entra ID app to a tenant-specific app. The change is scheduled for September 9, 2024, which doesn't leave a lot of time available for developers to review, update, and test PowerShell scripts based on PnP PowerShell. Some extra warning would have been nice.
By: Tony Redmond submitted:Aug 30 2024
The Right Way to Replace the Remove-SPOExternalUser Cmdlet
(office365itpros.com)
Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend
By: Tony Redmond submitted:Jul 12 2024
Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend
using Remove-AzureADUser as a replacement. It's a bad call because that cmdlet is part of a now-retired and soon to be deprecated module. Overall, recommendations like this make you think that Microsoft doesn't know what's happening across the whole of Microsoft 365. And you might be right.
By: Tony Redmond submitted:Jul 12 2024
Time Running Out for Azure AD and MSOL PowerShell Modules
(office365itpros.com)
Knowledge that Microsoft had plans for Azure AD PowerShell deprecation has been around for a couple
By: Tony Redmond submitted:Apr 7 2023
Knowledge that Microsoft had plans for Azure AD PowerShell deprecation has been around for a couple
of years. Now the time has come when things happen. Cmdlets that set licenses for Azure AD accounts are now retired and will stop working on or before June 30, 2023. If you haven't already upgraded scripts, it's time to do so.
By: Tony Redmond submitted:Apr 7 2023
Blogs, Articles, and Posts
Adding Details of Authentication Methods to the Tenant Passwords and MFA Report
(office365itpros.com)
V1.2 of the User Passwords and MFA report includes the names of authentication methods registered
By: Tony Redmond submitted:Jun 28 2024
V1.2 of the User Passwords and MFA report includes the names of authentication methods registered
for user accounts. V1.3 expands the amount of detail reported for each method, such as the phone number used for SMS challenges, or the email address used for SSPR. It's a small but important detail that's useful to administrators. However, it also comes with a potential privacy issue, so the script must handle that too.
By: Tony Redmond submitted:Jun 28 2024
Alas Kaizala, All is Lost
(practical365.com)
On August 26, Microsoft announced that they will retire Kaizala in August 2023. The Kaizala
By: Tony Redmond submitted:Sep 2 2022
On August 26, Microsoft announced that they will retire Kaizala in August 2023. The Kaizala
retirement is not big news because it's been coming for a while. If you want to get ahead of the game, you can remove the Kaizala service plans from the Office 365 licenses assigned to user accounts. We explain how to do the job in an example PowerShell script.
By: Tony Redmond submitted:Sep 2 2022
All About Pagination with the Graph and the Graph PowerShell SDK
(practical365.com)
When you're new to Graph API requests, you might not know pagination and end up retrieving less data
By: Tony Redmond submitted:Apr 5 2024
When you're new to Graph API requests, you might not know pagination and end up retrieving less data
from queries than is available. In this article, we explain how to use pagination to retrieve data using Graph queries and SDK cmdlets.
By: Tony Redmond submitted:Apr 5 2024
Analyzing Azure Active Directory Sign-In Data with PowerShell
(petri.com)
The Azure Active Directory PowerShell module (now renamed the Azure Active Directory PowerShell for
By: Tony Redmond submitted:Jun 16 2022
The Azure Active Directory PowerShell module (now renamed the Azure Active Directory PowerShell for
Graph module) comes in two versions. The general availability version is intended for production while the preview version (AzureADPreview) contains the cmdlets from the general availability version plus some new cmdlets under development group. The current version of the AzureADPreview module is 2.0.2.105, released in July.
By: Tony Redmond submitted:Jun 16 2022
Assigning Permissions for Apps to Use the Microsoft Teams PowerShell Module
(office365itpros.com)
Before an app or an Azure Automation account can use the Teams PowerShell cmdlets in a script or
By: Tony Redmond submitted:Oct 21 2022
Before an app or an Azure Automation account can use the Teams PowerShell cmdlets in a script or
runbook, it must have the permission to act as an administrator. In this article, we cover how to assign the necessary role to a service principal.
By: Tony Redmond submitted:Oct 21 2022
Avoid Windows Task Scheduler When Running Microsoft 365 PowerShell Scripts
(practical365.com)
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but
By: Tony Redmond submitted:May 26 2023
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but
it creates a dependency on a specific workstation and isn't as secure as you might like. Running Microsoft 365 PowerShell scripts in Azure Automation is a much better idea. It's time to dump the Task Scheduler!
By: Tony Redmond submitted:May 26 2023
Azure AD Access Token Lifetimes and Long-running PowerShell Scripts
(office365itpros.com)
Sometimes, long running PowerShell scripts encounter the problem of Azure AD access token lifetime
By: Tony Redmond submitted:Jun 2 2023
Sometimes, long running PowerShell scripts encounter the problem of Azure AD access token lifetime
expiration. In other words, the default lifetime of tokens issued by Azure AD is too short to allow the script to complete before the token expires. Two solutions exist. Use a token lifetime policy to prolong access token lifetimes or check in code for potential expiration and renew when necessary.
By: Tony Redmond submitted:Jun 2 2023
Bulk License Assignment with the Microsoft Graph PowerShell SDK
(practical365.com)
A reader asked how to use a CSV file for bulk license assignment with the Microsoft Graph PowerShell
By: Tony Redmond submitted:Sep 8 2023
A reader asked how to use a CSV file for bulk license assignment with the Microsoft Graph PowerShell
SDK. We didn't have one to hand, so we wrote a new script to illustrate the principles of how to process license assignments for a set of user accounts (which don't necessarily have to come from a CSV file). We even included some error handling!
By: Tony Redmond submitted:Sep 8 2023
Convert Dynamic Distribution Lists to Teams
(office365itpros.com)
After writing about the recent revamp of Exchange Online dynamic distribution lists, I was asked if
By: Tony Redmond submitted:Jun 16 2022
After writing about the recent revamp of Exchange Online dynamic distribution lists, I was asked if
it was possible to create a team from the membership of a dynamic distribution list. The answer is that the steps are straightforward to create a static Microsoft 365 group. Things get more complicated if you contemplate using a dynamic Microsoft 365 group.
By: Tony Redmond submitted:Jun 16 2022
Customizing the Microsoft 365 User Profile Card with the Microsoft Graph PowerShell SDK
(office365itpros.com)
This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account
By: Tony Redmond submitted:Nov 17 2023
This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account
properties shown by the Microsoft 365 user profile card. Previously this was possible using a Graph API request to the beta endpoint. Now everything is in production and Graph SDK cmdlets are available to make customization a tad easier.
By: Tony Redmond submitted:Nov 17 2023
Despite the Doubters, Microsoft 365 Administrators Should Continue Using PowerShell
(office365itpros.com)
A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use
By: Tony Redmond submitted:Mar 8 2024
A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use
Microsoft 365 PowerShell and use ISV products instead. It's a silly position to argue. PowerShell is an important automation tool for administrators that can't be replaced by any ISV product. ISV products have their place and fill many gaps, but arguing to dump PowerShell and use ISV products instead just can't be justified.
By: Tony Redmond submitted:Mar 8 2024
Discover Who Creates Guest Accounts in Office 365 Applications
(petri.com)
At a recent conference, a discussion took place about the number of guest user accounts now being
By: Tony Redmond submitted:Jun 15 2022
At a recent conference, a discussion took place about the number of guest user accounts now being
created by applications in the directories of Office 365 tenants. The accounts are created through Azure B2B collaboration (by applications that generate invitations to join Office 365 Groups, like Teams and Planner) or SharePoint sharing invitations for documents or folders. It's one thing to invite people outside your tenant to collaborate; it's a horse of a different color to manage the resulting guest accounts.
By: Tony Redmond submitted:Jun 15 2022
Does Microsoft Care about SharePoint Online PowerShell?
(office365itpros.com)
Microsoft's support for SharePoint Online PowerShell has degraded over the last few years.
By: Tony Redmond submitted:Mar 22 2024
Microsoft's support for SharePoint Online PowerShell has degraded over the last few years.
Pnp.PowerShell is now the best option as not much is happening in the official SharePoint Online management module or the tenant settings Graph API. the lack of progress is a pity, but perhaps it's also true that community-driven projects sometimes deliver better results.
By: Tony Redmond submitted:Mar 22 2024
Entra ID Captures Timestamp for Last Successful Sign In for User Accounts
(office365itpros.com)
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in
By: Tony Redmond submitted:Dec 8 2023
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in
action against user accounts. The new property is available through the Graph beta endpoint. Quite a difference can exist between the last successful sign in and the last sign in, as explored in this article.
By: Tony Redmond submitted:Dec 8 2023
Entra ID Improves Registered App Security
(office365itpros.com)
The preview app instance property lock feature designed to improve the security of Entra ID
By: Tony Redmond submitted:Dec 15 2023
The preview app instance property lock feature designed to improve the security of Entra ID
registered apps is becoming the default for new apps. In this article, we describe how to update the app instance property lock to reflect the new default setting using cmdlets from the Microsoft Graph PowerShell SDK, including a script you can download and run.
By: Tony Redmond submitted:Dec 15 2023
Experimenting with PowerShell Batching and Parallel Execution
(practical365.com)
PowerShell Parallel Processing is a mechanism to speed the processing of large quantities of data.
By: Tony Redmond submitted:Jun 14 2024
PowerShell Parallel Processing is a mechanism to speed the processing of large quantities of data.
In this example, we discuss how to use parallel batches to fetch Entra ID account information using mailbox data to drive information retrieval. Although this is only a demonstration of a technique, it might help those who must process thousands of mailboxes or accounts and would like to do so more quickly.
By: Tony Redmond submitted:Jun 14 2024
Find Out Where Users Get Sensitivity Labels From
(office365itpros.com)
A question about finding out which sensitivity label policy makes a label available to a user
By: Tony Redmond submitted:Aug 25 2023
A question about finding out which sensitivity label policy makes a label available to a user
requires some PowerShell to figure out the answer with some human-friendly results. The outcome is a script that analyzes sensitivity label policies to find where a user gets their labels from. It's another example of how useful PowerShell can be.
By: Tony Redmond submitted:Aug 25 2023
Get-Mailbox Versus Get-ExoMailbox
(office365itpros.com)
Microsoft's advice is to use the Get-ExoMailbox cmdlet instead of its older Get-Mailbox counterpart.
By: Tony Redmond submitted:Sep 20 2024
Microsoft's advice is to use the Get-ExoMailbox cmdlet instead of its older Get-Mailbox counterpart.
Generally, this is good advice that you should follow. However, the older cmdlet can do a job in certain circumstances, so don't write it off completely. More importantly, make sure that filtering of objects is done using server-side filters. This will improve script performance significantly.
By: Tony Redmond submitted:Sep 20 2024
Graph and PowerShell Hiccups for the Groups and Teams Report Script
(office365itpros.com)
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
By: Tony Redmond submitted:Mar 29 2024
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous 'not recognized as a valid datetime' problem, so another update was needed. All good, clean fun.
By: Tony Redmond submitted:Mar 29 2024
Handling the Too Many Retries Error and Dealing with Odd Numbers of Audit Events
(office365itpros.com)
The AuditLog Query Graph API remains in beta status but cmdlets are now available in the Microsoft
By: Tony Redmond submitted:Aug 16 2024
The AuditLog Query Graph API remains in beta status but cmdlets are now available in the Microsoft
Graph PowerShell SDK. This led to some oddities in results when the number of audit events found by a search didn't match those reported by the Purview compliance portal. It all worked out in the end. In other news, the Set-MgRequestContext helped sort out some retry problems.
By: Tony Redmond submitted:Aug 16 2024
How the Graph X-Ray Tool Helps PowerShell Developers
(office365itpros.com)
When Microsoft decided to build the administrative tools for Exchange Server 2007 around PowerShell,
By: Tony Redmond submitted:Jun 16 2022
When Microsoft decided to build the administrative tools for Exchange Server 2007 around PowerShell,
they realized that it would take time for administrators to become accustomed to PowerShell. Sensibly, Microsoft included a cmdlet logging facility in the Exchange Management Console (EMC) to allow administrators to see the PowerShell code used to execute different actions, such as creating a new mailbox.
By: Tony Redmond submitted:Jun 16 2022
How to Create Dynamic Administrative Units with PowerShell
(office365itpros.com)
A reader asked how they could create dynamic administrative units for every department in their
By: Tony Redmond submitted:Sep 29 2023
A reader asked how they could create dynamic administrative units for every department in their
directory. A PowerShell script does the job, even if some constraints in how Entra ID processes membership rules means that the rules can't be quite as precise as I would like them to be.
By: Tony Redmond submitted:Sep 29 2023
How to Deal with Common Errors when Running Graph Commands with PowerShell
(practical365.com)
It's great to be able to run Graph API requests in PowerShell scripts if everything goes right. This
By: Tony Redmond submitted:Feb 10 2023
It's great to be able to run Graph API requests in PowerShell scripts if everything goes right. This
article describes why some common Graph API errors occur in scripts and what to do when the errors happen. Most errors are due to permissions assigned to the Azure AD apps used to run scripts and getting the basics will resolve those problems.
By: Tony Redmond submitted:Feb 10 2023
How to Find Teams Channels With a Wiki Tab
(office365itpros.com)
Microsoft plans to replace the Teams wiki with OneNote and will release a migration app to move
By: Tony Redmond submitted:Jan 27 2023
Microsoft plans to replace the Teams wiki with OneNote and will release a migration app to move
content from wiki to OneNote. That's great, but you need to know what channels include the wiki tab before you can decide what material should be migrated. This article explains how to use PowerShell to create a report of Teams channel tabs for wikis.
By: Tony Redmond submitted:Jan 27 2023
How to Hide Teams-Enabled Groups from Exchange Online
(office365itpros.com)
Microsoft intends for groups created for new MicrosoftTeams to be hidden from Exchange Online. Many
By: Tony Redmond submitted:Jun 16 2022
Microsoft intends for groups created for new MicrosoftTeams to be hidden from Exchange Online. Many
are not. If you want to hide all the groups used by Teams, here's how to do the job with PowerShell
By: Tony Redmond submitted:Jun 16 2022
How to Monitor New Members Added to Teams
(office365itpros.com)
I was asked how easy it would be to write a PowerShell script to monitor new teams members and
By: Tony Redmond submitted:Sep 29 2023
I was asked how easy it would be to write a PowerShell script to monitor new teams members and
reject any additions that met specific criteria. Easy, we said, so we set to creating a script to interrogate the unified audit log to find new member events. Once that was done, it's a matter of analyzing the events to find if we should reject the addition of any of the added members.
By: Tony Redmond submitted:Sep 29 2023
How to Remove Licenses From Disabled Accounts with PowerShell
(office365itpros.com)
This article explains how to use PowerShell to remove licenses from disabled accounts, including
By: Tony Redmond submitted:Oct 13 2023
This article explains how to use PowerShell to remove licenses from disabled accounts, including
some caveats such as not removing Exchange Online licenses. Organizations might want to do this to save money on Microsoft 365 license fees while an account is temporarily unused. Removal of Exchange Online licenses can result in the loss of a mailbox, and you don't want that to happen if you're disabling accounts just because someone is on a long-term sabbatical or other leave of absence.
By: Tony Redmond submitted:Oct 13 2023
How to Report Expiring Credentials for Entra ID Apps
(office365itpros.com)
Entra ID registered apps can authenticate using app secrets and certificates. These credentials
By: Tony Redmond submitted:Jan 19 2024
Entra ID registered apps can authenticate using app secrets and certificates. These credentials
expire over time, so it's good to review app credential expiration dates periodically. This article explains how to use the Microsoft Graph PowerShell SDK to generate a report about app credential expiration dates to allow tenant administrators to manage registered apps a little better...
By: Tony Redmond submitted:Jan 19 2024
How to Report High-Priority Azure AD App Permissions That Hackers Might Exploit
(practical365.com)
Microsoft 365 tenants usually include many Azure AD apps. These apps hold permissions, including
By: Tony Redmond submitted:Sep 16 2022
Microsoft 365 tenants usually include many Azure AD apps. These apps hold permissions, including
permissions that hackers like to exploit. This article explains how to use PowerShell to detect apps with high-priority permissions and report them to administrators for review.
By: Tony Redmond submitted:Sep 16 2022
How to Report the MFA Status for Entra ID User Accounts
(practical365.com)
Microsoft doesn't provide a PowerShell cmdlet to return an accurate MFA status for Entra ID user
By: Tony Redmond submitted:Feb 2 2024
Microsoft doesn't provide a PowerShell cmdlet to return an accurate MFA status for Entra ID user
accounts, but by combining data from multiple sources we can write a script to generate a report showing details of user password settings and MFA status.
By: Tony Redmond submitted:Feb 2 2024
How to Retrieve Loop Workspaces Data with PowerShell
(office365itpros.com)
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it
By: Tony Redmond submitted:Apr 12 2024
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it
only retrieved the first 200 workspaces. I hadn't realized that the Get-SPOContainer cmdlet supported an odd form of pagination to retrieve workspace data. In any case, I figured out how to page top find all available workspaces and updated the script. It's just another example of oddness in the SharePoint Online PowerShell module
By: Tony Redmond submitted:Apr 12 2024
How to Set Directory Synchronization Features with the Graph
(office365itpros.com)
Directory synchronization features control how the Entra Connect tool works when synchronizing
By: Tony Redmond submitted:Oct 25 2024
Directory synchronization features control how the Entra Connect tool works when synchronizing
accounts from Active Directory to Entra ID. The current advice is to use a cmdlet from the depreciated MSOL module to update settings. This article explains how to do the job with the Graph APIs, including cmdlets from the Entra PowerShell module.
By: Tony Redmond submitted:Oct 25 2024
How to Update Shared Mailbox Owners About Quota Usage
(office365itpros.com)
An old script created to report quotas for user mailboxes provided the basis for email-based
By: Tony Redmond submitted:Oct 6 2023
An old script created to report quotas for user mailboxes provided the basis for email-based
reporting of shared mailbox quotas. The old script used just Exchange Online PowerShell. This versions mixes Exchange Online and the Graph SDK and throws in some certificate-based authentication to boot to allow the script to send email from something other than the signed-in account.. It all comes together, using chunks of code from other scripts to speed up writing. It's the PowerShell way...
By: Tony Redmond submitted:Oct 6 2023
How to Update Tenant Corporate Branding for the Entra ID Sign-in Screen with PowerShell
(office365itpros.com)
The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can
By: Tony Redmond submitted:Jan 26 2024
The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can
update elements through the admin center or PowerShell. This article explains how to use the Microsoft Graph PowerShell SDK to customize the sign-in text and background image for the sign-in screen.
By: Tony Redmond submitted:Jan 26 2024
How to Use PowerShell to Retrieve Permissions for Entra ID Apps
(office365itpros.com)
Recent attacker activity made me think that access might have been gained through an OAuth app.
By: Tony Redmond submitted:Jan 26 2024
Recent attacker activity made me think that access might have been gained through an OAuth app.
Keeping an eye on app permissions is important. From a PowerShell perspective, it is reasonably straightforward to retrieve details of app permissions using the Microsoft Graph PowerShell SDK. Several methods are available to do the job.
By: Tony Redmond submitted:Jan 26 2024
How to Use the Graph SDK to Manage Group-Based Licensing
(office365itpros.com)
Group-based licensing is a mechanism to make it easier to assign and mange product licenses for
By: Tony Redmond submitted:Nov 8 2024
Group-based licensing is a mechanism to make it easier to assign and mange product licenses for
large sets of user accounts. In this article, we discuss how to use Microsoft Graph PowerShell SDK cmdlets to manage group-based license assignments in a Microsoft 365 tenant. Assigning licenses to groups is very much like direct assignments, but some differences exist.
By: Tony Redmond submitted:Nov 8 2024
Installing the Entire Microsoft Graph PowerShell SDK Seems Like the Right Idea
(office365itpros.com)
An article described some benefits that could be gained from not installing the complete Microsoft
By: Tony Redmond submitted:Sep 27 2024
An article described some benefits that could be gained from not installing the complete Microsoft
Graph PowerShell SDK. The question is whether the claimed benefits are more theoretical than actual. It's hard to say because it all depends on how someone uses the SDK for development or to run scripts. Anyway, it's a topic worth discussing.
By: Tony Redmond submitted:Sep 27 2024
Lessons Learned from Using Azure Automation with PowerShell Scripts
(office365itpros.com)
I've spent some time investigating Azure Automation PowerShell recently. In this article, I discuss
By: Tony Redmond submitted:Sep 2 2022
I've spent some time investigating Azure Automation PowerShell recently. In this article, I discuss
three learnings that might be of interest to others. Debugging, cost, and tracking the use of Azure Automation PowerShell might not interest everyone, but they've certainly helped me to understand how the platform works.
By: Tony Redmond submitted:Sep 2 2022
Manage PIM Role Assignments with PowerShell
(office365itpros.com)
This article describes how to create eligible and active PIM role assignment requests using cmdlets
By: Tony Redmond submitted:Nov 15 2024
This article describes how to create eligible and active PIM role assignment requests using cmdlets
from the Microsoft Graph PowerShell SDK.
By: Tony Redmond submitted:Nov 15 2024
Managing Passwords for Entra ID Accounts with PowerShell
(office365itpros.com)
Password profiles store the password settings for Entra ID user accounts. By updating the password
By: Tony Redmond submitted:Jan 12 2024
Password profiles store the password settings for Entra ID user accounts. By updating the password
profile, you can update an account's password and force actions like force the user to change their password on the next sign-in or force the user to enable multifactor authentication for the account. All done with cmdlets from the Microsoft Graph PowerShell SDK.
By: Tony Redmond submitted:Jan 12 2024
Mastering the Foibles of the Microsoft Graph PowerShell SDK
(office365itpros.com)
After a while, you discover the holes in any technology. In the case of the Microsoft Graph
By: Tony Redmond submitted:Feb 17 2023
After a while, you discover the holes in any technology. In the case of the Microsoft Graph
PowerShell SDK, some inconsistencies await unwary developers. The SDK doesn't like $Null, doesn't support pipelining, insists on specific property casing at times, sometimes accepts user principal names and sometimes doesn't, and sticks valuable data in hash tables hiding in a property you might know nothing about. Good as it is to have the SDK cmdlets, they need to be treated with care as you transition from the old Azure AD and MSOL modules.
By: Tony Redmond submitted:Feb 17 2023
Microsoft Flags Need to Upgrade PowerShell Scripts to Use TLS 1.2
(office365itpros.com)
Failure Will Break Ability to Send Email via Exchange Online
By: Tony Redmond submitted:Jun 16 2022
Failure Will Break Ability to Send Email via Exchange Online
By: Tony Redmond submitted:Jun 16 2022
Microsoft Graph Explorer Boosted by New Features
(office365itpros.com)
Some recent changes have made the Graph Explorer even more useful. First, PowerShell has joined the
By: Tony Redmond submitted:Jul 1 2022
Some recent changes have made the Graph Explorer even more useful. First, PowerShell has joined the
set of supported languages for code snippets.
By: Tony Redmond submitted:Jul 1 2022
Microsoft Graph Support for SharePoint Online Tenant Settings
(office365itpros.com)
Despite being the two basic Microsoft 365 workloads, one of the notable gaps in Microsoft Graph API
By: Tony Redmond submitted:Jul 22 2022
Despite being the two basic Microsoft 365 workloads, one of the notable gaps in Microsoft Graph API
coverage has been administrative interfaces for SharePoint Online and Exchange Online. A small but valuable step in the right direction happened with the appearance of the settings resource type in the TenantAdmin namespace.
By: Tony Redmond submitted:Jul 22 2022
Microsoft Launches Preview PowerShell Module for Graph
(petri.com)
In a September 2019 Petri.com article, I discuss how to use Microsoft Graph API calls with
By: Tony Redmond submitted:Jun 15 2022
In a September 2019 Petri.com article, I discuss how to use Microsoft Graph API calls with
PowerShell to expose information that can't be accessed with PowerShell cmdlets. In the example given, we use the PowerShell Invoke-WebRequest cmdlet to make Graph calls to fetch the email addresses of Teams channels because this is a property that you can't get with any of the cmdlets in any Office 365 PowerShell module.
By: Tony Redmond submitted:Jun 15 2022
Microsoft Releases Cmdlet to Retrieve Disposition Review Items
(office365itpros.com)
The Get-ReviewItems cmdlet (in the Exchange Online management module) is available to export details
By: Tony Redmond submitted:Apr 14 2023
The Get-ReviewItems cmdlet (in the Exchange Online management module) is available to export details
about disposition review items in either a pending or disposed state. It's possible that you don't care very much about records management, retention labels, or disposition processing, but if you do, you'll be glad that the new cmdlet exists.
By: Tony Redmond submitted:Apr 14 2023
Microsoft Retires the Revoke-SPOUserSession Cmdlet
(office365itpros.com)
Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November
By: Tony Redmond submitted:Oct 4 2024
Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November
2024. The cmdlet is replaced by the Revoke-MgUserSignInSession cmdlet, which works across Microsoft 365 rather than just SharePoint Online. All of this happened while the 2nd annual PowerShell Script-Off happened at TEC 2024 and competitors struggled with what to do to secure a user account for an ex-employee.
By: Tony Redmond submitted:Oct 4 2024
Microsoft Sets March 2024 Date for Retirement of Old Azure AD PowerShell Modules
(practical365.com)
After much humming and hawing, Microsoft reset the retirement date for several old Azure AD modules
By: Tony Redmond submitted:Jun 16 2023
After much humming and hawing, Microsoft reset the retirement date for several old Azure AD modules
to March 30, 2024. The nine-month extension is there to help customers convert scripts to use the Microsoft Graph PowerShell SDK or Graph API requests. On the upside, the extra time is good as it creates space to migrate scripts. On the downside, there's still some challenges in converting from the old Azure AD modules.
By: Tony Redmond submitted:Jun 16 2023
Modifying the Teams Tenant Federation Configuration with PowerShell
(office365itpros.com)
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant
By: Tony Redmond submitted:Apr 12 2024
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant
federation configuration again to improve how a script works. Instead of taking all the domains guest accounts came from and adding them to the configuration, I created a function to check if the tenant uses Microsoft 365. If it does, we add the tenant to the allow list in the tenant federation configuration. If not, we ignore the domain.
By: Tony Redmond submitted:Apr 12 2024
More Microsoft Graph PowerShell SDK Problems
(office365itpros.com)
Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case,
By: Tony Redmond submitted:May 10 2024
Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case,
Microsoft changed cmdlet names. In another, it's an identity issue caused by incompatible assemblies. In both cases, questions have to be asked about the level of testing done by Microsoft before they release a new module. Bugs do happen, but testing should catch the obvious problems.
By: Tony Redmond submitted:May 10 2024
Moving on from Send-MailMessage
(practical365.com)
Sending Email from PowerShell using the Graph API
By: Tony Redmond submitted:Jun 16 2022
Sending Email from PowerShell using the Graph API
By: Tony Redmond submitted:Jun 16 2022
Office Connectors Retirement for Teams
(office365itpros.com)
In June, Microsoft retired Office Connectors for SharePoint Online and Microsoft 365 Groups.
By: Tony Redmond submitted:Jul 12 2024
In June, Microsoft retired Office Connectors for SharePoint Online and Microsoft 365 Groups.
Starting on August 15, they're retiring connectors for Teams. The problem is finding out which teams and channels have configured connectors. That's when PowerShell comes in handy, as we prove with a script to report which teams have connectors.
By: Tony Redmond submitted:Jul 12 2024
OneDrive Known Folders and PowerShell Module Installations
(office365itpros.com)
The OneDrive Known Folder Move feature has been around for a couple of years. Basically, this allows
By: Tony Redmond submitted:Jun 16 2022
The OneDrive Known Folder Move feature has been around for a couple of years. Basically, this allows
you to redirect common (well-known) folders from your PC to OneDrive so that anything created in Documents, Pictures, and the desktop is automatically saved in your OneDrive for Business account. Generally, everything works well, and I have been very happy. Except until the time came to update the Azure Active Directory preview module from 2.0.2.77 to 2.0.2.89.
By: Tony Redmond submitted:Jun 16 2022
OneDrive Personal Gets File Exclusions
(office365itpros.com)
Microsoft 365 tenants have long been able to define file type exclusions for the OneDrive for
By: Tony Redmond submitted:Jun 30 2023
Microsoft 365 tenants have long been able to define file type exclusions for the OneDrive for
Business sync client through the SharePoint Online admin center, PowerShell, or GPO. A change in the client now exposes the excluded file types to user view for the first time. Meantime, the OneDrive Personal client also gains support for file type exclusions.
By: Tony Redmond submitted:Jun 30 2023
Practical Graph: Understanding What Happens When the Connect-MgGraph Cmdlet Runs
(practical365.com)
This article describes what happens when the Connect-MgGraph cmdlet runs in interactive and app-only
By: Tony Redmond submitted:Dec 20 2024
This article describes what happens when the Connect-MgGraph cmdlet runs in interactive and app-only
sessions with the Microsoft Graph PowerShell SDK. A session is created and a context is established, and it's possible to use the session context to do real work.
By: Tony Redmond submitted:Dec 20 2024
Practical Graph: Using GitHub Copilot for Microsoft 365 PowerShell Development
(practical365.com)
GitHub Copilot costs $10/month. At that price level, anyone working with PowerShell should try out
By: Tony Redmond submitted:Jul 19 2024
GitHub Copilot costs $10/month. At that price level, anyone working with PowerShell should try out
the AI assistance to see if it helps. But will GitHub Copilot work well with Microsoft 365 PowerShell modules like Exchange Online and the Microsoft Graph PowerShell SDK. That's what we tested and report on here.
By: Tony Redmond submitted:Jul 19 2024
Practical Graph: Working with Microsoft Lists using the Microsoft Graph PowerShell SDK
(practical365.com)
Microsoft Lists are a powerful tool for end users to store and manage data stored in SharePoint
By: Tony Redmond submitted:Sep 13 2024
Microsoft Lists are a powerful tool for end users to store and manage data stored in SharePoint
Online sites. The Microsoft Graph PowerShell SDK includes cmdlets to work with Microsoft Lists and this article explains how to use the cmdlets to add new lists, add items to lists, retrieve data from lists, and remove items from lists.
By: Tony Redmond submitted:Sep 13 2024
Processing Microsoft 365 Retention Labels with the Microsoft Graph PowerShell SDK
(office365itpros.com)
Two types of retention labels are in use: Microsoft 365 retention labels and MRM retention tags.
By: Tony Redmond submitted:Dec 20 2024
Two types of retention labels are in use: Microsoft 365 retention labels and MRM retention tags.
Clients hide the difference, but the Microsoft Graph PowerShell SDK cmdlets can only process Microsoft 365 retention labels for files stored in SharePoint Online and OneDrive for Business. EWS can manage MRM retention tags, but it's on a fast path to retirement in 2026.
By: Tony Redmond submitted:Dec 20 2024
Removing Licenses from Entra ID Accounts When a Replacement License Exists
(office365itpros.com)
License management is a core competence for Microsoft 365 tenant administrators. This article
By: Tony Redmond submitted:Apr 19 2024
License management is a core competence for Microsoft 365 tenant administrators. This article
explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It's the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
By: Tony Redmond submitted:Apr 19 2024
Removing Licenses from Entra ID Accounts When a Replacement License Exists
(office365itpros.com)
License management is a core competence for Microsoft 365 tenant administrators. This article
By: Tony Redmond submitted:Apr 26 2024
License management is a core competence for Microsoft 365 tenant administrators. This article
explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It's the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
By: Tony Redmond submitted:Apr 26 2024
Removing Outlook Add-ins From Mailboxes with PowerShell
(office365itpros.com)
The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was
By: Tony Redmond submitted:May 3 2024
The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was
asked how to disable the add-in for some mailboxes. Here's how to do the job using PowerShell to find a set of target mailboxes and then turn off Send to Teams for each mailbox.
By: Tony Redmond submitted:May 3 2024
Report SharePoint Online Files Using the Microsoft Graph PowerShell SDK
(practical365.com)
This article describes creating a SharePoint Online files report using the Microsoft Graph
By: Tony Redmond submitted:May 10 2024
This article describes creating a SharePoint Online files report using the Microsoft Graph
PowerShell SDK. While keeping digital debris online might have been unimportant in the past, it's something that can wreak havoc in the era of generative AI when tools like Copilot for Microsoft 365 are happy to consume obsolete and inaccurate material.
By: Tony Redmond submitted:May 10 2024
Reporting Exchange Online Meeting Room Usage Patterns
(office365itpros.com)
Room mailboxes are still heavily used for in-person meetings. It's good to know how often and when
By: Tony Redmond submitted:Feb 10 2023
Room mailboxes are still heavily used for in-person meetings. It's good to know how often and when
rooms are used, which is why we have the room mailbox report script. In the second version of the script, we include code to figure out the daily usage pattern of individual rooms and for all rooms across the organization. The graphics in our bar chart are crude, but the chart is generated with a few lines of PowerShell, so feel free to improve the script.
By: Tony Redmond submitted:Feb 10 2023
Reporting Microsoft Entra ID Administrative Units
(practical365.com)
Microsoft Entra administrative units are gaining in popularity. Restricted administrative units are
By: Tony Redmond submitted:Jul 21 2023
Microsoft Entra administrative units are gaining in popularity. Restricted administrative units are
now available and many Purview solutions support administrative units. In this article, we explain how to use Microsoft Graph PowerShell SDK cmdlets to create a report about administrative units, role assignments for their management, and their membership.
By: Tony Redmond submitted:Jul 21 2023
Reporting OneDrive for Business Storage
(office365itpros.com)
A couple of years ago, retrieving information about OneDrive for Business sites with PowerShell
By: Tony Redmond submitted:Jun 15 2022
A couple of years ago, retrieving information about OneDrive for Business sites with PowerShell
usually involved some gyrations. Then Microsoft updated the Get-SPOSite cmdlet with the IncludePersonalSite switch and things became easier. For instance, a reader asked if it was possible to generate a report listing all the OneDrive for Business sites in a tenant with the storage allocated and used for each site. No problem, we thought, as we scanned the internet to see if people had already solved the problem. As it happens, several example scripts are available, but we ended up writing our own because it was possible to simplify the code . We also store the output in a CSV file as it's a very flexible format for reporting or further analysis (like importing into Power BI).
By: Tony Redmond submitted:Jun 15 2022
Reporting SharePoint Online External Users with PowerShell
(office365itpros.com)
A SharePoint external user is someone who doesn't have an account in your tenant. Because of the
By: Tony Redmond submitted:Jul 22 2022
A SharePoint external user is someone who doesn't have an account in your tenant. Because of the
influence of Teams, most SharePoint Online external users are guest accounts, created when external people join the membership of Microsoft 365 Groups (teams). If the organization uses the SharePoint Online integration with Azure AD B2B collaboration, SharePoint also creates guest accounts when people share files or folders with external people.
By: Tony Redmond submitted:Jul 22 2022
Reporting Teams Channel Email Addresses
(office365itpros.com)
No Microsoft 365 admin portal will tell you about the set of email addresses assigned to Teams
By: Tony Redmond submitted:Aug 26 2022
No Microsoft 365 admin portal will tell you about the set of email addresses assigned to Teams
channels. Fortunately, it's relatively easy to create a report with PowerShell and just a little Graph magic.
By: Tony Redmond submitted:Aug 26 2022
Reporting the Storage Used by Loop Workspaces
(office365itpros.com)
When Microsoft put the Loop app into preview, they didn't impose any restrictions in terms of
By: Tony Redmond submitted:Nov 10 2023
When Microsoft put the Loop app into preview, they didn't impose any restrictions in terms of
licensing or workspace storage. MC678308 announces that Loop workspace storage will count against the tenant SharePoint Online storage quota. This article explains how to use the Get-SPOContainer cmdlet to fetch information about Loop workspaces and the storage they consume.
By: Tony Redmond submitted:Nov 10 2023
Reporting User and Group Assignments for Enterprise Applications
(office365itpros.com)
A reader asked how to report user and group assignments for enterprise apps. As it turns out, this
By: Tony Redmond submitted:Dec 1 2023
A reader asked how to report user and group assignments for enterprise apps. As it turns out, this
isn't particularly difficult, if you know where to look. Our script uses the Graph SDK to check service principals, filters out the apps to check, and extracts the user and group assignments before reporting what it finds.
By: Tony Redmond submitted:Dec 1 2023
Sending Email from Exchange Online Using the Microsoft Graph SDK for PowerShell
(practical365.com)
Recently, I've been exploring how to use the Microsoft Graph with PowerShell to automate some common
By: Tony Redmond submitted:Jun 16 2022
Recently, I've been exploring how to use the Microsoft Graph with PowerShell to automate some common
administrative tasks within Microsoft 365. Among the recent factors causing me to consider using Graph APIs with PowerShell are:
By: Tony Redmond submitted:Jun 16 2022
Sending Urgent Teams Chats with PowerShell
(office365itpros.com)
A reader asked if it is possible to script sending chat messages. In this article, we explore how to
By: Tony Redmond submitted:Apr 26 2024
A reader asked if it is possible to script sending chat messages. In this article, we explore how to
compose and send Teams urgent messages to a set of recipients using Microsoft Graph PowerShell SDK cmdlets. The conversation with each recipient is a one-to-one chat that Teams either creates from scratch or reuses (if a suitable one-on-one chat exists).
By: Tony Redmond submitted:Apr 26 2024
The Maddening Side of the Microsoft Graph PowerShell SDK
(office365itpros.com)
All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well
By: Tony Redmond submitted:Jul 26 2024
All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well
known. But it's much harder when the underlying foundation contributes to the craziness as described in this article. Graph pagination works in a specific way and Microsoft tunes the Graph to deliver great performance by reducing the set of properties returned for objects. Both can cause concern for developers.
By: Tony Redmond submitted:Jul 26 2024
The Maddening Side of the Microsoft Graph PowerShell SDK
(office365itpros.com)
All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well
By: Tony Redmond submitted:Aug 2 2024
All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well
known. But it's much harder when the underlying foundation contributes to the craziness as described in this article. Graph pagination works in a specific way and Microsoft tunes the Graph to deliver great performance by reducing the set of properties returned for objects. Both can cause concern for developers.
By: Tony Redmond submitted:Aug 2 2024
The Many Ways to Send Email via the Microsoft Graph
(practical365.com)
For those wanting to eliminate the SMTP AUTH protocol, Microsoft has three ways to send email using
By: Tony Redmond submitted:Nov 4 2022
For those wanting to eliminate the SMTP AUTH protocol, Microsoft has three ways to send email using
Graph APIs. This article looks at how to use the Send-MgUserMail cmdlet and compares it to the Send-MgUserMessage cmdlet (covered in depth in a previous article). Our conclusion is that you'll probably end up using Send-MgUserMail because it's easier to use.
By: Tony Redmond submitted:Nov 4 2022
The Right Way to Revoke Access from Azure AD Accounts with PowerShell
(office365itpros.com)
The Microsoft Graph PowerShell SDK includes two cmdlets to revoke access for Azure AD accounts. As
By: Tony Redmond submitted:Apr 21 2023
The Microsoft Graph PowerShell SDK includes two cmdlets to revoke access for Azure AD accounts. As
it turns out, Microsoft would prefer if developers use the Revoke-MgUserSignInSession cmdlet instead of Invoke-MgInvalidateUserRefreshToken, but who would have known if we hadn't asked the question?
By: Tony Redmond submitted:Apr 21 2023
Three Ways to use PowerShell to Send a Welcome Message to New Office 365 Users
(office365itpros.com)
A recent appeal from a reader for a PowerShell script to send a welcome message to new people
By: Tony Redmond submitted:Jun 15 2022
A recent appeal from a reader for a PowerShell script to send a welcome message to new people
joining an Office 365 tenant forced me to think about the best solution. The issue isn't finding a script to do the job because there's plenty of scripts published in places like the TechNet Gallery
By: Tony Redmond submitted:Jun 15 2022
To Splat or Not to Splat, That’s the Question
(office365itpros.com)
Splatting is an optional PowerShell technique designed to make it easier to pass parameter values
By: Tony Redmond submitted:Jun 14 2024
Splatting is an optional PowerShell technique designed to make it easier to pass parameter values
for cmdlets. It's a personal choice whether to use splatting instead of passing values to individual parameters in the command line. Although the Microsoft Graph PowerShell SDK can be a little strange at times, you can use splatting with SDK cmdlets, even with some pretty complex parameters such as those used to filter objects.
By: Tony Redmond submitted:Jun 14 2024
Transferring Reusable PowerShell Objects Between Microsoft 365 Tenants
(office365itpros.com)
People often need to transfer objects or code between Microsoft 365 tenants. When it comes to
By: Tony Redmond submitted:Sep 6 2024
People often need to transfer objects or code between Microsoft 365 tenants. When it comes to
dealing with objects, the Microsoft Graph PowerShell SDK's ToJsonString method is very useful. The method outputs a string containing JSON content, but only for object properties that have a value. This makes the much easier to use the output as the basis for a template object or as the payload body to create an object in another tenant.
By: Tony Redmond submitted:Sep 6 2024
Updating Extension Attributes for Azure AD Registered Devices with the Microsoft Graph PowerShell SDK
(office365itpros.com)
Azure AD registered devices have 15 extension attributes that tenants can use for their own
By: Tony Redmond submitted:Sep 9 2022
Azure AD registered devices have 15 extension attributes that tenants can use for their own
purposes. In this article, we explore how to use the Microsoft Graph PowerShell SDK to update extension attributes for registered devices, and even better, access the content in the extension attributes afterward.
By: Tony Redmond submitted:Sep 9 2022
Upgrade of Teams Policy Cmdlets Enables Use in Azure Automation
(office365itpros.com)
This article explains how to make Teams policy assignments using an Azure Automation runbook and
By: Tony Redmond submitted:Nov 4 2022
This article explains how to make Teams policy assignments using an Azure Automation runbook and
some of the modernized cmdlets available in the Teams PowerShell module. Not everything worked as smoothly as we'd like, but like most PowerShell scenarios, there's usually a workaround available to get the job done. It just needs to be found.
By: Tony Redmond submitted:Nov 4 2022
Upgrading the Microsoft 365 Groups and Teams Membership Report Script
(office365itpros.com)
The Microsoft 365 Groups Report (membership of groups and teams) originally used the Azure AD and
By: Tony Redmond submitted:Jan 20 2023
The Microsoft 365 Groups Report (membership of groups and teams) originally used the Azure AD and
Exchange Online PowerShell modules. Now its code uses only cmdlets from the Microsoft Graph PowerShell SDK. It's an example of the kind of update that many organizations are going through due to the upcoming deprecation of the Azure AD and MSOL modules.
By: Tony Redmond submitted:Jan 20 2023
Upgrading the Teams and Groups Activity Report to 6.0
(office365itpros.com)
The Teams and Groups activity report is a popular script that helps administrators identify inactive
By: Tony Redmond submitted:Jul 19 2024
The Teams and Groups activity report is a popular script that helps administrators identify inactive
teams and groups within a Microsoft 365 tenant. The script code has been developed over the years. The last version converted to Graph API requests to improve performance. This time, the upgrade is to use the Microsoft Graph PowerShell SDK to make the code easier to maintain.
By: Tony Redmond submitted:Jul 19 2024
Use PowerShell to Look Up IP Address Geolocation Data
(practical365.com)
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses
By: Tony Redmond submitted:Mar 17 2023
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses
come from and if they are internal or external, PowerShell developers can use online web-based geolocation services. It's important not to overuse the services because you could be throttled.
By: Tony Redmond submitted:Mar 17 2023
Use the Debug Parameter for Microsoft Graph PowerShell SDK Cmdlets to Expose Graph API Requests
(office365itpros.com)
Debug Microsoft Graph PowerShell SDK Cmdlets to Gain Insights into What They Do
By: Tony Redmond submitted:Jul 15 2022
Debug Microsoft Graph PowerShell SDK Cmdlets to Gain Insights into What They Do
By: Tony Redmond submitted:Jul 15 2022
Using Azure Key Vault with Microsoft 365 PowerShell
(office365itpros.com)
A previous article explains how to use an Azure Automation runbook to write information to a
By: Tony Redmond submitted:Aug 19 2022
A previous article explains how to use an Azure Automation runbook to write information to a
SharePoint Online site and Teams channel. At the time, I used a stored credential to authenticate and access SharePoint and Teams. Azure Key Vault offers another way to store secrets (bits of information) securely. This article explores how to store secrets in Azure Key Vault and retrieve and use the secrets in a runbook script and interactive PowerShell.
By: Tony Redmond submitted:Aug 19 2022
Using Exchange Online PowerShell with Azure Automation Managed Identities
(practical365.com)
Microsoft doesn't support using an Azure Automation managed identity and Exchange Online PowerShell.
By: Tony Redmond submitted:Aug 26 2022
Microsoft doesn't support using an Azure Automation managed identity and Exchange Online PowerShell.
However, that doesn't mean the two can't work together. In this article we explore how to use Exchange Online PowerShell with Azure Automation while waiting for Microsoft to deliver a full solution.
By: Tony Redmond submitted:Aug 26 2022
Using Microsoft Graph SDK Cmdlets to Create a SharePoint Online List
(office365itpros.com)
An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In
By: Tony Redmond submitted:Nov 3 2023
An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In
this article, we do the same with cmdlets from the Microsoft Graph PowerShell SDK. The results achieved with the Graph SDK aren't as good as those gained with PnP.PowerShell. Some of the SDK cmdlets don't function as expected and the resulting list is not as functional as the one generated by PnP. Oh well...
By: Tony Redmond submitted:Nov 3 2023
Using Microsoft Translator with PowerShell for Automatic Translation of Sensitivity Labels
(practical365.com)
Sensitivity labels support local language values, meaning that you can translate the display name
By: Tony Redmond submitted:Mar 3 2023
Sensitivity labels support local language values, meaning that you can translate the display name
and tooltip for labels so that they appear in the language chosen by a user. Most people don't both because it's painfully slow to insert the translated strings for multiple languages. However, when you apply a mixture of PowerShell and the Microsoft Translator service, the task becomes so much easier.
By: Tony Redmond submitted:Mar 3 2023
Using PowerShell to Manage Azure AD Custom Security Attributes
(office365itpros.com)
Azure AD custom security attributes can mark user and service principal objects for special
By: Tony Redmond submitted:Nov 18 2022
Azure AD custom security attributes can mark user and service principal objects for special
processing, which is how the app filter for conditional access policies works. It's nice to be able to interact with data through PowerShell and the Microsoft Graph PowerShell SDK cmdlets support setting, updating, and retrieval of Azure AD custom security attributes. Everything works, but it's a pity that it's a little clunky.
By: Tony Redmond submitted:Nov 18 2022
Using PowerShell to Post Channel Messages with Teams Workflows
(office365itpros.com)
The incoming webhook connector is a popular method to post information to Teams channels, but
By: Tony Redmond submitted:Jun 21 2024
The incoming webhook connector is a popular method to post information to Teams channels, but
Microsoft seems set on retiring the Office connectors. The Teams post to channel workflow when a webhook request is received seems like is a possible replacement, but it's not just a matter of switching mechanisms. Some PowerShell magic is needed to create a suitable adaptive card to post to the channel, which is exactly what we explain how to do here.
By: Tony Redmond submitted:Jun 21 2024
Using the Get-TeamAllChannel Cmdlet
(office365itpros.com)
Version 4.6 of the Microsoft Teams PowerShell module includes the Get-TeamAllChannel cmdlet. As the
By: Tony Redmond submitted:Aug 5 2022
Version 4.6 of the Microsoft Teams PowerShell module includes the Get-TeamAllChannel cmdlet. As the
name implies, the cmdlet returns details of all channels in a team (regular, private, and shared). To see what it does, we wrote a script to report all the channels in teams in a tenant.
By: Tony Redmond submitted:Aug 5 2022
Using the Microsoft Graph SDK for PowerShell with Azure Automation
(practical365.com)
In a previous article about using Azure Automation accounts and runbooks with the Exchange Online
By: Tony Redmond submitted:Jun 16 2022
In a previous article about using Azure Automation accounts and runbooks with the Exchange Online
management PowerShell module, in that article, I also explained how to use Graph API queries in a PowerShell script executed in a runbook.
By: Tony Redmond submitted:Jun 16 2022
Why You Should Not Upgrade to Microsoft Graph PowerShell SDK V2.14
(office365itpros.com)
Usually, we recommend that Microsoft 365 tenants use the latest version of the Microsoft Graph
By: Tony Redmond submitted:Feb 23 2024
Usually, we recommend that Microsoft 365 tenants use the latest version of the Microsoft Graph
PowerShell SDK. However, a serious bug in V2.14 means that this (and perhaps V2.13.1) should be avoided until Microsoft fixes a problem that causes spurious output to be included when cmdlets like Get-MgUser and Get-MgGroup are run.
By: Tony Redmond submitted:Feb 23 2024
Working with Calendar Permissions using the Microsoft Graph PowerShell SDK
(office365itpros.com)
The Set-MailboxFolderPermission cmdlet is usually used to set calendar permissions, including the
By: Tony Redmond submitted:Jun 21 2024
The Set-MailboxFolderPermission cmdlet is usually used to set calendar permissions, including the
permission for the default user to allow everyone in an organization to see each other's calendars. But you can use cmdlets from the Microsoft Graph PowerShell SDK too. The Graph SDK cmdlets are faster, but not enough to warrant replacing the Exchange cmdlet in scripts. We explain why here.
By: Tony Redmond submitted:Jun 21 2024
Working with Teams Messaging Using the Microsoft Graph PowerShell SDK
(practical365.com)
This article describes how to use the Microsoft Graph PowerShell SDK to interact with Teams
By: Tony Redmond submitted:May 31 2024
This article describes how to use the Microsoft Graph PowerShell SDK to interact with Teams
messaging to create new one-to-one and group chats and post messages to chats and channel conversations.
By: Tony Redmond submitted:May 31 2024
Projects, Scripts, and Modules
All About the Office 365 for IT Pros GitHub Repository
(office365itpros.com)
The Office365ITPros GitHub repository holds over 300 PowerShell scripts showing how to interact with
By: Tony Redmond submitted:Jan 10 2025
The Office365ITPros GitHub repository holds over 300 PowerShell scripts showing how to interact with
Microsoft 365 and Entra ID. Anyone can contribute to Office365ITPros by forking the code to a copy of the repository and making changes to scripts there. If you want, you can push the changes back to us so that we can consider their inclusion in Office365ITPros. It's a great example of community in action.
By: Tony Redmond submitted:Jan 10 2025
Graph and PowerShell Hiccups for the Groups and Teams Report Script
(office365itpros.com)
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
By: Tony Redmond submitted:Mar 22 2024
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous 'not recognized as a valid datetime' problem, so another update was needed. All good, clean fun.
By: Tony Redmond submitted:Mar 22 2024
Interpreting Audit Records for Teams Meeting Recordings (Again)
(office365itpros.com)
Three years ago, I wrote a script to analyze the audit records generated for Teams meeting
By: Tony Redmond submitted:Jun 14 2024
Three years ago, I wrote a script to analyze the audit records generated for Teams meeting
recordings. Then things changed in terms of how the audit records were generated and how the Search-UnifiedAuditLog cmdlet returns audit search results. All of which meant that considerable work was needed to revamp (rewrite) the script. Maybe you need to check any script that uses the Search-UnifiedAuditLog cmdlet too?
By: Tony Redmond submitted:Jun 14 2024
Introducing the Office 365 for IT Pros GitHub Repository
(office365itpros.com)
It can be hard to become fluent in PowerShell, especially when working with a service where multiple
By: Tony Redmond submitted:Jun 16 2022
It can be hard to become fluent in PowerShell, especially when working with a service where multiple
modules (all with their own kinks) are used. However, PowerShell is very approachable and it's surprising what you can do with just a couple of lines of code. Working examples are great learning tools to help PowerShell newcomers (and maybe experienced coders) come up with solutions to problems. A couple of years ago, we created the Office 365 for IT Pros GitHub repository. Since then, we've been populating the repository with PowerShell scripts created to illustrate new features or to demonstrate how to approach solving an administrative problem in an Office 365 tenant. The repository currently holds a collection of 81 scripts.
By: Tony Redmond submitted:Jun 16 2022
Microsoft 365 Licensing Report Script V1.94
(office365itpros.com)
The Microsoft 365 Licensing Report PowerShell script has been upgraded to generate detailed license
By: Tony Redmond submitted:Sep 13 2024
The Microsoft 365 Licensing Report PowerShell script has been upgraded to generate detailed license
information and to deal with expired license subscriptions. You can download V1.94 of the script from GitHub. Before attempting to run the licensing report script, take the time to read previous articles to understand the basics of the script and how to generate the files used for pricing information.
By: Tony Redmond submitted:Sep 13 2024
Microsoft Releases V2.3.0 of the Teams PowerShell Module
(office365itpros.com)
On April 30, 2021, Microsoft published V2.3.0 of the Microsoft Teams PowerShell module in the
By: Tony Redmond submitted:Jun 16 2022
On April 30, 2021, Microsoft published V2.3.0 of the Microsoft Teams PowerShell module in the
PowerShell Gallery. Welcome as any update is, the publication was unaccompanied by any announcement or notification, and Microsoft didn't up date the release notes for the module until late on May 3. Even with the release notes, we don't know exactly what V2.3.0 contains, so it's time for inspired interpre...
By: Tony Redmond submitted:Jun 16 2022
Monitor and Report Additions to Teams Membership
(office365itpros.com)
A question about how to report specific changes to Teams memberships gave another excuse to use
By: Tony Redmond submitted:Aug 25 2023
A question about how to report specific changes to Teams memberships gave another excuse to use
PowerShell with the unified audit log to deliver a solution. The idea is that you can check audit log entries to see when specific user accounts join the membership of Teams. Once you've found that data, it's a simple matter of creating email to share the results. All done with a few lines of PowerShell...
By: Tony Redmond submitted:Aug 25 2023
New MSIdentityTools Cmdlet to Report OAuth Permissions
(office365itpros.com)
The latest version of the MSIndentityTools PowerShell module includes the
By: Tony Redmond submitted:Feb 9 2024
The latest version of the MSIndentityTools PowerShell module includes the
Export-MsIdAppConsentGrantReport cmdlet to generate a report of OAuth app permissions. Allied with the ImportExcel module, the cmdlet can produce a very nice workbook containing lots of information about permissions held by the apps in a tenant. But even better, you can export the data to PowerShell and use it in your scripts.
By: Tony Redmond submitted:Feb 9 2024
Recovering Deleted Groups with the Graph PowerShell SDK
(office365itpros.com)
This article describes how to restore deleted Azure AD groups with PowerShell using cmdlets from the
By: Tony Redmond submitted:Jan 6 2023
This article describes how to restore deleted Azure AD groups with PowerShell using cmdlets from the
Microsoft Graph PowerShell SDK. Although options exist in the Microsoft 365 admin center and Azure AD admin center to restore deleted groups, it's nice to have the option to do the same with PowerShell.
By: Tony Redmond submitted:Jan 6 2023
Report OneDrive for Business Storage Based on Usage Data
(office365itpros.com)
If you wanted to write a PowerShell script to create a OneDrive storage report, you'd probably use
By: Tony Redmond submitted:Mar 1 2024
If you wanted to write a PowerShell script to create a OneDrive storage report, you'd probably use
the cmdlets from the SharePoint Online management module. But accessing OneDrive usage data via the Graph is much faster. And you can include information from other sources, such as user properties, to build out the report. All explained here.
By: Tony Redmond submitted:Mar 1 2024
Reporting Entra ID Admin Consent Requests
(office365itpros.com)
A question came in about how to report admin consent requests as viewed through the Entra ID admin
By: Tony Redmond submitted:Jan 5 2024
A question came in about how to report admin consent requests as viewed through the Entra ID admin
center. PowerShell does the trick, once you know how. The key thing is to find the right cmdlet to use. Once you know that, the rest is pretty easy as we explain in this article.
By: Tony Redmond submitted:Jan 5 2024
Reporting Operating System Versions for Azure AD Registered Devices
(office365itpros.com)
Azure AD registered devices store some information about the operating system and version used when
By: Tony Redmond submitted:Feb 3 2023
Azure AD registered devices store some information about the operating system and version used when
registration occurs. Although this information changes over time and isn't updated by Azure AD, it might be of some interest and use to tenant administrators, so we show how to report it here. If you want accurate information, you'll need to use Intune.
By: Tony Redmond submitted:Feb 3 2023
Teams Updates PowerShell Module for Private Channels
(office365itpros.com)
Microsoft released support for private channels on November 4 (also see this note about managing
By: Tony Redmond submitted:Jun 15 2022
Microsoft released support for private channels on November 4 (also see this note about managing
private channels). Support for PowerShell access to private channels is not yet available in the publicly available version of the Teams PowerShell module. Instead, if you want to work with private channels through PowerShell, you must install the latest version of the Teams module from the PowerShell test gallery. You need to run version 1.0.18 or better to manage private channels.
By: Tony Redmond submitted:Jun 15 2022
Updated Version of the Graph User Statistics Script Available
(office365itpros.com)
Last June, I wrote about a PowerShell script to interrogate the Microsoft Graph to retrieve usage
By: Tony Redmond submitted:Jun 16 2022
Last June, I wrote about a PowerShell script to interrogate the Microsoft Graph to retrieve usage
data from workloads like Exchange Online, SharePoint Online, and Teams. Some of this data is available via PowerShell cmdlets like Get-ExoMailboxStatistics and Get-SPOSite, but using the Graph is usually faster.
By: Tony Redmond submitted:Jun 16 2022
Using the Microsoft Graph PowerShell SDK to Generate a Mailbox Traffic Report
(practical365.com)
Microsoft 365 makes it easy for administrators to get mail activity usage data for users. However,
By: Tony Redmond submitted:Aug 11 2023
Microsoft 365 makes it easy for administrators to get mail activity usage data for users. However,
if you want to know which domains are sending most mail, you need to do some work. In this article, we cover how to use cmdlets from the Microsoft Graph PowerShell SDK to create reports about user mail activity over time and the traffic sent by different domains.
By: Tony Redmond submitted:Aug 11 2023
Version 1.9 of the Microsoft 365 Licensing Report
(office365itpros.com)
The Microsoft 365 Licensing Report is a popular PowerShell script that's just been updated to V1.9
By: Tony Redmond submitted:Jun 21 2024
The Microsoft 365 Licensing Report is a popular PowerShell script that's just been updated to V1.9
with a bunch of changes to highlight different aspects such as license costs for disabled user accounts and inactive user accounts. Copious use of some very dubious color choices makes the HTML report created by the script look very nice (if you're color blind) and the new version can generate an Excel worksheet.
By: Tony Redmond submitted:Jun 21 2024
Books, Media, and Learning Resources
How I Write PowerShell Scripts for Microsoft 365
(office365itpros.com)
The question of how best to write PowerShell for Microsoft 365 was asked during a TEC 2024
By: Tony Redmond submitted:Oct 11 2024
The question of how best to write PowerShell for Microsoft 365 was asked during a TEC 2024
PowerShell workshop. There are many variables, and one has the right answer. To start the ball rolling, this article describes how I write PowerShell for Microsoft 365 using a variety of modules such as Exchange, SharePoint, Teams, and the Microsoft Graph PowerShell SDK.
By: Tony Redmond submitted:Oct 11 2024
Mastering Microsoft 365 PowerShell Scripting
(practical365.com)
A common question at conferences is how to start with Microsoft 365 PowerShell scripting. We all
By: Tony Redmond submitted:Dec 15 2023
A common question at conferences is how to start with Microsoft 365 PowerShell scripting. We all
have our own approach. This article lays out a simple three-step method to write scripts to interact with Microsoft 365 objects.
By: Tony Redmond submitted:Dec 15 2023
Fun
Become the TEC 2023 PowerShell Script-Off Champion
(practical365.com)
The TEC 2023 PowerShell Challenge Champion will be known after three rounds of frenetic script
By: Tony Redmond submitted:Aug 4 2023
The TEC 2023 PowerShell Challenge Champion will be known after three rounds of frenetic script
coding at The Experts Conference in Atlanta on September 19, 2023. Competitors will need a working knowledge of Microsoft 365 PowerShell, including Exchange Online, Teams, and Azure AD. Being able to think on your feet and come up with working solutions to problems is possibly a more important attribute than coding genius.
By: Tony Redmond submitted:Aug 4 2023
TEC 2024 PowerShell Script-Off
(practical365.com)
TEC 2024 in Dallas (October 1-2) will once again feature the TEC PowerShell Script-Off where coders
By: Tony Redmond submitted:Jun 28 2024
TEC 2024 in Dallas (October 1-2) will once again feature the TEC PowerShell Script-Off where coders
attempt to come up with the best solutions for challenges set by the judges. The challenges are all Microsoft 365 scenarios (Exchange Online, Entra ID, Teams, and SharePoint Online), so there's nothing unknown about what we'll ask people to code. Come along to TEC 2024 and compete to be the best coder in town!
By: Tony Redmond submitted:Jun 28 2024