Tony Redmond
Announcements!
Microsoft Forces Move from Azure AD Cmdlets for License Management
(practical365.com)
Some Cmdlets Cease Working on June 30, 2022
By: Tony Redmond submitted:Jun 16 2022
Some Cmdlets Cease Working on June 30, 2022
By: Tony Redmond submitted:Jun 16 2022
Microsoft Graph PowerShell SDK V2.0 Reaches General Availability
(office365itpros.com)
The Microsoft Graph PowerShell SDK V2 attained general availability on July 4, 2023. Microsoft did a
By: Tony Redmond submitted:Jul 14 2023
The Microsoft Graph PowerShell SDK V2 attained general availability on July 4, 2023. Microsoft did a
horrible job of announcing the news, but now that the SDK V2 is available, it's time to migrate scripts from earlier versions. Splitting the V1.0 and beta cmdlets into different modules is a big difference, as is renaming the beta cmdlets. But other points exist to consider as you migrate from the Microsoft Graph PowerShell SDK V1 to V2.
By: Tony Redmond submitted:Jul 14 2023
Microsoft Retires Azure Automation Run As Accounts in September 2023
(office365itpros.com)
Microsoft plans to retire Azure Automation Run As Accounts on September 30, 2023 and replace them
By: Tony Redmond submitted:Feb 10 2023
Microsoft plans to retire Azure Automation Run As Accounts on September 30, 2023 and replace them
with managed identities. I don't have any issue with the proposal because managed identities are more secure and a better overall solution. It would have been nice if Microsoft had communicated the change more broadly. I guess if you were in the know, you found out about this development, but maybe the average Microsoft 365 tenant administrator might have struggled to discover what's happening.
By: Tony Redmond submitted:Feb 10 2023
Microsoft Stops Set-User Updating Phone Numbers for Azure AD Accounts
(office365itpros.com)
Without any warning, Microsoft seems to have introduced a restriction to the Set-User cmdlet in the
By: Tony Redmond submitted:Jun 16 2022
Without any warning, Microsoft seems to have introduced a restriction to the Set-User cmdlet in the
Exchange Online management PowerShell module. The change happens when you connect a new PowerShell session to Exchange Online and the cmdlets are downloaded into a session.
By: Tony Redmond submitted:Jun 16 2022
Time Running Out for Azure AD and MSOL PowerShell Modules
(office365itpros.com)
Knowledge that Microsoft had plans for Azure AD PowerShell deprecation has been around for a couple
By: Tony Redmond submitted:Apr 7 2023
Knowledge that Microsoft had plans for Azure AD PowerShell deprecation has been around for a couple
of years. Now the time has come when things happen. Cmdlets that set licenses for Azure AD accounts are now retired and will stop working on or before June 30, 2023. If you haven't already upgraded scripts, it's time to do so.
By: Tony Redmond submitted:Apr 7 2023
Blogs, Articles, and Posts
Alas Kaizala, All is Lost
(practical365.com)
On August 26, Microsoft announced that they will retire Kaizala in August 2023. The Kaizala
By: Tony Redmond submitted:Sep 2 2022
On August 26, Microsoft announced that they will retire Kaizala in August 2023. The Kaizala
retirement is not big news because it's been coming for a while. If you want to get ahead of the game, you can remove the Kaizala service plans from the Office 365 licenses assigned to user accounts. We explain how to do the job in an example PowerShell script.
By: Tony Redmond submitted:Sep 2 2022
All About Pagination with the Graph and the Graph PowerShell SDK
(practical365.com)
When you're new to Graph API requests, you might not know pagination and end up retrieving less data
By: Tony Redmond submitted:Apr 5 2024
When you're new to Graph API requests, you might not know pagination and end up retrieving less data
from queries than is available. In this article, we explain how to use pagination to retrieve data using Graph queries and SDK cmdlets.
By: Tony Redmond submitted:Apr 5 2024
Analyzing Azure Active Directory Sign-In Data with PowerShell
(petri.com)
The Azure Active Directory PowerShell module (now renamed the Azure Active Directory PowerShell for
By: Tony Redmond submitted:Jun 16 2022
The Azure Active Directory PowerShell module (now renamed the Azure Active Directory PowerShell for
Graph module) comes in two versions. The general availability version is intended for production while the preview version (AzureADPreview) contains the cmdlets from the general availability version plus some new cmdlets under development group. The current version of the AzureADPreview module is 2.0.2.105, released in July.
By: Tony Redmond submitted:Jun 16 2022
Assigning Permissions for Apps to Use the Microsoft Teams PowerShell Module
(office365itpros.com)
Before an app or an Azure Automation account can use the Teams PowerShell cmdlets in a script or
By: Tony Redmond submitted:Oct 21 2022
Before an app or an Azure Automation account can use the Teams PowerShell cmdlets in a script or
runbook, it must have the permission to act as an administrator. In this article, we cover how to assign the necessary role to a service principal.
By: Tony Redmond submitted:Oct 21 2022
Avoid Windows Task Scheduler When Running Microsoft 365 PowerShell Scripts
(practical365.com)
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but
By: Tony Redmond submitted:May 26 2023
Many people use the Windows Task Scheduler to run PowerShell scripts. The Task Scheduler works, but
it creates a dependency on a specific workstation and isn't as secure as you might like. Running Microsoft 365 PowerShell scripts in Azure Automation is a much better idea. It's time to dump the Task Scheduler!
By: Tony Redmond submitted:May 26 2023
Azure AD Access Token Lifetimes and Long-running PowerShell Scripts
(office365itpros.com)
Sometimes, long running PowerShell scripts encounter the problem of Azure AD access token lifetime
By: Tony Redmond submitted:Jun 2 2023
Sometimes, long running PowerShell scripts encounter the problem of Azure AD access token lifetime
expiration. In other words, the default lifetime of tokens issued by Azure AD is too short to allow the script to complete before the token expires. Two solutions exist. Use a token lifetime policy to prolong access token lifetimes or check in code for potential expiration and renew when necessary.
By: Tony Redmond submitted:Jun 2 2023
Bulk License Assignment with the Microsoft Graph PowerShell SDK
(practical365.com)
A reader asked how to use a CSV file for bulk license assignment with the Microsoft Graph PowerShell
By: Tony Redmond submitted:Sep 8 2023
A reader asked how to use a CSV file for bulk license assignment with the Microsoft Graph PowerShell
SDK. We didn't have one to hand, so we wrote a new script to illustrate the principles of how to process license assignments for a set of user accounts (which don't necessarily have to come from a CSV file). We even included some error handling!
By: Tony Redmond submitted:Sep 8 2023
Convert Dynamic Distribution Lists to Teams
(office365itpros.com)
After writing about the recent revamp of Exchange Online dynamic distribution lists, I was asked if
By: Tony Redmond submitted:Jun 16 2022
After writing about the recent revamp of Exchange Online dynamic distribution lists, I was asked if
it was possible to create a team from the membership of a dynamic distribution list. The answer is that the steps are straightforward to create a static Microsoft 365 group. Things get more complicated if you contemplate using a dynamic Microsoft 365 group.
By: Tony Redmond submitted:Jun 16 2022
Customizing the Microsoft 365 User Profile Card with the Microsoft Graph PowerShell SDK
(office365itpros.com)
This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account
By: Tony Redmond submitted:Nov 17 2023
This article describes how to use the Microsoft Graph PowerShell SDK to customize the user account
properties shown by the Microsoft 365 user profile card. Previously this was possible using a Graph API request to the beta endpoint. Now everything is in production and Graph SDK cmdlets are available to make customization a tad easier.
By: Tony Redmond submitted:Nov 17 2023
Despite the Doubters, Microsoft 365 Administrators Should Continue Using PowerShell
(office365itpros.com)
A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use
By: Tony Redmond submitted:Mar 8 2024
A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use
Microsoft 365 PowerShell and use ISV products instead. It's a silly position to argue. PowerShell is an important automation tool for administrators that can't be replaced by any ISV product. ISV products have their place and fill many gaps, but arguing to dump PowerShell and use ISV products instead just can't be justified.
By: Tony Redmond submitted:Mar 8 2024
Discover Who Creates Guest Accounts in Office 365 Applications
(petri.com)
At a recent conference, a discussion took place about the number of guest user accounts now being
By: Tony Redmond submitted:Jun 15 2022
At a recent conference, a discussion took place about the number of guest user accounts now being
created by applications in the directories of Office 365 tenants. The accounts are created through Azure B2B collaboration (by applications that generate invitations to join Office 365 Groups, like Teams and Planner) or SharePoint sharing invitations for documents or folders. It's one thing to invite people outside your tenant to collaborate; it's a horse of a different color to manage the resulting guest accounts.
By: Tony Redmond submitted:Jun 15 2022
Does Microsoft Care about SharePoint Online PowerShell?
(office365itpros.com)
Microsoft's support for SharePoint Online PowerShell has degraded over the last few years.
By: Tony Redmond submitted:Mar 22 2024
Microsoft's support for SharePoint Online PowerShell has degraded over the last few years.
Pnp.PowerShell is now the best option as not much is happening in the official SharePoint Online management module or the tenant settings Graph API. the lack of progress is a pity, but perhaps it's also true that community-driven projects sometimes deliver better results.
By: Tony Redmond submitted:Mar 22 2024
Entra ID Captures Timestamp for Last Successful Sign In for User Accounts
(office365itpros.com)
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in
By: Tony Redmond submitted:Dec 8 2023
Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in
action against user accounts. The new property is available through the Graph beta endpoint. Quite a difference can exist between the last successful sign in and the last sign in, as explored in this article.
By: Tony Redmond submitted:Dec 8 2023
Entra ID Improves Registered App Security
(office365itpros.com)
The preview app instance property lock feature designed to improve the security of Entra ID
By: Tony Redmond submitted:Dec 15 2023
The preview app instance property lock feature designed to improve the security of Entra ID
registered apps is becoming the default for new apps. In this article, we describe how to update the app instance property lock to reflect the new default setting using cmdlets from the Microsoft Graph PowerShell SDK, including a script you can download and run.
By: Tony Redmond submitted:Dec 15 2023
Find Out Where Users Get Sensitivity Labels From
(office365itpros.com)
A question about finding out which sensitivity label policy makes a label available to a user
By: Tony Redmond submitted:Aug 25 2023
A question about finding out which sensitivity label policy makes a label available to a user
requires some PowerShell to figure out the answer with some human-friendly results. The outcome is a script that analyzes sensitivity label policies to find where a user gets their labels from. It's another example of how useful PowerShell can be.
By: Tony Redmond submitted:Aug 25 2023
Graph and PowerShell Hiccups for the Groups and Teams Report Script
(office365itpros.com)
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
By: Tony Redmond submitted:Mar 29 2024
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous 'not recognized as a valid datetime' problem, so another update was needed. All good, clean fun.
By: Tony Redmond submitted:Mar 29 2024
How the Graph X-Ray Tool Helps PowerShell Developers
(office365itpros.com)
When Microsoft decided to build the administrative tools for Exchange Server 2007 around PowerShell,
By: Tony Redmond submitted:Jun 16 2022
When Microsoft decided to build the administrative tools for Exchange Server 2007 around PowerShell,
they realized that it would take time for administrators to become accustomed to PowerShell. Sensibly, Microsoft included a cmdlet logging facility in the Exchange Management Console (EMC) to allow administrators to see the PowerShell code used to execute different actions, such as creating a new mailbox.
By: Tony Redmond submitted:Jun 16 2022
How to Create Dynamic Administrative Units with PowerShell
(office365itpros.com)
A reader asked how they could create dynamic administrative units for every department in their
By: Tony Redmond submitted:Sep 29 2023
A reader asked how they could create dynamic administrative units for every department in their
directory. A PowerShell script does the job, even if some constraints in how Entra ID processes membership rules means that the rules can't be quite as precise as I would like them to be.
By: Tony Redmond submitted:Sep 29 2023
How to Deal with Common Errors when Running Graph Commands with PowerShell
(practical365.com)
It's great to be able to run Graph API requests in PowerShell scripts if everything goes right. This
By: Tony Redmond submitted:Feb 10 2023
It's great to be able to run Graph API requests in PowerShell scripts if everything goes right. This
article describes why some common Graph API errors occur in scripts and what to do when the errors happen. Most errors are due to permissions assigned to the Azure AD apps used to run scripts and getting the basics will resolve those problems.
By: Tony Redmond submitted:Feb 10 2023
How to Find Teams Channels With a Wiki Tab
(office365itpros.com)
Microsoft plans to replace the Teams wiki with OneNote and will release a migration app to move
By: Tony Redmond submitted:Jan 27 2023
Microsoft plans to replace the Teams wiki with OneNote and will release a migration app to move
content from wiki to OneNote. That's great, but you need to know what channels include the wiki tab before you can decide what material should be migrated. This article explains how to use PowerShell to create a report of Teams channel tabs for wikis.
By: Tony Redmond submitted:Jan 27 2023
How to Hide Teams-Enabled Groups from Exchange Online
(office365itpros.com)
Microsoft intends for groups created for new MicrosoftTeams to be hidden from Exchange Online. Many
By: Tony Redmond submitted:Jun 16 2022
Microsoft intends for groups created for new MicrosoftTeams to be hidden from Exchange Online. Many
are not. If you want to hide all the groups used by Teams, here's how to do the job with PowerShell
By: Tony Redmond submitted:Jun 16 2022
How to Monitor New Members Added to Teams
(office365itpros.com)
I was asked how easy it would be to write a PowerShell script to monitor new teams members and
By: Tony Redmond submitted:Sep 29 2023
I was asked how easy it would be to write a PowerShell script to monitor new teams members and
reject any additions that met specific criteria. Easy, we said, so we set to creating a script to interrogate the unified audit log to find new member events. Once that was done, it's a matter of analyzing the events to find if we should reject the addition of any of the added members.
By: Tony Redmond submitted:Sep 29 2023
How to Remove Licenses From Disabled Accounts with PowerShell
(office365itpros.com)
This article explains how to use PowerShell to remove licenses from disabled accounts, including
By: Tony Redmond submitted:Oct 13 2023
This article explains how to use PowerShell to remove licenses from disabled accounts, including
some caveats such as not removing Exchange Online licenses. Organizations might want to do this to save money on Microsoft 365 license fees while an account is temporarily unused. Removal of Exchange Online licenses can result in the loss of a mailbox, and you don't want that to happen if you're disabling accounts just because someone is on a long-term sabbatical or other leave of absence.
By: Tony Redmond submitted:Oct 13 2023
How to Report Expiring Credentials for Entra ID Apps
(office365itpros.com)
Entra ID registered apps can authenticate using app secrets and certificates. These credentials
By: Tony Redmond submitted:Jan 19 2024
Entra ID registered apps can authenticate using app secrets and certificates. These credentials
expire over time, so it's good to review app credential expiration dates periodically. This article explains how to use the Microsoft Graph PowerShell SDK to generate a report about app credential expiration dates to allow tenant administrators to manage registered apps a little better...
By: Tony Redmond submitted:Jan 19 2024
How to Report High-Priority Azure AD App Permissions That Hackers Might Exploit
(practical365.com)
Microsoft 365 tenants usually include many Azure AD apps. These apps hold permissions, including
By: Tony Redmond submitted:Sep 16 2022
Microsoft 365 tenants usually include many Azure AD apps. These apps hold permissions, including
permissions that hackers like to exploit. This article explains how to use PowerShell to detect apps with high-priority permissions and report them to administrators for review.
By: Tony Redmond submitted:Sep 16 2022
How to Report the MFA Status for Entra ID User Accounts
(practical365.com)
Microsoft doesn't provide a PowerShell cmdlet to return an accurate MFA status for Entra ID user
By: Tony Redmond submitted:Feb 2 2024
Microsoft doesn't provide a PowerShell cmdlet to return an accurate MFA status for Entra ID user
accounts, but by combining data from multiple sources we can write a script to generate a report showing details of user password settings and MFA status.
By: Tony Redmond submitted:Feb 2 2024
How to Retrieve Loop Workspaces Data with PowerShell
(office365itpros.com)
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it
By: Tony Redmond submitted:Apr 12 2024
A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it
only retrieved the first 200 workspaces. I hadn't realized that the Get-SPOContainer cmdlet supported an odd form of pagination to retrieve workspace data. In any case, I figured out how to page top find all available workspaces and updated the script. It's just another example of oddness in the SharePoint Online PowerShell module
By: Tony Redmond submitted:Apr 12 2024
How to Update Shared Mailbox Owners About Quota Usage
(office365itpros.com)
An old script created to report quotas for user mailboxes provided the basis for email-based
By: Tony Redmond submitted:Oct 6 2023
An old script created to report quotas for user mailboxes provided the basis for email-based
reporting of shared mailbox quotas. The old script used just Exchange Online PowerShell. This versions mixes Exchange Online and the Graph SDK and throws in some certificate-based authentication to boot to allow the script to send email from something other than the signed-in account.. It all comes together, using chunks of code from other scripts to speed up writing. It's the PowerShell way...
By: Tony Redmond submitted:Oct 6 2023
How to Update Tenant Corporate Branding for the Entra ID Sign-in Screen with PowerShell
(office365itpros.com)
The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can
By: Tony Redmond submitted:Jan 26 2024
The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can
update elements through the admin center or PowerShell. This article explains how to use the Microsoft Graph PowerShell SDK to customize the sign-in text and background image for the sign-in screen.
By: Tony Redmond submitted:Jan 26 2024
How to Use PowerShell to Retrieve Permissions for Entra ID Apps
(office365itpros.com)
Recent attacker activity made me think that access might have been gained through an OAuth app.
By: Tony Redmond submitted:Jan 26 2024
Recent attacker activity made me think that access might have been gained through an OAuth app.
Keeping an eye on app permissions is important. From a PowerShell perspective, it is reasonably straightforward to retrieve details of app permissions using the Microsoft Graph PowerShell SDK. Several methods are available to do the job.
By: Tony Redmond submitted:Jan 26 2024
Lessons Learned from Using Azure Automation with PowerShell Scripts
(office365itpros.com)
I've spent some time investigating Azure Automation PowerShell recently. In this article, I discuss
By: Tony Redmond submitted:Sep 2 2022
I've spent some time investigating Azure Automation PowerShell recently. In this article, I discuss
three learnings that might be of interest to others. Debugging, cost, and tracking the use of Azure Automation PowerShell might not interest everyone, but they've certainly helped me to understand how the platform works.
By: Tony Redmond submitted:Sep 2 2022
Managing Passwords for Entra ID Accounts with PowerShell
(office365itpros.com)
Password profiles store the password settings for Entra ID user accounts. By updating the password
By: Tony Redmond submitted:Jan 12 2024
Password profiles store the password settings for Entra ID user accounts. By updating the password
profile, you can update an account's password and force actions like force the user to change their password on the next sign-in or force the user to enable multifactor authentication for the account. All done with cmdlets from the Microsoft Graph PowerShell SDK.
By: Tony Redmond submitted:Jan 12 2024
Mastering the Foibles of the Microsoft Graph PowerShell SDK
(office365itpros.com)
After a while, you discover the holes in any technology. In the case of the Microsoft Graph
By: Tony Redmond submitted:Feb 17 2023
After a while, you discover the holes in any technology. In the case of the Microsoft Graph
PowerShell SDK, some inconsistencies await unwary developers. The SDK doesn't like $Null, doesn't support pipelining, insists on specific property casing at times, sometimes accepts user principal names and sometimes doesn't, and sticks valuable data in hash tables hiding in a property you might know nothing about. Good as it is to have the SDK cmdlets, they need to be treated with care as you transition from the old Azure AD and MSOL modules.
By: Tony Redmond submitted:Feb 17 2023
Microsoft Flags Need to Upgrade PowerShell Scripts to Use TLS 1.2
(office365itpros.com)
Failure Will Break Ability to Send Email via Exchange Online
By: Tony Redmond submitted:Jun 16 2022
Failure Will Break Ability to Send Email via Exchange Online
By: Tony Redmond submitted:Jun 16 2022
Microsoft Graph Explorer Boosted by New Features
(office365itpros.com)
Some recent changes have made the Graph Explorer even more useful. First, PowerShell has joined the
By: Tony Redmond submitted:Jul 1 2022
Some recent changes have made the Graph Explorer even more useful. First, PowerShell has joined the
set of supported languages for code snippets.
By: Tony Redmond submitted:Jul 1 2022
Microsoft Graph Support for SharePoint Online Tenant Settings
(office365itpros.com)
Despite being the two basic Microsoft 365 workloads, one of the notable gaps in Microsoft Graph API
By: Tony Redmond submitted:Jul 22 2022
Despite being the two basic Microsoft 365 workloads, one of the notable gaps in Microsoft Graph API
coverage has been administrative interfaces for SharePoint Online and Exchange Online. A small but valuable step in the right direction happened with the appearance of the settings resource type in the TenantAdmin namespace.
By: Tony Redmond submitted:Jul 22 2022
Microsoft Launches Preview PowerShell Module for Graph
(petri.com)
In a September 2019 Petri.com article, I discuss how to use Microsoft Graph API calls with
By: Tony Redmond submitted:Jun 15 2022
In a September 2019 Petri.com article, I discuss how to use Microsoft Graph API calls with
PowerShell to expose information that can't be accessed with PowerShell cmdlets. In the example given, we use the PowerShell Invoke-WebRequest cmdlet to make Graph calls to fetch the email addresses of Teams channels because this is a property that you can't get with any of the cmdlets in any Office 365 PowerShell module.
By: Tony Redmond submitted:Jun 15 2022
Microsoft Releases Cmdlet to Retrieve Disposition Review Items
(office365itpros.com)
The Get-ReviewItems cmdlet (in the Exchange Online management module) is available to export details
By: Tony Redmond submitted:Apr 14 2023
The Get-ReviewItems cmdlet (in the Exchange Online management module) is available to export details
about disposition review items in either a pending or disposed state. It's possible that you don't care very much about records management, retention labels, or disposition processing, but if you do, you'll be glad that the new cmdlet exists.
By: Tony Redmond submitted:Apr 14 2023
Microsoft Sets March 2024 Date for Retirement of Old Azure AD PowerShell Modules
(practical365.com)
After much humming and hawing, Microsoft reset the retirement date for several old Azure AD modules
By: Tony Redmond submitted:Jun 16 2023
After much humming and hawing, Microsoft reset the retirement date for several old Azure AD modules
to March 30, 2024. The nine-month extension is there to help customers convert scripts to use the Microsoft Graph PowerShell SDK or Graph API requests. On the upside, the extra time is good as it creates space to migrate scripts. On the downside, there's still some challenges in converting from the old Azure AD modules.
By: Tony Redmond submitted:Jun 16 2023
Modifying the Teams Tenant Federation Configuration with PowerShell
(office365itpros.com)
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant
By: Tony Redmond submitted:Apr 12 2024
A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant
federation configuration again to improve how a script works. Instead of taking all the domains guest accounts came from and adding them to the configuration, I created a function to check if the tenant uses Microsoft 365. If it does, we add the tenant to the allow list in the tenant federation configuration. If not, we ignore the domain.
By: Tony Redmond submitted:Apr 12 2024
Moving on from Send-MailMessage
(practical365.com)
Sending Email from PowerShell using the Graph API
By: Tony Redmond submitted:Jun 16 2022
Sending Email from PowerShell using the Graph API
By: Tony Redmond submitted:Jun 16 2022
OneDrive Known Folders and PowerShell Module Installations
(office365itpros.com)
The OneDrive Known Folder Move feature has been around for a couple of years. Basically, this allows
By: Tony Redmond submitted:Jun 16 2022
The OneDrive Known Folder Move feature has been around for a couple of years. Basically, this allows
you to redirect common (well-known) folders from your PC to OneDrive so that anything created in Documents, Pictures, and the desktop is automatically saved in your OneDrive for Business account. Generally, everything works well, and I have been very happy. Except until the time came to update the Azure Active Directory preview module from 2.0.2.77 to 2.0.2.89.
By: Tony Redmond submitted:Jun 16 2022
OneDrive Personal Gets File Exclusions
(office365itpros.com)
Microsoft 365 tenants have long been able to define file type exclusions for the OneDrive for
By: Tony Redmond submitted:Jun 30 2023
Microsoft 365 tenants have long been able to define file type exclusions for the OneDrive for
Business sync client through the SharePoint Online admin center, PowerShell, or GPO. A change in the client now exposes the excluded file types to user view for the first time. Meantime, the OneDrive Personal client also gains support for file type exclusions.
By: Tony Redmond submitted:Jun 30 2023
Removing Licenses from Entra ID Accounts When a Replacement License Exists
(office365itpros.com)
License management is a core competence for Microsoft 365 tenant administrators. This article
By: Tony Redmond submitted:Apr 19 2024
License management is a core competence for Microsoft 365 tenant administrators. This article
explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It's the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
By: Tony Redmond submitted:Apr 19 2024
Removing Licenses from Entra ID Accounts When a Replacement License Exists
(office365itpros.com)
License management is a core competence for Microsoft 365 tenant administrators. This article
By: Tony Redmond submitted:Apr 26 2024
License management is a core competence for Microsoft 365 tenant administrators. This article
explains how to use PowerShell to remove licenses from accounts when an equivalent service plan is available from another license. It's the kind of fix-up operation that tenant administrators need to do on an ongoing basis.
By: Tony Redmond submitted:Apr 26 2024
Reporting Exchange Online Meeting Room Usage Patterns
(office365itpros.com)
Room mailboxes are still heavily used for in-person meetings. It's good to know how often and when
By: Tony Redmond submitted:Feb 10 2023
Room mailboxes are still heavily used for in-person meetings. It's good to know how often and when
rooms are used, which is why we have the room mailbox report script. In the second version of the script, we include code to figure out the daily usage pattern of individual rooms and for all rooms across the organization. The graphics in our bar chart are crude, but the chart is generated with a few lines of PowerShell, so feel free to improve the script.
By: Tony Redmond submitted:Feb 10 2023
Reporting Microsoft Entra ID Administrative Units
(practical365.com)
Microsoft Entra administrative units are gaining in popularity. Restricted administrative units are
By: Tony Redmond submitted:Jul 21 2023
Microsoft Entra administrative units are gaining in popularity. Restricted administrative units are
now available and many Purview solutions support administrative units. In this article, we explain how to use Microsoft Graph PowerShell SDK cmdlets to create a report about administrative units, role assignments for their management, and their membership.
By: Tony Redmond submitted:Jul 21 2023
Reporting OneDrive for Business Storage
(office365itpros.com)
A couple of years ago, retrieving information about OneDrive for Business sites with PowerShell
By: Tony Redmond submitted:Jun 15 2022
A couple of years ago, retrieving information about OneDrive for Business sites with PowerShell
usually involved some gyrations. Then Microsoft updated the Get-SPOSite cmdlet with the IncludePersonalSite switch and things became easier. For instance, a reader asked if it was possible to generate a report listing all the OneDrive for Business sites in a tenant with the storage allocated and used for each site. No problem, we thought, as we scanned the internet to see if people had already solved the problem. As it happens, several example scripts are available, but we ended up writing our own because it was possible to simplify the code . We also store the output in a CSV file as it's a very flexible format for reporting or further analysis (like importing into Power BI).
By: Tony Redmond submitted:Jun 15 2022
Reporting SharePoint Online External Users with PowerShell
(office365itpros.com)
A SharePoint external user is someone who doesn't have an account in your tenant. Because of the
By: Tony Redmond submitted:Jul 22 2022
A SharePoint external user is someone who doesn't have an account in your tenant. Because of the
influence of Teams, most SharePoint Online external users are guest accounts, created when external people join the membership of Microsoft 365 Groups (teams). If the organization uses the SharePoint Online integration with Azure AD B2B collaboration, SharePoint also creates guest accounts when people share files or folders with external people.
By: Tony Redmond submitted:Jul 22 2022
Reporting Teams Channel Email Addresses
(office365itpros.com)
No Microsoft 365 admin portal will tell you about the set of email addresses assigned to Teams
By: Tony Redmond submitted:Aug 26 2022
No Microsoft 365 admin portal will tell you about the set of email addresses assigned to Teams
channels. Fortunately, it's relatively easy to create a report with PowerShell and just a little Graph magic.
By: Tony Redmond submitted:Aug 26 2022
Reporting the Storage Used by Loop Workspaces
(office365itpros.com)
When Microsoft put the Loop app into preview, they didn't impose any restrictions in terms of
By: Tony Redmond submitted:Nov 10 2023
When Microsoft put the Loop app into preview, they didn't impose any restrictions in terms of
licensing or workspace storage. MC678308 announces that Loop workspace storage will count against the tenant SharePoint Online storage quota. This article explains how to use the Get-SPOContainer cmdlet to fetch information about Loop workspaces and the storage they consume.
By: Tony Redmond submitted:Nov 10 2023
Reporting User and Group Assignments for Enterprise Applications
(office365itpros.com)
A reader asked how to report user and group assignments for enterprise apps. As it turns out, this
By: Tony Redmond submitted:Dec 1 2023
A reader asked how to report user and group assignments for enterprise apps. As it turns out, this
isn't particularly difficult, if you know where to look. Our script uses the Graph SDK to check service principals, filters out the apps to check, and extracts the user and group assignments before reporting what it finds.
By: Tony Redmond submitted:Dec 1 2023
Sending Email from Exchange Online Using the Microsoft Graph SDK for PowerShell
(practical365.com)
Recently, I've been exploring how to use the Microsoft Graph with PowerShell to automate some common
By: Tony Redmond submitted:Jun 16 2022
Recently, I've been exploring how to use the Microsoft Graph with PowerShell to automate some common
administrative tasks within Microsoft 365. Among the recent factors causing me to consider using Graph APIs with PowerShell are:
By: Tony Redmond submitted:Jun 16 2022
Sending Urgent Teams Chats with PowerShell
(office365itpros.com)
A reader asked if it is possible to script sending chat messages. In this article, we explore how to
By: Tony Redmond submitted:Apr 26 2024
A reader asked if it is possible to script sending chat messages. In this article, we explore how to
compose and send Teams urgent messages to a set of recipients using Microsoft Graph PowerShell SDK cmdlets. The conversation with each recipient is a one-to-one chat that Teams either creates from scratch or reuses (if a suitable one-on-one chat exists).
By: Tony Redmond submitted:Apr 26 2024
The Many Ways to Send Email via the Microsoft Graph
(practical365.com)
For those wanting to eliminate the SMTP AUTH protocol, Microsoft has three ways to send email using
By: Tony Redmond submitted:Nov 4 2022
For those wanting to eliminate the SMTP AUTH protocol, Microsoft has three ways to send email using
Graph APIs. This article looks at how to use the Send-MgUserMail cmdlet and compares it to the Send-MgUserMessage cmdlet (covered in depth in a previous article). Our conclusion is that you'll probably end up using Send-MgUserMail because it's easier to use.
By: Tony Redmond submitted:Nov 4 2022
The Right Way to Revoke Access from Azure AD Accounts with PowerShell
(office365itpros.com)
The Microsoft Graph PowerShell SDK includes two cmdlets to revoke access for Azure AD accounts. As
By: Tony Redmond submitted:Apr 21 2023
The Microsoft Graph PowerShell SDK includes two cmdlets to revoke access for Azure AD accounts. As
it turns out, Microsoft would prefer if developers use the Revoke-MgUserSignInSession cmdlet instead of Invoke-MgInvalidateUserRefreshToken, but who would have known if we hadn't asked the question?
By: Tony Redmond submitted:Apr 21 2023
Three Ways to use PowerShell to Send a Welcome Message to New Office 365 Users
(office365itpros.com)
A recent appeal from a reader for a PowerShell script to send a welcome message to new people
By: Tony Redmond submitted:Jun 15 2022
A recent appeal from a reader for a PowerShell script to send a welcome message to new people
joining an Office 365 tenant forced me to think about the best solution. The issue isn't finding a script to do the job because there's plenty of scripts published in places like the TechNet Gallery
By: Tony Redmond submitted:Jun 15 2022
Updating Extension Attributes for Azure AD Registered Devices with the Microsoft Graph PowerShell SDK
(office365itpros.com)
Azure AD registered devices have 15 extension attributes that tenants can use for their own
By: Tony Redmond submitted:Sep 9 2022
Azure AD registered devices have 15 extension attributes that tenants can use for their own
purposes. In this article, we explore how to use the Microsoft Graph PowerShell SDK to update extension attributes for registered devices, and even better, access the content in the extension attributes afterward.
By: Tony Redmond submitted:Sep 9 2022
Upgrade of Teams Policy Cmdlets Enables Use in Azure Automation
(office365itpros.com)
This article explains how to make Teams policy assignments using an Azure Automation runbook and
By: Tony Redmond submitted:Nov 4 2022
This article explains how to make Teams policy assignments using an Azure Automation runbook and
some of the modernized cmdlets available in the Teams PowerShell module. Not everything worked as smoothly as we'd like, but like most PowerShell scenarios, there's usually a workaround available to get the job done. It just needs to be found.
By: Tony Redmond submitted:Nov 4 2022
Upgrading the Microsoft 365 Groups and Teams Membership Report Script
(office365itpros.com)
The Microsoft 365 Groups Report (membership of groups and teams) originally used the Azure AD and
By: Tony Redmond submitted:Jan 20 2023
The Microsoft 365 Groups Report (membership of groups and teams) originally used the Azure AD and
Exchange Online PowerShell modules. Now its code uses only cmdlets from the Microsoft Graph PowerShell SDK. It's an example of the kind of update that many organizations are going through due to the upcoming deprecation of the Azure AD and MSOL modules.
By: Tony Redmond submitted:Jan 20 2023
Use PowerShell to Look Up IP Address Geolocation Data
(practical365.com)
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses
By: Tony Redmond submitted:Mar 17 2023
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses
come from and if they are internal or external, PowerShell developers can use online web-based geolocation services. It's important not to overuse the services because you could be throttled.
By: Tony Redmond submitted:Mar 17 2023
Use the Debug Parameter for Microsoft Graph PowerShell SDK Cmdlets to Expose Graph API Requests
(office365itpros.com)
Debug Microsoft Graph PowerShell SDK Cmdlets to Gain Insights into What They Do
By: Tony Redmond submitted:Jul 15 2022
Debug Microsoft Graph PowerShell SDK Cmdlets to Gain Insights into What They Do
By: Tony Redmond submitted:Jul 15 2022
Using Azure Key Vault with Microsoft 365 PowerShell
(office365itpros.com)
A previous article explains how to use an Azure Automation runbook to write information to a
By: Tony Redmond submitted:Aug 19 2022
A previous article explains how to use an Azure Automation runbook to write information to a
SharePoint Online site and Teams channel. At the time, I used a stored credential to authenticate and access SharePoint and Teams. Azure Key Vault offers another way to store secrets (bits of information) securely. This article explores how to store secrets in Azure Key Vault and retrieve and use the secrets in a runbook script and interactive PowerShell.
By: Tony Redmond submitted:Aug 19 2022
Using Exchange Online PowerShell with Azure Automation Managed Identities
(practical365.com)
Microsoft doesn't support using an Azure Automation managed identity and Exchange Online PowerShell.
By: Tony Redmond submitted:Aug 26 2022
Microsoft doesn't support using an Azure Automation managed identity and Exchange Online PowerShell.
However, that doesn't mean the two can't work together. In this article we explore how to use Exchange Online PowerShell with Azure Automation while waiting for Microsoft to deliver a full solution.
By: Tony Redmond submitted:Aug 26 2022
Using Microsoft Graph SDK Cmdlets to Create a SharePoint Online List
(office365itpros.com)
An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In
By: Tony Redmond submitted:Nov 3 2023
An article last week discussed how to create SharePoint lists with the PnP.PowerShell module. In
this article, we do the same with cmdlets from the Microsoft Graph PowerShell SDK. The results achieved with the Graph SDK aren't as good as those gained with PnP.PowerShell. Some of the SDK cmdlets don't function as expected and the resulting list is not as functional as the one generated by PnP. Oh well...
By: Tony Redmond submitted:Nov 3 2023
Using Microsoft Translator with PowerShell for Automatic Translation of Sensitivity Labels
(practical365.com)
Sensitivity labels support local language values, meaning that you can translate the display name
By: Tony Redmond submitted:Mar 3 2023
Sensitivity labels support local language values, meaning that you can translate the display name
and tooltip for labels so that they appear in the language chosen by a user. Most people don't both because it's painfully slow to insert the translated strings for multiple languages. However, when you apply a mixture of PowerShell and the Microsoft Translator service, the task becomes so much easier.
By: Tony Redmond submitted:Mar 3 2023
Using PowerShell to Manage Azure AD Custom Security Attributes
(office365itpros.com)
Azure AD custom security attributes can mark user and service principal objects for special
By: Tony Redmond submitted:Nov 18 2022
Azure AD custom security attributes can mark user and service principal objects for special
processing, which is how the app filter for conditional access policies works. It's nice to be able to interact with data through PowerShell and the Microsoft Graph PowerShell SDK cmdlets support setting, updating, and retrieval of Azure AD custom security attributes. Everything works, but it's a pity that it's a little clunky.
By: Tony Redmond submitted:Nov 18 2022
Using the Get-TeamAllChannel Cmdlet
(office365itpros.com)
Version 4.6 of the Microsoft Teams PowerShell module includes the Get-TeamAllChannel cmdlet. As the
By: Tony Redmond submitted:Aug 5 2022
Version 4.6 of the Microsoft Teams PowerShell module includes the Get-TeamAllChannel cmdlet. As the
name implies, the cmdlet returns details of all channels in a team (regular, private, and shared). To see what it does, we wrote a script to report all the channels in teams in a tenant.
By: Tony Redmond submitted:Aug 5 2022
Using the Microsoft Graph SDK for PowerShell with Azure Automation
(practical365.com)
In a previous article about using Azure Automation accounts and runbooks with the Exchange Online
By: Tony Redmond submitted:Jun 16 2022
In a previous article about using Azure Automation accounts and runbooks with the Exchange Online
management PowerShell module, in that article, I also explained how to use Graph API queries in a PowerShell script executed in a runbook.
By: Tony Redmond submitted:Jun 16 2022
Why You Should Not Upgrade to Microsoft Graph PowerShell SDK V2.14
(office365itpros.com)
Usually, we recommend that Microsoft 365 tenants use the latest version of the Microsoft Graph
By: Tony Redmond submitted:Feb 23 2024
Usually, we recommend that Microsoft 365 tenants use the latest version of the Microsoft Graph
PowerShell SDK. However, a serious bug in V2.14 means that this (and perhaps V2.13.1) should be avoided until Microsoft fixes a problem that causes spurious output to be included when cmdlets like Get-MgUser and Get-MgGroup are run.
By: Tony Redmond submitted:Feb 23 2024
Projects, Scripts, and Modules
Graph and PowerShell Hiccups for the Groups and Teams Report Script
(office365itpros.com)
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
By: Tony Redmond submitted:Mar 22 2024
The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since
2016 (not all the time). Some recent Graph hiccups meant that I had to apply some fixes and workarounds. At the same time, some users hit the infamous 'not recognized as a valid datetime' problem, so another update was needed. All good, clean fun.
By: Tony Redmond submitted:Mar 22 2024
Introducing the Office 365 for IT Pros GitHub Repository
(office365itpros.com)
It can be hard to become fluent in PowerShell, especially when working with a service where multiple
By: Tony Redmond submitted:Jun 16 2022
It can be hard to become fluent in PowerShell, especially when working with a service where multiple
modules (all with their own kinks) are used. However, PowerShell is very approachable and it's surprising what you can do with just a couple of lines of code. Working examples are great learning tools to help PowerShell newcomers (and maybe experienced coders) come up with solutions to problems. A couple of years ago, we created the Office 365 for IT Pros GitHub repository. Since then, we've been populating the repository with PowerShell scripts created to illustrate new features or to demonstrate how to approach solving an administrative problem in an Office 365 tenant. The repository currently holds a collection of 81 scripts.
By: Tony Redmond submitted:Jun 16 2022
Microsoft Releases V2.3.0 of the Teams PowerShell Module
(office365itpros.com)
On April 30, 2021, Microsoft published V2.3.0 of the Microsoft Teams PowerShell module in the
By: Tony Redmond submitted:Jun 16 2022
On April 30, 2021, Microsoft published V2.3.0 of the Microsoft Teams PowerShell module in the
PowerShell Gallery. Welcome as any update is, the publication was unaccompanied by any announcement or notification, and Microsoft didn't up date the release notes for the module until late on May 3. Even with the release notes, we don't know exactly what V2.3.0 contains, so it's time for inspired interpre...
By: Tony Redmond submitted:Jun 16 2022
Monitor and Report Additions to Teams Membership
(office365itpros.com)
A question about how to report specific changes to Teams memberships gave another excuse to use
By: Tony Redmond submitted:Aug 25 2023
A question about how to report specific changes to Teams memberships gave another excuse to use
PowerShell with the unified audit log to deliver a solution. The idea is that you can check audit log entries to see when specific user accounts join the membership of Teams. Once you've found that data, it's a simple matter of creating email to share the results. All done with a few lines of PowerShell...
By: Tony Redmond submitted:Aug 25 2023
New MSIdentityTools Cmdlet to Report OAuth Permissions
(office365itpros.com)
The latest version of the MSIndentityTools PowerShell module includes the
By: Tony Redmond submitted:Feb 9 2024
The latest version of the MSIndentityTools PowerShell module includes the
Export-MsIdAppConsentGrantReport cmdlet to generate a report of OAuth app permissions. Allied with the ImportExcel module, the cmdlet can produce a very nice workbook containing lots of information about permissions held by the apps in a tenant. But even better, you can export the data to PowerShell and use it in your scripts.
By: Tony Redmond submitted:Feb 9 2024
Recovering Deleted Groups with the Graph PowerShell SDK
(office365itpros.com)
This article describes how to restore deleted Azure AD groups with PowerShell using cmdlets from the
By: Tony Redmond submitted:Jan 6 2023
This article describes how to restore deleted Azure AD groups with PowerShell using cmdlets from the
Microsoft Graph PowerShell SDK. Although options exist in the Microsoft 365 admin center and Azure AD admin center to restore deleted groups, it's nice to have the option to do the same with PowerShell.
By: Tony Redmond submitted:Jan 6 2023
Report OneDrive for Business Storage Based on Usage Data
(office365itpros.com)
If you wanted to write a PowerShell script to create a OneDrive storage report, you'd probably use
By: Tony Redmond submitted:Mar 1 2024
If you wanted to write a PowerShell script to create a OneDrive storage report, you'd probably use
the cmdlets from the SharePoint Online management module. But accessing OneDrive usage data via the Graph is much faster. And you can include information from other sources, such as user properties, to build out the report. All explained here.
By: Tony Redmond submitted:Mar 1 2024
Reporting Entra ID Admin Consent Requests
(office365itpros.com)
A question came in about how to report admin consent requests as viewed through the Entra ID admin
By: Tony Redmond submitted:Jan 5 2024
A question came in about how to report admin consent requests as viewed through the Entra ID admin
center. PowerShell does the trick, once you know how. The key thing is to find the right cmdlet to use. Once you know that, the rest is pretty easy as we explain in this article.
By: Tony Redmond submitted:Jan 5 2024
Reporting Operating System Versions for Azure AD Registered Devices
(office365itpros.com)
Azure AD registered devices store some information about the operating system and version used when
By: Tony Redmond submitted:Feb 3 2023
Azure AD registered devices store some information about the operating system and version used when
registration occurs. Although this information changes over time and isn't updated by Azure AD, it might be of some interest and use to tenant administrators, so we show how to report it here. If you want accurate information, you'll need to use Intune.
By: Tony Redmond submitted:Feb 3 2023
Teams Updates PowerShell Module for Private Channels
(office365itpros.com)
Microsoft released support for private channels on November 4 (also see this note about managing
By: Tony Redmond submitted:Jun 15 2022
Microsoft released support for private channels on November 4 (also see this note about managing
private channels). Support for PowerShell access to private channels is not yet available in the publicly available version of the Teams PowerShell module. Instead, if you want to work with private channels through PowerShell, you must install the latest version of the Teams module from the PowerShell test gallery. You need to run version 1.0.18 or better to manage private channels.
By: Tony Redmond submitted:Jun 15 2022
Updated Version of the Graph User Statistics Script Available
(office365itpros.com)
Last June, I wrote about a PowerShell script to interrogate the Microsoft Graph to retrieve usage
By: Tony Redmond submitted:Jun 16 2022
Last June, I wrote about a PowerShell script to interrogate the Microsoft Graph to retrieve usage
data from workloads like Exchange Online, SharePoint Online, and Teams. Some of this data is available via PowerShell cmdlets like Get-ExoMailboxStatistics and Get-SPOSite, but using the Graph is usually faster.
By: Tony Redmond submitted:Jun 16 2022
Using the Microsoft Graph PowerShell SDK to Generate a Mailbox Traffic Report
(practical365.com)
Microsoft 365 makes it easy for administrators to get mail activity usage data for users. However,
By: Tony Redmond submitted:Aug 11 2023
Microsoft 365 makes it easy for administrators to get mail activity usage data for users. However,
if you want to know which domains are sending most mail, you need to do some work. In this article, we cover how to use cmdlets from the Microsoft Graph PowerShell SDK to create reports about user mail activity over time and the traffic sent by different domains.
By: Tony Redmond submitted:Aug 11 2023
Books, Media, and Learning Resources
Mastering Microsoft 365 PowerShell Scripting
(practical365.com)
A common question at conferences is how to start with Microsoft 365 PowerShell scripting. We all
By: Tony Redmond submitted:Dec 15 2023
A common question at conferences is how to start with Microsoft 365 PowerShell scripting. We all
have our own approach. This article lays out a simple three-step method to write scripts to interact with Microsoft 365 objects.
By: Tony Redmond submitted:Dec 15 2023
Fun
Become the TEC 2023 PowerShell Script-Off Champion
(practical365.com)
The TEC 2023 PowerShell Challenge Champion will be known after three rounds of frenetic script
By: Tony Redmond submitted:Aug 4 2023
The TEC 2023 PowerShell Challenge Champion will be known after three rounds of frenetic script
coding at The Experts Conference in Atlanta on September 19, 2023. Competitors will need a working knowledge of Microsoft 365 PowerShell, including Exchange Online, Teams, and Azure AD. Being able to think on your feet and come up with working solutions to problems is possibly a more important attribute than coding genius.
By: Tony Redmond submitted:Aug 4 2023