Is there a way to write PowerShell command to "Follow in inbox" to a group?
or maybe Microsoft Graph API?
I am trying through the code to implement this feature, but can't see any documentation.
In office 365 every user that joins a group can use the dropdown to select Follow in inbox or Stop following in inbox:
here an image example of follow in inbox
I dont know a possiblity to do that via Powershell. You can set it in the AdminCenter gui of Office365 in the group settings.
See here: https://learn.microsoft.com/en-us/office365/admin/create-groups/create-groups?view=o365-worldwide#how-following-group-email-works
Update:
It seems that you can do it with the Graph API: https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0
Function "UpdateGroup" and the Setting "autoSubscribeNewMembers".
Note: This will only take effect for new members not for existing ones!
Thank you, Hannes
This is a PowerShell I wrote:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
<#Get all Office 365 Groups that AutoSubscribeNewMembers disabled#>
$O365Groups = Get-UnifiedGroup | Where-Object{$_.AutoSubscribeNewMembers -eq $false}
<#Iterate through the Groups, enabling the AutoSubscribeNewMember#>
foreach ($group in $O365Groups)
{
Set-UnifiedGroup $group.Identity -AutoSubscribeNewMembers:$true
}
<#Close the Session#>
Remove-PSSession $Session
Works fine only for new member in the group
I was searching for the opposite command, to unsubscribe a user manually from powershell due to an external user receiving the emails for a group that were unnecessary to send externally.
Here are the powershell commands, connected to Exhange Online Powershell version 2:
View subscribers:
Get-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers
Add subscribers:
Add-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Remove subscribers:
Remove-UnifiedGroupLinks -Identity <email address> -LinkType Subscribers -Links <comma separated list of email addresses>
Documentation
I have been working on some sample commands for this exact topic: Unsubscribe-FollowInInbox.ps1 (for full list of code samples)
Some samples:
#Check subscription status for ALL unified groups
Get-UnifiedGroup | Format-Table Name,*subscribe* -AutoSize
Here is PowerShell to make all "members" in to "subscribers" (aka Follow In Inbox)
##########################################
# Loop 1 - SUBSCRIBE all group members #
##########################################
#Store the team name in a variable. Change this to match your team.
#To find this for your team, use (Get-UnifiedGroup *test-team*).PrimarySmtpAddress
$teamname = "test-team#example.com"
#Find all the members of the Unified Group "test-team" and store their UserMailbox objects in a variable called "members"
$members = Get-UnifiedGroup $teamname | Get-UnifiedGroupLinks -LinkType Member
#Create a variable to keep track of how many members we have subscribed or unsubscribed
$membercount = ($members.Count)
#Loop through the list of members and add a subscriber link for each one
foreach ($member in $members)
{
#Decrement the member count
$membercount--
#Write progress to the PowerShell window
Write-Host "Adding subscriber link for user $($member.PrimarySmtpAddress), $membercount users remaining"
#Add the UnifiedGroupLink to make each user a subscriber
Add-UnifiedGroupLinks -Identity $teamname -Links $($member.PrimarySmtpAddress) -LinkType Subscriber -Confirm:$false
}
Related
I am preparing the report which contains all the users access level tenant wise from the azure.
is there any one command or script to get all the users access level from Azure tenant ?
That is a little be trick: The PS library for Azure is different from the PS library for the AD. You must cross informations.
You must get all users from you AD using the command above and save as variable
$allUsers = Get-ADUsers -Filter *
Now you can navigate to all subscriptions into your tenant, all resource groups and resources and for each and every one get the IAM (who came with the objectId of the user) and cross with the variable $allUsers to identify everyone.
The sample is not the best but maybe can help you:
Connect-AzAccount
$listIAM = New-Object System.Collections.ArrayList
$listSubscriptions = Get-AzSubscription
foreach($subscription in $listSubscriptions){
Set-AzContext -SubscriptionId $subscription.SubscriptionId
# Now you have all roleAssignements for this subscription
$subscriptionIAM = Get-AzRoleAssignment -Scope /subscriptions/$subscription.SubscriptionId
$listIAM.Add($subscriptionIAM) | Out-Null
# Navigate into resource groups
$listResourceGroups = Get-AzResourceGroup
foreach($resourceGroup in $listResourceGroups){
$rgIAM = Get-AzRoleAssignment -ResourceGroupName $resourceGroup.ResourceGroupName
$listIAM.Add($rgIAM) | Out-Null
# Navigate into resources
$listResources = Get-AzResource -ResourceGroupName $resourceGroup
foreach($resource in $listResources){
$rIAM = Get-AzRoleAssignment -Scope $resouce.ResourceId
$listIAM.Add($rIAM) | Out-Null
}
}
}
You can do this in either PowerShell or the Graph API. Both methods are in preview (the graph API calls are under the beta branch).
#Get the user
$userId = (Get-AzureADUser -Filter "userPrincipalName eq 'alice#contoso.com'").ObjectId
#Get direct role assignments to the user
$directRoles = (Get-AzureADMSRoleAssignment -Filter "principalId eq '$userId'").RoleDefinitionId
Prerequisites
AzureADPreview module when using PowerShell
Microsoft.Graph module when using PowerShell
Admin consent when using Graph Explorer for Microsoft Graph API
https://learn.microsoft.com/en-us/azure/active-directory/roles/list-role-assignments-users
On Azure and with Powershell, I need to list all the subscriptions that are in a specific management group.
The command Get-AzSubscription has no parameter to filter on a specific management group. And there is no powershell command (AzManagementGroup) either to list the subscriptions inside.
I was thinking about creating an msgraph query to do that and call it from powershell, but perhaps there is an easier way to do that? :)
The PowerShell Cmdlet you would want to use is Get-AzManagementGroup. This is how you would use it:
$response = Get-AzManagementGroup -GroupName TestGroupParent -Expand -Recurse
Child subscriptions and management groups can be accessed via Children property. Something like:
$response.Children[0]
The correct way to, recursively, fetch the subscriptions under a given management group is the following:
Search-AzGraph -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions'" -ManagementGroup $managementGroupName
The code above expects the $managementGroupName variable to contain the name of the management group
Search-AzGraph -Query "ResourceContainers `
| where type =~ 'microsoft.resources/subscriptions'" -ManagementGroup $managementGroupName -First 200 `
| Format-Table -Property *
The query was good but AZGraph limits you to first 100 results only, so I just changed it a bit to include first 200 results instead.
Is there away I can download a list of all the users in an Azure group to an excel file? We have large Azure groups and want an easier way to send a list to a group of users for review. It would be even better if I could automate this procedure maybe even email it to the users once a week.
I hope you can help!
Colin
You could directly bulk download the members of a group in your organization to a CSV file using Azure AD Portal. It seems the easiest way.
The other methods need to loop all users in the group. The following is an example with Powershell.
$group_ObjectId = ""
$members = Get-AzureADGroupMember -ObjectId $group_ObjectId -All $true
ForEach ($member in $members){
Write-output $group.DisplayName "," $member.ObjectId "," $member.ObjectType $member.UserType "," $member.UserPrincipalName >> C:\scripts\output.csv
}
And create weekly scheduled task with Scheduled Task. For more details, see here.
$action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-File C:\scripts\getUserList.ps1'
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Saturday -At 3am
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Task Name Here"
I'm trying to retrieve the list of available PowerApps from my Office 365 tenant. Is there a set of APIs that I could use to get the information about PowerApps (existing environments, all PowerApps, PowerApps shared with me, etc.)?
I couldn't find any documentation on this.
You can try PowerShell to get all the necessary details like below:
Display a list of all PowerApps
Get-AdminPowerApp
Returns a list of all PowerApps across the tenant, with details of each (e.g., application name (guid), display name, creator, etc).
Display the number of apps each user owns
Get-AdminPowerApp | Select –ExpandProperty Owner | Select –ExpandProperty displayname | Group
Display the number of apps in each environment
Get-AdminPowerApp | Select -ExpandProperty EnvironmentName | Group | %{ New-Object -TypeName PSObject -Property #{ DisplayName = (Get-AdminPowerAppEnvironment -EnvironmentName $_.Name | Select -ExpandProperty displayName); Count = $_.Count } }
Read more
You can use the PowerApps for Admins connectors in Flow to retrieve all this information. Use them as your web service and write the data anywhere you like. Its a little more automated than a local terminal.
If you're super hacky, you might spin up a PowerShell Azure Function instance to run those PS scripts serverless!
I am new to Exchange Online, and Azure, but Ive been asked if we can create O365 groups in Exchange Online, using the New-UnifiedGroup and Set-UnifiedGroup cmdlets. Then they want to be able to make those groups dynamic, based upon certain criteria. Is this even possible, or do I skip Exchange Online entirely, and in Azure use the New-AzureADMSGroup cmdlets to create a dynamic group.
Any help is appreciated.
Thanks.
Yes, you could create an Office 365 group with AzureAD PowerShell cmdlet New-AzureADMSGroup and you need to install AzureAD module first.
For example, This command creates a new dynamic group with the following rule:
user.department -contains "Marketing"
The double quotation marks are replaced with single quotation marks.
The processing state is On. This means that all users in the directory
that qualify the rule are added as members to the group. Any users
that do not qualify are removed from the group.
New-AzureADMSGroup -DisplayName "Dynamic Group 01" -Description "Dynamic group created from PS" -MailEnabled $False -MailNickName "group" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(user.department -contains ""Marketing"")" -MembershipRuleProcessingState "On"
More references: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/New-enhancements-to-the-AzureAD-PowerShell-2-0-preview-Manage/ba-p/245153
and https://blog.hubfly.com/office-365/useful-powershell-cmdlets-to-administer-office-365-groups-part-1
Ok, so here is the solution we came up with.
Requires AzureADPreview module, current version as of today 2.0.2.17
The AzureAD Module wont work, as it is missing parameters required for group membership.
Requires a Connection into AzureAD, and also Exchange Online.
The account you connect with need to be an Exchange Administrator in Exchange Online, and an User Administrator in AzureAD.
In our example we want an Office group, that is dynamic, and the membershipRule based upon extensionattribute12.
#***********************************************************************
$ADUser = "samAccountName#yourdomain"
$ADPassword = 'the password'
$ADPwd = $ADPassword | ConvertTo-SecureString -AsPlainText -Force
$UserCredential = new-object system.management.automation.pscredential $ADuser, $ADPwd
#***********************************************************************
"Connect AzureAD"
Connect-AzureAD -Credential $UserCredential
"Connect to Exchange Online"
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
#######################################
function ConvertStaticGroupToDynamic
{
Param([string]$groupId, [string]$dynamicMembershipRule)
$dynamicGroupTypeString = "DynamicMembership"
#existing group types
[System.Collections.ArrayList]$groupTypes = (Get-AzureAdMsGroup -Id $groupId).GroupTypes
if($groupTypes -ne $null -and $groupTypes.Contains($dynamicGroupTypeString))
{
throw "This group is already a dynamic group. Aborting conversion.";
}
#add the dynamic group type to existing types
$groupTypes.Add($dynamicGroupTypeString)
#modify the group properties to make it a static group: i) change GroupTypes to add the dynamic type, ii) start execution of the rule, iii) set the rule
Set-AzureAdMsGroup -Id $groupId -GroupTypes $groupTypes.ToArray() -MembershipRuleProcessingState "On" -MembershipRule $dynamicMembershipRule
}
#######################################
$ExtAtt12 = "Marketing"
$NewGroupName = "O365-OfficeGroupTest"
"[$NewGroupName] create group"
New-UnifiedGroup -DisplayName $NewGroupName
Set-UnifiedGroup $NewGroupName -UnifiedGroupWelcomeMessageEnabled:$false
$ID = (Get-UnifiedGroup $NewGroupName).ExternalDirectoryObjectId
sleep 15 # Allow time for Exchange Online to Sync with AzureAD
ConvertStaticGroupToDynamic -groupId $ID -dynamicMembershipRule "(User.extensionattribute12 -eq ""$ExtAtt12"")"