Useful PowerShell cmdlets to administer Office 365 Groups:

11

Howdy Folks! As promised in previous blog  post related to Office groups , I’m back now with some cool PowerShell cmdlets which should ease your work in managing Office 365 groups in your organization . If you’re new to Office 365 groups, I humbly request you to read in detail about Office 365 groups by accessing this link. I’ve tried my best to explain Office 365 groups there. You can read this post on HubFly blog site as well. Alright, let’s get started ….

Note : Before you can run all these PowerShell cmdlets below , you need to load the Exchange Online management shell by following this link .I’ve given a screenshot below for your reference .

1

Listed below are the operations that you can perform by following the PowerShell commands mentioned below

  • Get the list of all the Office 365 groups in your tenant
  • Remove an existing Office 365 group from the tenant
  • To make changes to an existing Office 365 group
  • Get the membership and ownership information of an Office 365 group /all the Office 365 groups in your tenant
  • Get the list of all the Office 365 groups in descending order
  • Get the list of all Private Office 365 groups in your tenant
  • Get the list of deleted Office 365 groups in descending order
  • Get the list of orphaned Office 365 groups in your tenant
  • Retrieve the list of recently created Office 365 groups
  • Update the quota of a new group if a team site exists
  • Create new Directory Settings for Groups template
  • Update the classifications for all the Office 365 groups
  • Update the privacy of an Office 365 group based on its classification
  • Determine where a group was provisioned (Planner, Yammer, Teams etc.)
  • Get the list of Obsolete Office 365 groups in your tenant

So, let’s look into all these operations in detail below….

  1. To get the list of all the Office 365 groups in your tenant:

Get-UnifiedGroup

2

  1. To remove an existing Office 365 group:

This will remove a specific Office 365 group from your tenant.

Remove-UnifiedGroup -Identity “Test Group”

  1. To make changes to an existing Office 365 group in your tenant:

Set-UnifiedGroup

Ex 1: Set-UnifiedGroup -Identity “HR Team” -AccessType Private

This example changes the Office 365 Group named HR Team from a public group to a private group.

Ex 2: Set-UnifiedGroup -Identity “HR Team” -PrimarySmtpAddress hrteam@o365techy.onmicrosoft.com -RequireSenderAuthenticationEnabled $false

This example makes the following changes to the Office 365 Group named HR Team:

i)The primary email address is changed to hrteam@o365techy.onmicrosoft.com.

ii)The Office 365 Group is allowed to receive mail from unauthenticated (external) senders.

  1. To get the membership and ownership information of an Office 365 group/all the Office 365 groups in your tenant:

Get-UnifiedGroupLinks

Ex: Get-UnifiedGroupLinks -Identity “Transport Department” -LinkType Members

This example shows the members of the Office 365 Group named Transport Department

Similarly, you can use the script below to get the list of all the members from all the Office 365 groups in you tenant.

Get Office 365 group members

This will run and display the results as shown in the screenshot below.

3

  1. To get the list of all the Office 365 groups in descending order:

Get-UnifiedGroup | Select Id, DisplayName, ManagedBy, Alias, AccessType, WhenCreated, @{Expression={([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Members)).Count }; Label=’Members’} | Sort-Object whencreated | Format-Table displayname, alias, managedby, Members, accesstype, whencreated

4.png

  1. To get the list of all private Office 365 groups in your tenant:

Get-UnifiedGroup | Where-Object {$_.AccessType -eq ‘Private’} | Sort-Object whencreated | Format-Table displayname, alias, managedby, accesstype, whencreated

5.png

  1. To get list of deleted Office 365 groups in descending order:

Get-AzureADMSDeletedGroup | Sort-Object DeletedDateTime -Descending | Format-Table Id, DisplayName, Description, Visibility, DeletedDateTime

Note: To run this command, you need to do the below mentioned steps, else you would end up getting an error as shown in the image below. If you pay close attention to the cmdlet you would notice that this is related to Azure AD and hence you need to load the Azure AD PowerShell module for this.

I’d suggest performing these tasks in a different PowerShell window for ease of use.

  1. Uninstall the production module of Azure AD by running, (Uninstall-Module AzureAD) as this cmdlet works with the preview module of Azure AD.
  2. You cannot have the production module and the preview module running on the same machine as per Microsoft’s documentation mentioned in this link https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
  3. Once done, please go ahead and install the Preview module by running (Install-module AzureADPreview)
  4. After that, please connect to Azure AD by running Connect-AzureAD as shown in the image below

12

5. Once you’re done connecting to Azure AD, please go ahead and run the above-mentioned cmdlet to get the list of deleted Office 365 groups in descending order and you will get the results as shown in the image below. In my case I don’t have any deleted Office 365 group and hence it didn’t return anything.

13

8.To get the list of orphaned Office 365 groups in your tenant:

$Groups = Get-UnifiedGroup | Where-Object {([array](Get-UnifiedGroupLinks -Identity $_.Id -LinkType Owners)).Count -eq 0} `

| Select Id, DisplayName, ManagedBy, WhenCreated

ForEach ($G in $Groups) {

Write-Host “Warning! The following group has no owner:” $G.DisplayName

}

14

9.To retrieve the list of recently created Office 365 groups:

# Variables:

#   Cutoff date in days

#   Storage quota in MB

#   Storage quota warning level in MB

#………………………………………………………………………………………………………………………………………

$cutoffdate = ((Get-Date).AddDays(-20))

$quota = 500

$warning = 400

$Groups = Get-UnifiedGroup | Where-Object {$_.WhenCreated -ge $cutoffdate} | Sort-Object whencreated | Select DisplayName, WhenCreated, SharePointSiteUrl

15.png

  1. To update the quota of a new group accordingly if a team site exists:

ForEach ($G in $Groups) {

try

{

Set-SPOSite –Identity ($G.SharePointSiteUrl) -StorageQuota $quota -StorageQuotaWarningLevel $warning

Write-Host “The following site quota was updated:” $G.SharePointSiteUrl

}

catch

{

Write-Host “The following Groups does have a site:” $G.DisplayName

}

}

 

This will run and update the quota of the site as shown in the screenshot below.

16

11.To create new Directory Settings for Groups template:

There are multiple templates that are part of your Azure AD tenant.  This template can contain a settings object which has a collection of values.  By using these values, we can set the parameters below.  This needs to be done before you can set any values

Setting Description
·         EnableGroupCreation

·         Type: Boolean

·         Default: True

The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.
·         GroupCreationAllowedGroupId

·         Type: String

·         Default: “”

GUID of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.
·         UsageGuidelinesUrl

·         Type: String

·         Default: “”

A link to the Group Usage Guidelines.
·         ClassificationDescriptions

·         Type: String

·         Default: “”

A comma-delimited list of classification descriptions.
·         DefaultClassification

·         Type: String

·         Default: “”

The classification that is to be used as the default classification for a group if none was specified.
·         PrefixSuffixNamingRequirement

·         Type: String

·         Default: “”

String of a maximum length of 64 characters that defines the naming convention configured for Office 365 groups. For more information, see Enforce a naming policy for Office 365 groups (preview).
·         CustomBlockedWordsList

·         Type: String

·         Default: “”

Comma-separated string of phrases that users will not be permitted to use in group names or aliases. For more information, see Enforce a naming policy for Office 365 groups (preview).
·         EnableMSStandardBlockedWords

·         Type: Boolean

·         Default: “False”

Do not use
·         AllowGuestsToBeGroupOwner

·         Type: Boolean

·         Default: False

Boolean indicating whether or not a guest user can be an owner of groups.
·         AllowGuestsToAccessGroups

·         Type: Boolean

·         Default: True

Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.
·         GuestUsageGuidelinesUrl

·         Type: String

·         Default: “”

The URL of a link to the guest usage guidelines.
·         AllowToAddGuests

·         Type: Boolean

·         Default: True

A Boolean indicating whether or not is allowed to add guests to this directory.
·         ClassificationList

·         Type: String

·         Default: “”

A comma-delimited list of valid classification values that can be applied

Let me walk you through the complete process of creating directory settings here.

  1. Install the Azure AD PowerShell Module V2 from this link
  2. Run “Install-Module -Name AzureADPreview” in the PowerShell window
  3. Once done Connect to Azure AD via PowerShell by running “Connect-AzureAD”
  4. Once done to review if you have any settings already configured in your tenant, please run the below cmdlet.

 Get-AzureADDirectorySetting | ForEach Values

17

Note: If you check the screenshot above you will notice that I have configured few directory settings such as “Usage Guidelines URL “and “Classification List “and I’ll be showing you how to configure that using PowerShell in the examples below.

5. If you do not have any settings configured the value returned will be blank as show in the screenshot below.

18

6. Alright, now let’s see some examples to set group settings.

7. All examples below will use the Get-AzureADDirectorySetting cmdlet and store that in a variable and then use the Set-AzureADDirectorySetting cmdlet with the updated settings. The full command to run a setting update is as follows. Also, I’d suggest to use PowerShell ISE for running these cmdlets for ease of usage.

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“SETTING NAME”] = “”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

19.pngOk, now let’s look into some scenarios here …

Scenario 1:  Restricting Office 365 groups creation for all the users in your organization except for few users who belong to a specific Security group

$group = Get-AzureADGroup -All $True | Where-Object {$_.DisplayName -eq “Office 365 groups creation allowed”}

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“EnableGroupCreation”] = “false”

$settings[“GroupCreationAllowedGroupId”] = $group.ObjectId

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

20In this scenario here, I created a security group named “Office 365 groups creation allowed” and I’ve added few members to it. So, by doing this I can grant access only to those members to create Office 365 groups and not to all the users in my organization. Also, an important point to bear in mind here is, if I’m restricting the creation of Office 365 groups then these users won’t be able to create a Team, a Planner, a Yammer group etc. So, the users will be restricted by creating anything which creates an Office 365 group in the backend. So, from an end user perspective, the “create” button which you see in the screenshot below for creating Office 365 groups won’t be visible to them. The same applies for other services also, users won’t get the “Create Planner “or “Create Team” button once this option is enabled. This is one way to have control on Office 365 groups creation in your organization

6.png

In Teams, the “Create a Team “button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

7.png

In Planner, the “Create a Plan “button won’t be visible for the users who are not part of that Security group which allows the creation of Office 365 groups.

8

Similarly , as already explained above other services which creates an Office 365 group on the backend won’t be available for end users . By doing this you can have control over who gets to create an Office 365 groups and other services such as Teams and Planner in your organization .

Scenario 2: Setting Office 365 groups classification

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“ClassificationList”] = “Internal,External,Confidential”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

In this scenario, we’re enabling the classification option so that you can classify your groups accordingly. Once this is done whenever you try to create an Office 365 group from the outlook webmail (provided that you have access to create Office 365 groups) you will get an option to choose the classification for that group also as shown in the image below. This could be useful from a compliance and governance perspective.

9.png

Once that’s done you can set the classification for an existing Office 365 by running the below PowerShell command.

Set-UnifiedGroup <TestGroup@o365techy.onmicrosoft.com> -Classification <Internal>

Also, if you want to create a new group with a classification then run the below PowerShell command for that.

New-UnifiedGroup <TestGroup@o365techy.onmicrosoft.com> -Classification <External> -AccessType <Public>

Scenario 3:  Setting Usage Guidelines URL

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$setting[“UsageGuidelinesUrl”] = “<https://o365techy.sharepoint.com/sites/office365groupsgovernance/usageguidelines/SitePages/Home.aspx>&#8221;

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

21

In this scenario, I’ve created a SharePoint subsite named “Usage Guidelines” which speaks about all the guidelines a user must follow while using Office 365 groups in my organization and the user can refer that while creating / using Office 365 groups. Once this has been enabled this what the end user view would be like. Please check the screenshot below.

10

Scenario 4: Restrict all access for guest users to Groups including the ones that were already granted access

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“AllowGuestsToAccessGroups”] = “False”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

22Scenario 5: Restrict the ability to add any new guest users but do not restrict existing guest users

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings[“AllowToAddGuests”] = “False”

$settings[“AllowGuestsToAccessGroups”] = “True”

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

23Finally, if you want to review all the updated settings then please run the below mentioned PowerShell cmdlet as already described above and it will return the updated settings.

Get-AzureADDirectorySetting | ForEach Values

24

 If you want to remove the group settings that we configured in all the scenarios above then please run the below PowerShell command.

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

Remove-AzureADDirectorySetting -Id$settings.Id

25.png12.To update the classifications for all the Office 365 groups:

## Set classifications for all groups

$Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $Null}  | Select DisplayName, Classification

ForEach ($G in $Groups) {

If ($G.Classification -Eq $Null)

{

Write-Host $G.DisplayName

Set-UnifiedGroup -Identity $G.DisplayName -Classification “Internal”

}

}

 

#……………………………..

# Variables:

#   Cut off date in days

#   Classification

#……………………………..

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = “High”

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

$_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq ‘Public’ -and $_.Classification -eq $classification } `

| Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

Set-UnifiedGroup -Identity $G.DisplayName -AccessType ‘Private’

Write-Host “The following Group privacy setting was updated:” $G.DisplayName

}

26This will run and update the classification for all the Office 365 groups as shown in the image below

27

  1. To update the privacy of an Office 365 group based on its classification:

#……………………………..

# Variables:

#   Cutoff date in days

#   Classification

#……………………………..

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = “High”

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

$_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq ‘Public’ -and $_.Classification -eq $classification } `

| Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

Set-UnifiedGroup -Identity $G.DisplayName -AccessType ‘Private’

Write-Host “The following Group privacy setting was updated:” $G.DisplayName

}

30.png

31.png

14.To determine where a group was provisioned (Planner, Yammer, Teams etc.)

To get the list of Yammer integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq ‘YammerProvisioning’} |select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

To get the list of Teams integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq ‘ExchangeProvisioningFlags:481’}|select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

Similarly, we expect MSFT to work on for Planner and other services which create an Office 365 on the backend.

15.To get the list of Obsolete Office 365 groups in your tenant:

This is a PowerShell script from Office 365 fame Tony Redmond and the explanation for the script can be found below.

Note : You need to be connected to Exchange Online PowerShell module as well as the SharePoint Online PowerShell module to run this script

Like any object, an Office 365 Group might become unused over time. No current method exists to detect what groups are underused, so here’s a script that does the job for you by checking audit records to establish whether any SharePoint file activity has occurred in the group document library in the last 90 days and whether any conversations have happened in the group mailbox in the last year. Seeing that it’s all done in simple PowerShell, you can tailor the code to your heart’s content. A HTML report file is generated at the end, which contains some statistics like:

32.jpg

Number of groups scanned: 155

Number of potentially obsolete groups (based on document library activity): 132

Number of potentially obsolete groups (based on conversation activity): 60

Number of Teams-enabled groups: 41

Percentage of Teams-enabled groups: 26.45%

Script:

Check for obsolete Office 365 groups

Thanks for reading this post …. Good luck with Office 365 groups!!!!

Advertisements

PowerShell to on-board list of users to Office 365 and assign them Office 365 licenses:

1.jpgOffice 365 is a SaaS platform which is  being used by many organizations these days and it becomes quite hard for IT administrators to on-board their users to Office 365 manually .Of course , this may not be the case when your user identities gets synced to Azure AD from on-premises AD using AAD connect tool .However, if you’re one of the organizations who totally buried all your IT infrastructure implementation and decided to go with a Cloud implementation completely then possibilities are such that you as an IT administrator should take care of on-boarding your users to Azure AD .As we all know , this is indeed quite a time consuming task if we have to do it manually and then assign the appropriate licenses to all the users . So, to surpass all those manual effort, I’ve put together this PowerShell script which will do the magic for you. Alright, let’s get into the details ….

1.Sign-in to your Office 365 admin center using your global admin account and navigate to the “Active users” section as shown in the image below.

2.png

2.At this moment, you might see only the user account which was used to set-up the Office 365 tenant.

Note: In my case, you might see 3 users as I manually created them using the “Add a user “option.

3.Create a CSV file which has the details of all your users by following the guidelines mentioned in this article. The below mentioned screenshot depicts the CSV file which I’ve prepared which has the list of all my users.

3.png

4. Once done, please login to the PowerShell window and type the below mentioned command as shown in the image below. This will tell you the type of license that your tenant is using and how many licenses have been utilized till now.

4

Note : In my case you can notice that my tenant is on  Office 365 E5 Enterprise E5 plan +EMS  (Enterprise Mobility ) and it also displays how many licenses have been consumed till now .

5. Prior to running the above command, please ensure that you’re connected to your Office 365 tenant via PowerShell, if not please follow the below article to do that first.

https://technet.microsoft.com/library/dn975125.aspx

6. Now, let’s specify the required variables for the PowerShell script.

$UsersToAdd = Import-Csv C:\Users\Vignesh\Documents\Import_User_Sample_en.csv

$LicenseToAdd = “sptech80:ENTERPRISEPREMIUM” à This information can be grabbed from the Get-MsolAccountSKU command which we ran in the above step.

$UsageLocation = “US”

$LicenseOptions = New-MsolLicenseOptions -AccountSkuId $LicenseToAdd

5

7.Once you’re done specifying the required variables, please go ahead and run the below mentioned PowerShell command as shown in the image.

$UsersToAdd | ForEach-Object {

New-MsolUser –UserPrincipalName $_.UserPrincipalName -DisplayName $_.DisplayName

Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation

Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $LicenseToAdd -LicenseOptions $LicenseOptions

}

6.png

8.You may notice that your users are getting created after running the script as shown in the image above and the licensing tab might display the status as “False”. That’s due to the time taken for the script to reflect the licensing details as it first creates the user and then assigns the license to the user’s account. This is quite normal and hence you don’t need to panic about the “isLicensed” column

9. You can verify the status of the users as well as the licenses assigned to them by running the “Get-MsolUser” command. This time it should display the licensing details correctly.

10. Additionally, you can also navigate to the “Active users” section to verify the same.

8.png

Thanks for reading this post ….Good luck with Office 365 !!!

Extending the Retention period of orphaned personal site collections up to a year:

One drive 1.png

Alright , I guess you might have figured out what this post is going to be about by seeing the title .So yes , I’m going to show you how to extend the retention period of the One Drive for business content up to a year even after the user has left the company .

So I guess all the Office 365 folks as well as SharePoint folks out there would be aware of the “My site cleanup policy” that runs in SharePoint once a user’s account has been deleted in AD. If you’re not aware of this yet, please check my article on that. Also to understand how this works on SharePoint Online, you can take a look at the link below. Microsoft has did an awesome job on writing a detailed article about this and hence I’m not going to spend my time writing a detailed article explaining the same stuff once again .

https://support.microsoft.com/en-in/help/3042522/onedrive-for-business-retention-and-deletion

So here in this article I’m going to introduce you to a PowerShell command that will extend the retention period of the contents in the personal site (i.e. One Drive for Business) up to a year so that you have a year’s time to copy the contents from a user’s One Drive for business folder even after he/she has left the company.

I guess scenario’s like this are quite possible when a user has been terminated and his account has been deleted or may be a user left the company and the default retention period was not sufficient for you to copy the important contents from his One Drive for business folder .

So here’s the PowerShell command for that ….

Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 365

You need to run this as a SharePoint Online command as shown in the image below.

one drive 2.png

Once done it will update the retention policy for all the orphaned One Drive for Business sites in your tenant. The other way to do this is by putting a hold on the user’s One Drive for Business as a part of an eDiscovery case and the site won’t get deleted until the hold is removed. But this command will make your life even easier by making the change for the entire tenant.

Happy SharePointing …..I hope this helps someone. Thanks to Chris Bortlik for showing this to us.

 

 

 

 

PowerShell script to configure SQL Server Reporting Services in SharePoint mode

SSRS.png

The below mentioned script will take care of the steps listed below :

  1. Installs Reporting Services service and service proxy, and starts the service.2
  2. Creates a service proxy named “Reporting Services”.
  3. Creates a Reporting Services service application named “Reporting Services Application”.
  4. Enables the Power View feature for a site collection.

 

#Script for SSRS Configuration in SharePoint Integrated mode

$starttime=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime

Write-Host -ForegroundColor Green “Import the SharePoint PowerShell snappin”
Add-PSSnapin Microsoft.Sharepoint.Powershell –EA 0

Write-Host -ForegroundColor Green “Install SSRS Service and Service Proxy, and start the service”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”

Write-Host -ForegroundColor Green “Install the Reporting Services Shared Service”
Install-SPRSService

Write-Host -ForegroundColor Green ” Install the Reporting Services Service Proxy”
Install-SPRSServiceProxy

# Get the ID of the RS Service Instance and start the service
Write-Host -ForegroundColor Green “Start the Reporting Services Service”
$RS = Get-SPServiceInstance | Where {$_.TypeName -eq “SQL Server Reporting Services Service”}
Start-SPServiceInstance -Identity $RS.Id.ToString()

# Wait for the Reporting Services Service to start…
$Status = Get-SPServiceInstance $RS.Id.ToString()
While ($Status.Status -ne “Online”)
{
Write-Host -ForegroundColor Green “SSRS Service Not Online…Current Status = ” $Status.Status
Start-Sleep -Seconds 2
$Status = Get-SPServiceInstance $RS.Id.ToString()
}

$time=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime
write-host -foregroundcolor DarkGray $time

Write-Host -ForegroundColor Green “Create a new application pool and Reporting Services service application”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
Write-Host -ForegroundColor Green “Create a new application pool”
#!!!! update “-Account” with an existing Managed Service Account
New-SPServiceApplicationPool -Name “Reporting Services” -Account “<domain>\User name>”
$appPool = Get-SPServiceApplicationPool “Reporting Services”

Write-Host -ForegroundColor Green ” Create the Reporting Services Service Application”
#!!!! Update “-DatabaseServer”, an instance of the SQL Server database engine
$rsService = New-SPRSServiceApplication -Name “Reporting Services Application” -ApplicationPool $appPool -DatabaseName “Reporting_Services_Application” -DatabaseServer “<server name>”

Write-Host -ForegroundColor Green “Create the Reporting Services Service Application Proxy”
$rsServiceProxy = New-SPRSServiceApplicationProxy -Name “Reporting Services Application Proxy” -ServiceApplication $rsService

Write-Host -ForegroundColor Green “Associate service application proxy to default web site and grant web applications rights to SSRS application pool”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
# Associate the Reporting Services Service Applicatoin Proxy to the default web site…
Get-SPServiceApplicationProxyGroup -default | Add-SPServiceApplicationProxyGroupMember -Member $rsServiceProxy

$time=Get-Date
write-host -foregroundcolor DarkGray StartTime>> $starttime
write-host -foregroundcolor DarkGray $time

Write-Host -ForegroundColor Green “Enable the PowerView and reportserver site features”
Write-Host -ForegroundColor Green “>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>”
#!!!! update “-url” of the site where you want the features enabled
Enable-SPfeature -identity “powerview” -Url http://server/sites/bi
Enable-SPfeature -identity “reportserver” -Url http://server/sites/bi

####To Verify, you can run the following:
#Get-SPRSServiceApplication
#Get-SPServiceApplicationPool | where {$_.name -like “reporting*”}
#Get-SPRSServiceApplicationProxy

PowerShell script for generating the site collections list with multiple administrators

powershell.png

Running this script will generate a report which displays the list of site collections that has multiple site collection administrators and will also display the total number of users who have access to those site collections.

Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue

Add-Content “Sites.csv” -Value “SiteCollection Name,SiteCollection URL, SiteCollection Administrators, Users Count,Usage in MB”

$webApp = Get-SPWebApplication

foreach($webapps in $webapp)

{

foreach ($SiteCollection in $webApps.Sites)

{

$url = $SiteCollection.Url

$webs = Get-SPWeb $URL

[boolean] $WriteToFile = $true

$weburl = $SiteCollection.OpenWeb()

$siteowner = “”

foreach ($siteAdmin in $weburl.SiteAdministrators)

{

$siteowner = $siteAdmin.DisplayName + “|” + $siteowner

}

foreach($web in $webs)

{

#Grab all users in the site collections

$siteUserCnt = $web.AllUsers.Count

$Siteurl = $web.Url

$siteTitle = $web.Title

$site = Get-SPSite  $Siteurl

$siteusage = $site.Usage.Storage/1MB

Add-Content -Path “Sites.csv” -Value “$siteTitle,$Siteurl,$siteowner,$siteUserCnt,$siteusage”

$web.Dispose()

}

}

}

Thanks for using this script …..Happy SharePointing!!!!

Part 2: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Followed to my previous article about useful office 365 cmdlets in SharePoint Online, in this article I’ll be showing you some more useful PowerShell cmdlets to generate SharePoint Online reports /SharePoint Online site administration. I see a lot of misconception with my fellow SharePoint workers on understanding the difference between SharePoint on-premises cmdlets and Office 365(SharePoint Online) cmdlets, please note that they all don’t have the same functionality even though they almost look similar. There is a lot of difference in what they exactly do, so please pay close attention while utilizing them.

1

So let’s get into the real meats and potatoes now…

  1. To create a new SPO Site collection:

SyntaxNew-SPOSite -Url https://vigx.sharepoint.com/sites/Vignesh -Title “Vignesh” -Owner “vigganesan89@vigx.onmicrosoft.com” -Template “STS#0” -TimeZoneId 10 -StorageQuota 200

2

Note: In the above mentioned command you need to specify the URL of your new site collection, Title Name, Template ID, Time Zone and Storage quota size. Please check my previous article on SharePoint Online command to get to know about SharePoint Online Template ID’s

Running this command will create a new site collection in SPO and you can verify this in your SPO admin center as shown below.

3

2.To list the groups, and all the group memberships, for all of your SharePoint Online sites.

Syntax:

$x = Get-SPOSite

 

foreach ($y in $x)

    {

        Write-Host $y.Url -ForegroundColor “Yellow”

        $z = Get-SPOSiteGroup -Site $y.Url

        foreach ($a in $z)

            {

                 $b = Get-SPOSiteGroup -Site $y.Url -Group $a.Title

                 Write-Host $b.Title -ForegroundColor “Cyan”

                 $b | Select-Object -ExpandProperty Users

                 Write-Host

            }

    }

Running the above mentioned command will display the results as shown below,

4.png

3.To list the groups, and all the group memberships, for a single site collection:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question.

$siteURL = “https://vigx.sharepoint.com/teams/test&#8221;

$x = Get-SPOSiteGroup -Site $siteURL

foreach ($y in $x)

    {

        Write-Host $y.Title -ForegroundColor “Yellow”

        Get-SPOSiteGroup -Site $siteURL -Group $y.Title | Select-Object -ExpandProperty Users

        Write-Host

    }

Running this command will display the results as shown below .

5

 4.To lock a SharePoint Online site:

SyntaxSet-SPOSite -Identity $site -Lockstate NoAccess

Specify the $site variable to the site which you want to lock.

6

Running this command will lock the site and when you try to access it you will get a 403 Forbidden error.

5.To unlock as SharePoint Online site:

Syntax:  Set-SPOSite -Identity $site -Lockstate Unlock

7.png

This will unlock the site that we just locked in the previous command.

6.To disable external sharing for a SharePoint Online site collection:

Syntax:

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -SharingCapability Disabled

8.png

You can verify this in your SharePoint Online admin center as shown in the image below. The site in question will have external sharing disabled as shown below.

9

7.To enable external user and guest sharing:

Syntax:

Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserandGuestSharing

10.png

Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the screenshot below.

11.png

Note: By default, this feature will be disabled for SPO sites and this has to be enabled if required.

8.To enable only external user sharing:

Syntax:  Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserSharingOnly

12.png

 Running this command will only enable external user sharing in a SPO site collection and you can verify that in the screenshot below.

15.png

9.To get the list of sites where sharing capability has been enabled:

Syntax:    Get-SPOSite | Where {$_.SharingCapability -ne “Disabled”}

13

  1. To get the list of sites where sharing capability is disabled:

Syntax:  Get-SPOSite | Where {$_. SharingCapability -eq “Disabled”}

14.png

 11.To change the owner of site:

Syntax:

First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -Owner “pritham@vigx.onmicrosoft.com”

16

12.To change the storage and resource quota of a site:

Syntax:

Set-SPOSite -Identity $siteURL -StorgaeQuota 1000 -ResourceQuota 500

13.To change the Title of the site:

Syntax:

Set-SPOSite $siteURL -Title “New Title”

17.png

This will change the title of the site in question. You can verify this below.

18.png

Thanks for reading this article. This is all I have for this post and I’ll be back with Part 3 of this article very soon.

Happy SharePointing !!!

Part 1: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Presentation1.png

In this post I’ll be showing you how to use Office 365 PowerShell cmdlets to generate useful SharePoint Online reports from your SharePoint Online tenant and also I’ll be discussing on certain useful cmdlets that can be used for SharePoint Online site administration. Let’s get started.

Note: Before we get started, please ensure that you’ve configured your PC to run SharePoint Online (Office 365) cmdlets. If not, please take a look on this article which I’ve already written about how to configure that. Also make sure that you’re a member of the SharePoint Online administration role in Office 365.

  1. Get-SPOSite -Detailed

This command will give a detailed list of all the site collections in your SharePoint Online tenant as shown in the screenshot below.

1.png

2. To get a list of SharePoint groups in your tenant.

Syntax:   Get-SPOSite | ForEach-Object {Get-SPOSiteGroup -Site $_.Url} |Format-Table 

Running this command will generate the results as shown in the image below. Also please note that this command will display the default SharePoint groups as well as the custom SharePoint groups that was created manually.

2.png

3.png

3. Adding a user to the Site collection administrators group.

Before I go ahead and show the syntax for this, let me go ahead specify the variables here so that it will be easy for us to use that in the command.

$tenant =  “https://vigx-admin.sharepoint.com “–>This would be my tenant URL

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site collection URL

$user =” kamaleshg@vigx.onmicrosoft.com” –> This will be the UPN for the user who will be added as the SCA.

Since we have already specified all the variables, let’s go ahead and run the syntax.

SyntaxSet-SPOUser -Site $site -LoginName kamaleshg@vigx.onmicrosoft.com -IsSiteCollectionAdmin $true

Check the screenshot below for reference:

4.png

5.png

So this will add the user to the SCA group of  a site collection.

4. To get the list of users in my SharePoint Online Tenant:

Syntax:  Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} 

Running this command will display the results as shown in the screenshot below.

replace.PNG

 

 

5.To get a report of the user’s in a site, their display names, permission levels and other properties:

Before I go ahead and execute the command for this, let me specify the $site variable for the site in question.

$site = “https://vigx.sharepoint.com/teams/test” –>This will be the SharePoint site URL

Note: It’s not necessary that you need to keep specifying the variables every time in a command unless you’re planning to use a different value apart to the one specified for that variable. PowerShell will automatically store it for you till the session is live.

Syntax:  Get-SPOUser -Site $site | select * | Format-table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

8.png

Running this command will generate a report as shown in the screenshot below.

9.png6. To get a report of the all user’s in your SharePoint Online Tenant, their display names, permission levels and other properties

$tenant =  “https://vigx-admin.sharepoint.com “–> This would be my tenant URL

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url} | Format-Table -Wrap -AutoSize | Out-File G:\UsersReport.txt -Force -Width 360 -Append

10.png

Note: PowerShell might throw you some errors while running this command but that can be safely ignored.

Running this command will generate a report as shown below.

11.png

If you want to export the result to a CSV file, try running the below mentioned command.

Command 1 : For setting the headers in the CSV file

“Display Name`tLoginName`tGroups” | Out-File C:\UsersReport.csv

 12.png

Command 2: Once you’re done executing the first line, run the below syntax to get the report in the form a CSV file.

Syntax:

Get-SPOSite | ForEach-Object {Get-SPOUser -Site $_.Url -ErrorAction SilentlyContinue | %{ $_.DisplayName + “`t” + $_.LoginName

 + “`t” + $_.Groups | Out-File c:\UsersReport.csv -Force -Append}}

13

This will generate a CSV file as shown in the image below,

14.png

 7. To create a new SharePoint Group in a site collection.

Before I mention the syntax, let’s specify the necessary variables.

$tenant = “https://vigx-admin.sharepoint.com” –>Tenant URL

$site = “https://vigx.sharepoint.com/teams/test “–> Site collection URL

$group = “Test Site Owners2” –>SharePoint Group Name

$level = “Full Control” –> Permission level

Syntax:

New-SPOSiteGroup -Group $group -PermissionLevels $level -Site $site

15.png

Running the above command will create a new SharePoint Group in the targeted site collection and will give the results as shown below.

16.png

8. To create an inventory of all the SharePoint site collections in your Tenant which has the information of the Site Name, URL, Quota, compatibility level and other information etc.… and to export the results to a CSV file:

Syntax:

Get-SPOSite -Limit All | Export-CSV -LiteralPath G:\SiteInventory.csv -NoTypeInformation

17.png

Running this command will generate a CSV file in specified path as shown in the image below.

18.png

 9. To get your SharePoint Online Tenant information

Syntax: Get-SPOTenant

This will give the complete tenant information as shown in the image below.

19.png

  1. To get the list of site templates in your SharePoint Online tenant

Syntax: Get-SPOWebTemplate

Running this command will give the list of site templates in SharePoint Online as shown below

20.png

This concludes part 1 of this article, I’ll be creating part 2 of this article where I’ll be taking you through few more SharePoint Online PowerShell cmdlets that can help us to generate useful reports and also for site administration.

Thanks for reading this post.

Happy SharePointing!!!  

Configuring Windows PowerShell to support SPO management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center:

office3652.jpg

Good evening  to all the Office 365 nerds out there, this article would be on how to configure Windows PowerShell in your client operating system to support Office 365 (i.e. SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Security & Compliance center). Well it’s a known fact that Microsoft has released the PowerShell module for all these products (SharePoint Online, Exchange Online, Skype for Business Online and Office 365 Security & Compliance center) separately and you can use that to manage these products separately .Listed below are the links to download those modules .

SharePoint Online Management shell: _ https://www.microsoft.com/en-us/download/details.aspx?id=35588

Skype for Business Online module: _ https://www.microsoft.com/en-us/download/details.aspx?id=39366

Exchange Online module: _ https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Office 365 Security & Compliance center: _ https://technet.microsoft.com/en-us/library/mt587091(v=exchg.160).aspx

Azure AD Module (this can be used for user and domain management tasks in Office 365): _ https://msdn.microsoft.com/en-us/library/jj151815.aspx .

So if you’re the guy who plays the IT administrator role in your company and if you’re the one who has Office 365 global admin role assigned to you and takes care of managing Office 365 then chances are that your desktop could look very messy as shown in the image below while you’re using the management shell and you’re definitely going to have hard time managing them .

29.png

So the idea here is to show guys how to configure PowerShell to support all these modules and be successful in managing Office 365 from a single PowerShell window.

Let’s get into the detailed steps now:

Note: Please bear in mind that you need to have Office 365 global admin access to perform these steps.

  1. Please install the Microsoft .NET Framework 4.5.x and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. in your PC.

Windows Management Framework 3.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=34595

Windows Management Framework 4.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=40855

  1. For Skype for business online module to function, you need a 64-bit operating system and hence please make sure you’re running a 64 bit version of Windows. Else you will end up getting an error  message as shown in the image below.

31.png

3.  Listed below are the 64-bit version of Windows that you can use

                                Windows 8.1 or Windows 8

                                Windows Server 2012 R2 or Windows Server 2012

                                Windows 7 Service Pack 1 (SP1)*

                                Windows Server 2008 R2 SP1*

  1. Once that’s done you need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online. Listed below are the links to download those modules.

Microsoft Online Service Sign-in Assistant for IT Professionals RTW

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

SharePoint Online Management Shell

Skype for Business Online, Windows PowerShell Module

5. Once you’re done installing all the modules you need to configure Windows PowerShell to run signed scripts for Skype for Business Online, Exchange Online, and the Security & Compliance Center. To do this, run the following command in an elevated Windows PowerShell session

Set-ExecutionPolicy RemoteSigned

1

6. Now inorder to identify whether you’re running Windows PowerShell using elevated permissions or normal mode, please check the prompt on your PowerShell screen.

PS C:\Windows\System32> –>Elevated permissions

 PS C:\Users\UserName>–>Normal mode

7. Now run the next below mentioned command to pass your Office 365 user name and password to Windows PowerShell in an encrypted way. Once that’s done you will get a windows dialog box prompting for your credentials as shown in the image below.

$credential = Get-Credential

2

8. Now key-in your Office 365 credentials and click on OK as shown below.

3

9. In-order to identify whether your credential object has been created successfully, please run the below mentioned command as shown in the image below and it should return the value.

Note: Windows PowerShell will never tell you anything when things go fine, it will silently pass on to the next line .It only yells at you when something went wrong. That’s the funny thing about Windows PowerShell.

$credential

30

10.  Now we are all good to and hence we can start connecting to Office 365, for that please run the below mentioned command.

Import-Module MsOnline

4

11. Once that’s done in-order to verify whether the module was imported successfully you need to run the below mentioned command. This should return the value as shown in the image below.                                Get-Module

12. Somewhere in the list of modules that are returned by this command you should see something that looks like this:  

  Manifest 1.0 MS Online {Add-MsolForeignGroupToRole, Add-MsolG…}.

If you see MSOnline listed, that means that everything went according to plan.

13. Since we have verified that the credential object has been created and also the MSOnline module has been loaded successfully the next step would be to connect to Office 365 using the Connect-MsolService cmdlet. For that run the below mentioned command as shown in the image below.

                                Connect-MsolService -Credential $credential

5

14. In-order to verify whether you have successfully logged into your Office tenant, please run the below mentioned command and verify your domain information as shown in the image below. In my case my domain name for Office 365 is “vigx” and you can see that in the image below.

                                                 Get-MsolDomain

32.png

15. After performing all the above mentioned we have successfully verified that we are able to establish a connection to the Office 365 tenant using our user name and password which has Global admin access in Office 365 . Now the next steps would be to create a connection to each modules separately (i.e. SharePoint Online, Exchange Online , Skype for Business Online & Security and Compliance center for Office 365 )

16 .Initially let’s get started with SharePoint Online by running the following command.   Import-Module Microsoft.Online.SharePoint.PowerShell –DisableNameChecking

Here the “DisableNameChecking” switch suppresses the below mentioned warning.

Warning: The names of some imported commands from the module ‘Microsoft.Online.SharePoint.PowerShell’ include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

17. In order to connect to SharePoint Online, you need to supply two pieces of information: your credentials and the URL of your SharePoint Online admin site. This is how the format is going to look like.

Note: You can get your SharePoint Online tenant URL by opening the tenant admin page. Check the screenshot below.

33

This is how the format will look like,

Admin URL: – https://vigx-admin.sharepoint.com   Connect-SPOService -Url https://vigx-admin.sharepoint.com -credential $credential

18. Once that’s done, please go ahead and run “Get-SPOSite” command as shown below and see the results .This should list all the SharePoint Online sites.

34.png

19. If you successfully get the list of all SharePoint Online sites then your command ran successfully.You can verify that by visiting the SharePoint Online admin center as shown below.

6.PNG

20. Also try running Get-MsolUser and see the result , this will return the list of all the users in Office 365 .This means you can now manage both SharePoint Online and Office 365 from the same Windows PowerShell window .

35.png

 

21. Now, let’s take a look on how to connect to Skype for Business Online (formerly as Lync Online)

Note:  Connecting to Skype for Business Online (and to Exchange Online or the Security & Compliance Center) is different than connecting to Office 365 or to SharePoint Online. That’s because the Skype for Business Online and Exchange Online cmdlets don’t get installed on your computer like the Office 365 and the SharePoint Online cmdlets do. Instead, each time you sign in, the appropriate cmdlets are temporarily copied to your computer. When you sign off, those cmdlets are then removed from your computer.

22. In order to connect to Skype for Business Online, please run the below mentioned command to import the Skype for Business Online module. For that run the below mentioned command.

                         Import-Module SkypeOnlineConnector

36.png

Note: The first time you might see some warning message which can be safely ignored.

23. Once the module has been imported, run the below mentioned command to initiate a new Sfbo session by running the below command.

$sfboSession = New-CsOnlineSession -Credential $credential

Note: By running the above command we have successfully created a remote PowerShell session. The above command is used to connect to an instance of Windows PowerShell running on one of the Office 365 servers.

37.png

24. Once that’s done you need to run the below mentioned command to download the “Skye for Business Online scripts /cmdlets” and other items. As already mentioned before Skype for Business Online commands are not similar to SPO cmdlets, Sfbo cmdlets need to be loaded every time you plan to use PowerShell to manage Sfbo. So now let’s load sfbo cmdlets to PowerShell by running the below mentioned command(you can notice the progress bar in the image below loading the cmdlets to Windows PowerShell)

Import-PSSession $sfboSession

10.png

25. Once Windows PowerShell is done loading the sfbo cmdlets you should notice something like this as shown in the image below. If you notice this in your screen then you have successfully made a connection to Skype for Business Online.

11

26. You can verify your connection to Skype for Business Online by running the below mentioned command.

Get-CsOnlineUser -Identity vigganesan89@vigx.onmicrosoft.com 

Note: This command will give the information for the user who has his UPN/SIP ID as vigganesan89@vigx.onmicrosoft.com

16

27.  Alright, till now we have seen how to configure Windows PowerShell to support SharePoint Online and Skype for business online, now let’s take a look on how to configure Windows PowerShell to support Exchange Online.

28. In order to proceed further, please run the below mentioned command which creates a remote Windows PowerShell session with Exchange Online.

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://outlook.office365.com/powershell-liveid/&#8221; -Credential $credential -Authentication “Basic” -AllowRedirection

Note: Why is the command for connecting to Exchange Online more complicated than the command to connect to Skype for Business Online? Technically, it’s not: both commands do the exact same thing. However, the Skype for Business Online team created its own cmdlet—New-CsOnlineSession—that hides some of the parameters (like Authentication and AllowRedirection) that are used when connecting to Exchange Online. Instead of requiring you to type that information yourself, the Authentication and AllowRedirection parameters are effectively built in to the New-CsOnlineSession cmdlet. You have to type those parameters when connecting to Exchange Online because Exchange Online uses the standard New-PSSession cmdlet to connect to Office 365. The disadvantage is that you have a little more typing to do. The advantage is that you don’t have to download and install an Exchange Online module. This will start loading the modules as shown in the screenshot below.

13.png

29. Once you’re done running the above command, please run the below command to import the Exchange Online remote session, just as we did for Skype for Business Online. Please check the screenshot below.

        Import-PSSession $exchangeSession –DisableNameChecking

38

30. Once you’re done running the above command you would get the results as shown in the image above.

31. After you get the desired results in the screen, try running the below mentioned command , you should see information about your Office 365 domains that are configured for email addresses in Exchange Online.

Get-AcceptedDomain

39

32. This confirms that you have successfully connected to Exchange Online, you can also verify that by running the “Get-Mailbox” command as shown in the email below. This should return the Mailbox information of the users who are in Office 365.

40

33. So till now we have seen how to manage the user administration/license management for Office 365 , SharePoint Online , Exchange Online & Skype for Business Online using Windows PowerShell .Now let’s see how to manage the Security and Compliance center in Office 365 using Windows PowerShell .

34. The connection instructions for the Security & Compliance Center are very similar to those for Exchange Online, but with a slight difference .Let’s take a look at it. To get started with, please run the below mentioned command which creates a remote PowerShell session with the Security & Compliance Center

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic –AllowRedirection

35. This will start loading the modules as shown in the image below.

20.PNG

36. Now in order to import the cmdlets for “Security and Compliance center” run the below mentioned command .This should look similar to the Exchange Online cmdlet. The DisableNameCheckingswitch isn’t required here as there are no unapproved verbs in the Security & Compliance Center. But the additional -Prefix ccparameter and value is something different here. The Exchange Online and the Security & Compliance Center share some cmdlets that have exactly the same names and provide the same functionality. Get-RoleGroup is an example.                                                                                             Import-PSSession $ccSession -Prefix cc

21.PNG

37. Now you can verify the result of the above command in the screenshot above.

38. In order to verify whether you have been successfully connected to “Security and Compliance center” in Office 365, please visit the below mentioned link and try executing the cmdlets there and see the results.

https://technet.microsoft.com/en-us/library/mt587093(v=exchg.160).aspx

39. So finally we have connected to all the instances of Office 365 (Office 365 user/license management, SharePoint Online, Exchange Online, Skype for Business Online & Security and Compliance center in Office 365) using Windows PowerShell and we also saw how to execute the appropriate cmdlets to manage them.

40. Now, run the below mentioned command to get the active sessions that are running .For that run the Get-PSSession

The Get-PSSession cmdlet should show you that you have at least three remote sessions open, one for Skype for Business Online, one for Exchange Online and one for the Security & Compliance Center (it’s possible you could have more than three remote sessions running, depending on whether you’ve used this instance of Windows PowerShell to connect to something else besides the Office 365 services). You should see something similar to the following.

41.png

41. Since we have verified the active sessions that are running, now run the below command one at a time to close the session. If you just close the Windows PowerShell window, your Skype for Business Online remote connection will remain active for the next 15 minutes or so. Because Skype for Business Online limits the number of simultaneous connections that any one person or any one domain can have open, that could be a problem. With Skype for Business Online, an individual administrator can have, at most, three open connections at one time, and a domain can have a maximum of nine open connections. If you sign in to Skype for Business Online and then exit without properly closing the session, that session remains open for the next 15 minutes or so. As a result, that’s one fewer connection available to you or to other administrators in your domain. So run the below mentioned command to close the remote sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully.

 

Remove-PSSession $sfboSession

                                Remove-PSSession $exchangeSession

                                Remove-PSSession $ccSession

 42. If you prefer to close all the sessions at the same time without doing it one at a time, please run the below mentioned command.

 

Get-PSSession | Remove-PSSession

 43. The above mentioned commands will stop the PowerShell sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully but not SharePoint Online and hence to stop the session for SharePoint Online , run the below mentioned command .

Disconnect-SPOService

43.png

44. Now inorder to verify whether we have successfully disconnected from SharePoint Online service run the below mentioned command and it should throw you an error.

44.png

45. This confirms that you have successfully disconnected from SharePoint Online management shell.

So finally we have seen how to configure Windows PowerShell to support SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center.