Bulk Enable Exchange Online Archiving – PowerShell Script

This script enables the Online Archiving Mailbox for users in Exchange Online. The script will generate the log and error outputs by checking if the users exists in Exchange Online based on the information provided in the csv file.

The script needs to be run from the On-prem Exchange environment.

Example of script block, this demonstrates the actions taken within the script to check the csv file row by row and output if sucessful or not.

Foreach ($row in $csv)
if (get-remotemailbox -identity $row.mailboxemail)
get-remotemailbox -identity $row.mailboxemail | enable-remotemailbox -archive
Add-Content -Path $logfilepath -Value ('{0} SUCCESS: Mailbox {1} enabled for Archive' -f (Get-Date), $row.mailboxemail)
else {
$outputfiles |%{ Add-Content -Path $_ -Value ('{0} ERROR: Mailbox {1} not enabled for Archive {2}' -f (Get-Date), $row.mailboxemail, $_.exception.message)}

Example of csv file used; please note the heading mailboxemail is very important as the script checks for this heading.

To view if an Online archive has been activated in the Mailbox, run the following cmdlets.

It is very easy to enable Online Archiving and verify afterwards if it has been enabled.

Download this script

Enable-RemoteMailbox -Archive (39 downloads)


Author – Blogabout.Cloud

Office ProPlus Deployment Tool Developments 16.0.10810.33603

With Office Pro Plus being a subject and technology close to my heart, there have been a number of developments which I would like to point out.

Download and installation of Office 2019 products

At Microsoft Ignite is has been announced that Office 2019 is now available for commercial volume licensed (trusted) customers and then will be available to all customers, consumer and commercial over next far weeks.

Better logic using /Download switch

Microsoft have now built in better logic when using the download switch. The Office Deployment Tool will now only download the missing files when pointing to an existing source path.

AcceptEULA Issue

Microsoft identified an issue in the previous Office Deployment Tool where the AcceptEULA was not properly applied to all users when running as a system account. This will require product version 16.0.9126.2116 or higher, 2116 was released on 27th March 2018 into Monthly Channel.

ExcludeApp Issue

Microsoft identified an issue in the previous Office Deployment Tool where the ExcludeApp was not being honored during second install. This will require ODT product version 16.0.10225.36926 or higher

Existing ODT Version Level 16.0.10810.33603


The Author – Blogabout.Cloud

Configuring Microsoft Intune – Apps within your company portal

Do you have one of the following licencing sets and you are not utilising Microsoft Intune? It would be criminal.

  • Intune
  • Enterprise Mobility + Security E3
  • Enterprise Mobility + Security E5
  • Microsoft 365 E3
  • Microsoft 365 E5
  • Microsoft 365 F1
  • Microsoft 365 Business
  • Microsoft 365 Education A1
  • Microsoft 365 Education A3
  • Microsoft 365 Education A5

Its time roll out the company portal and manage your corporate data across all mobile device.

Microsoft Intune is not available for the following licence sets and you need need to purchase one of the valid sets above.

  • Office 365 F1
  • Office 365 Business Premium
  • Azure Active Directory Free, Basic, Premium P1, Premium P2 None

Launch Microsoft Azure Portal


Open Intune either by using the Search resources, services, and docs or from your favourites. Select Client apps, Apps.

As you can see, there are no applications found currently within Client apps. In this section are able to define a number of different applications types with can be used whole Microsoft Intune platform.

For the purposes of this blog post we are only focusing on Other –> Built-In applications which have been optimised by Microsoft to ensure that all corporate data and general applications are secure.

Built-In applications target most of the Microsoft applications that are used day to day by all corporate enterprises. We will be selecting Adobe Acrobat Reader for Intune as an example of how to configure and publish applications into the company portal.

Click on your chosen app, press “Select” and press “Add”

Select Properties, App information – configure

Within this section you will need we will need configure the app information with the following

  • Category – This is not key but allows you group business, productivity, etc.. applications together
  • Display this as a feature app in the Compant Portal – Yes 
  • Logo – Give the application a logo which will appear in the company portal

Save the changes

Select Assignments, Add group

Under Assignment type, I have selected Available for enrolled devices.

Select Include Groups, Select Yes, Press OK x2 and Save

This will now make this application available within the company portal and you can repeat this process for other built-in applications.


This concludes this post


The Author – Blogabout.Cloud

Big news in the world of the modern desktop: Office 2016 supported extended

Microsoft announced in April 2017 that they be ceasing support for legacy Office clients into Office 365 services, however this stance has now changed based on customer feedback to Microsoft

  • Office 2013 and below will cease as expected on 13th October 2020
  • Office 2016 will now be extended until October 2023


With this announcement it also includes a number of changes to the supported operating system versions of Windows.

Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To support customers already on Office 365 ProPlus through their operating system transitions, we are updating the Windows system requirements for Office 365 ProPlus and revising some announcements that were made in February. We are pleased to announce the following updates to our Office 365 ProPlus system requirements:

  • Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end of support date for Windows 8.1.
  • Office 365 ProPlus will also continue to be supported on Windows Server 2016 until October 2025.
  • Office 365 Pro Plus will also continue to be supported on Windows 7 (ESU) Extended Security Updates through Janaury 2023. Windows 7 ESU will only be available for Windows 7 Pro/Enterprise customers with Volume Licensing.

Other big news is four changes Microsoft have also announced (Longer support windows for Windows 10):

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

Populate your Exchange Mailbox with dummy data before migrating to Exchange Online or Vice Versa

Have you ever had a requirement where you need to populate an Exchange or Office 365 Mailbox with data? This is general a common ask when looking to migrate to/from Exchange Online and can be time consuming if your manually sending emails. The following script has been modified to provide an easy way of sending data using the Send-MailMessage PowerShell cmdlet and also capture better error logging.

I would like to thank Andreas Hähnel for his efforts in creating the original script.

This modified script using Try and Catch variables to ensure the specified File location contains documents which can be used and also provide Help on each parameter. Add-MailboxData.zip (113 downloads)

Add-MailboxData.zip (113 downloads)

Check out the video demonstration below

Detect, Remove, Destroy and Upgrade your Microsoft Teams Module`

The following script has been designed to detected, remove and upgrade your Microsoft Team PowerShell Module.

How does it work?

The script will initial check if you are running a PowerShell window with evaluated privileges as this is a prerequisites to running this script. Once Administrative privileges have been detected it will compare the installed version of the Microsoft Teams module against the online version located the PSGallery. If the online is greater than the installed version, the script will use the uninstall-module cmdlet to remove the previous version and install the latest version from the PSGallery.

If your installed version matches the online version no actions will be taken.

This script also includes an output of the installed client version of Microsoft Teams with its Ring and Environment information as shown below

Download this script today

Detect-MicrosoftTeams-Version (474 downloads)


The Author – Blogabout.Cloud

Install PowerShell for Azure Stack

Installing PowerShell for Azure Stack has a number of prerequistes which need to be met. The following script has been designed and tested to preform all the necessary tasks within a single script execution.

The following steps have been taken from https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-powershell-install

1. Verify your prerequisites

Before your get started with Azure Stack and PowerShell, you will need to have a few requirements in place.

PowerShell Version 5.0
To check your version, run $PSVersionTable.PSVersion and compare the Major version. If you do not have PowerShell 5.0, follow the link to upgrade to PowerShell 5.0.


PowerShell 5.0 requires a Windows machine.

Run Powershell an elevated prompt
You will need to be able to run PowerShell with administrative privileges.

PowerShell Gallery access
You will need access to the PowerShell Gallery. The gallery is the central repository for PowerShell content. The PowerShellGet module contains cmdlets for discovering, installing, updating, and publishing PowerShell artifacts such as modules, DSC resources, role capabilities, and scripts from the PowerShell Gallery and other private repositories. If you are using PowerShell in a disconnected scenario, you will need to retrieve resources from a machine with a connection to the Internet and store them in a location accessible to your disconnected machine.

2. Validate if the PowerShell Gallery is accessible

Validate if PSGallery is registered as a repository.


This step requires Internet access.

Open an elevated PowerShell prompt, and run the following cmdlets:

Import-Module -Name PowerShellGet -ErrorAction Stop
Import-Module -Name PackageManagement -ErrorAction Stop
Get-PSRepository -Name “PSGallery”

If the repository is not registered, open an elevated PowerShell session and run the following command:

Register-PsRepository -Default
Set-PSRepository -Name “PSGallery” -InstallationPolicy Trusted

3. Uninstall existing versions of the Azure Stack PowerShell modules

Before installing the required version, make sure that you uninstall any previously installed Azure Stack AzureRM PowerShell modules. You can uninstall them by using one of the following two methods:

To uninstall the existing AzureRM PowerShell modules, close all the active PowerShell sessions, and run the following cmdlets:

Uninstall-Module AzureRM.AzureStackAdmin -Force
Uninstall-Module AzureRM.AzureStackStorage -Force
Uninstall-Module -Name AzureStack -Force

Delete all the folders that start with Azure from the C:\Program Files\WindowsPowerShell\Modules and C:\Users\AzureStackAdmin\Documents\WindowsPowerShell\Modules folders. Deleting these folders removes any existing PowerShell modules.

4. Connected: Install PowerShell for Azure Stack with Internet connectivity

Azure Stack requires the 2017-03-09-profile API version profile, which is available by installing the AzureRM.Bootstrapper module. In addition to the AzureRM modules, you should also install the Azure Stack-specific PowerShell modules.

Run the following PowerShell script to install these modules on your development workstation:

Version 1.4.0 (Azure Stack 1804 or greater)

# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper

# Install and import the API Version Profile required by Azure Stack into the current PowerShell session.
Use-AzureRmProfile -Profile 2017-03-09-profile -Force

# Install Module Version 1.4.0 if Azure Stack is running 1804 at a minimum
Install-Module -Name AzureStack -RequiredVersion 1.4.0

Version 1.2.11 (before 1804)

# Install the AzureRM.Bootstrapper module. Select Yes when prompted to install NuGet
Install-Module -Name AzureRm.BootStrapper

# Install and import the API Version Profile required by Azure Stack into the current PowerShell session.
Use-AzureRmProfile -Profile 2017-03-09-profile -Force

# Install Module Version 1.2.11 if Azure Stack is running a lower version than 1804
Install-Module -Name AzureStack -RequiredVersion 1.2.11

Confirm the installation by running the following command:

Get-Module -ListAvailable | where-Object {$_.Name -like “Azs*”}

If the installation is successful, the AzureRM and AzureStack modules are displayed in the output.

All seems simple, right?

PowerShell script demonstration

The following video demonstrates the Set-AzureStackPS script, which is available to download via the following URL.

PowerShell for Azure Stack (102 downloads)


The Author – Blogabout.Cloud

Understanding the roles within Office 365 administration

Are you Office 365 Global Administrator? Do you understand the roles available within Office 365 Administrator for granting access?

The answer is probably no, as in my experience customers or Global Administrators don’t really understand the options that are available without Professor Google.

The below table lists all the available roles that are currently in action within Office 365. So whether you are a Helpdesk Admin or a dedicated Exchange Admin, Office 365 has the correct roles that fits your needs.

Global admin Global administrator

Accesses all administrative features in the Office 365 suite of services in your plan, including Skype for Business. By default the person who signs up to buy Office 365 becomes a global admin.

Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. As a best practice we recommend that only a few people in your company have this role. It reduces the risk to your business.

Tip: Make sure everyone who is a global admin in your organization has a mobile phone number and alternate email address in their contact info. Check out Change your organization’s address, technical contact email, and other information for more details.

Credit card Billing administrator Makes purchases, manages subscriptions, manages support tickets, and monitors service health.
Exchange OnlineExchange administrator Manages mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Office 365 admin center.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.

To learn more, see About the Exchange Online admin role.

SharePoint adminSharePoint administrator Manages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators and term store administrators.

Permissions assigned to SharePoint sites are completely separate from the Office 365 global admin role. You can be a global admin without access to a SharePoint site if you weren’t added to it or didn’t create the site.

People in this role can also can view all the activity reports in the Office 365 admin center.

To learn more, see About the SharePoint admin role.

Key, permissions Password administrator Resets passwords, manages support tickets, and monitors service health. Password admins are limited to resetting passwords for users.
Skype for Business OnlineSkype for Business administrator (Also includes Microsoft Teams) Configures Skype for Business/Microsoft Teams for your organization and can view all the activity reports in the Office 365 admin center.

To learn more, see About the Skype for Business admin role.

Headset Service administrator Opens support tickets with Microsoft, and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them.

Tip: People who are assigned to the Exchange Online, SharePoint Online, and Skype for Business admin roles should also be assigned to the Service admin role. This way they can see important information in the Office 365 admin center, such as the health of the service, and change and release notifications.

User User management administrator Resets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Office 365 groups. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance and Skype for Business admins.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.

Reporting reader admin Reports reader Can view all the activity reports in the Office 365 admin center and any reports exposed through the reporting APIs.
Security and Compliance center roles If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review.

To learn more about them, see Permissions in the Office 365 Security & Compliance Center.

Icon for Dynamics 365Dynamics 365 (online) When a person is assigned to the Office 365 global administrator role, they are automatically assigned to the System Administrator security role in Dynamics 365 (online).

A person assigned to the System Administrator security role in Dynamics 365 can assign other people to Dynamics 365 security roles. With the System Administrator security role, you can manage all aspects of Dynamics 365. For more information about Dynamics 365 security roles, check out Manage subscriptions, licenses, and user accounts.

Icon for Dynamics 365

Dynamics 365 service administrator

Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.

Check out Use the Dynamics 365 service admin role to manage your tenant to learn more.

Power BI administrator A person assigned to the Power BI admin role will have access to Office 365 Power BI usage metrics. They’ll also be able to control your organization’s usage of Power BI features. For more information about administering Power BI, see Administering Power BI in your organization.
Message Center reader

Monitors changes to the service and can view all posts to the Message center in Office 365 and share Message center posts with others through email. Users assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions

The above information has been taken from Microsoft and reposted for public awareness.

The Author

Granting permissions to users based on Group Membership with PowerShell


Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?

I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.

I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.

  • You have a basic understanding of PowerShell Scripting
  • You have modified all locations shown with ‘#########’ to your requirements

For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.

# Define Service Account
$username = '#########'
$password = '#########'
$pass = Convertto-Securestring -String $password -asPlaintext -Force
$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)

# Connect to Office 365
Import-Module MSOnline
Connect-MsolService -Credential $credential

# Connect to Skype for Business Online
Import-Module -Name SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession -Session $sfboSession -AllowClobber

# Get Group Members
Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

# Import Users
$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv

# Assign CsClientPolicy
Foreach ($row in $csv) {
If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})
Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'
Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"
get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt

You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.

# Get Group Members
Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes


The Author