Category Archives: Office 365

Bulk Enable Exchange Online Archiving – PowerShell Script

This script enables the Online Archiving Mailbox for users in Exchange Online. The script will generate the log and error outputs by checking if the users exists in Exchange Online based on the information provided in the csv file.

The script needs to be run from the On-prem Exchange environment.

Example of script block, this demonstrates the actions taken within the script to check the csv file row by row and output if sucessful or not.

Foreach ($row in $csv)
{
if (get-remotemailbox -identity $row.mailboxemail)
{
get-remotemailbox -identity $row.mailboxemail | enable-remotemailbox -archive
Add-Content -Path $logfilepath -Value ('{0} SUCCESS: Mailbox {1} enabled for Archive' -f (Get-Date), $row.mailboxemail)
}
else {
$outputfiles |%{ Add-Content -Path $_ -Value ('{0} ERROR: Mailbox {1} not enabled for Archive {2}' -f (Get-Date), $row.mailboxemail, $_.exception.message)}
}
}

Example of csv file used; please note the heading mailboxemail is very important as the script checks for this heading.

To view if an Online archive has been activated in the Mailbox, run the following cmdlets.

It is very easy to enable Online Archiving and verify afterwards if it has been enabled.

Download this script

Enable-RemoteMailbox -Archive (39 downloads)

Regards

Author – Blogabout.Cloud

Office ProPlus Deployment Tool Developments 16.0.10810.33603

With Office Pro Plus being a subject and technology close to my heart, there have been a number of developments which I would like to point out.

Download and installation of Office 2019 products

At Microsoft Ignite is has been announced that Office 2019 is now available for commercial volume licensed (trusted) customers and then will be available to all customers, consumer and commercial over next far weeks.

Better logic using /Download switch

Microsoft have now built in better logic when using the download switch. The Office Deployment Tool will now only download the missing files when pointing to an existing source path.

AcceptEULA Issue

Microsoft identified an issue in the previous Office Deployment Tool where the AcceptEULA was not properly applied to all users when running as a system account. This will require product version 16.0.9126.2116 or higher, 2116 was released on 27th March 2018 into Monthly Channel.

ExcludeApp Issue

Microsoft identified an issue in the previous Office Deployment Tool where the ExcludeApp was not being honored during second install. This will require ODT product version 16.0.10225.36926 or higher

Existing ODT Version Level 16.0.10810.33603

Regards

The Author – Blogabout.Cloud

Big news in the world of the modern desktop: Office 2016 supported extended

Microsoft announced in April 2017 that they be ceasing support for legacy Office clients into Office 365 services, however this stance has now changed based on customer feedback to Microsoft

  • Office 2013 and below will cease as expected on 13th October 2020
  • Office 2016 will now be extended until October 2023

 

With this announcement it also includes a number of changes to the supported operating system versions of Windows.

Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To support customers already on Office 365 ProPlus through their operating system transitions, we are updating the Windows system requirements for Office 365 ProPlus and revising some announcements that were made in February. We are pleased to announce the following updates to our Office 365 ProPlus system requirements:

  • Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end of support date for Windows 8.1.
  • Office 365 ProPlus will also continue to be supported on Windows Server 2016 until October 2025.
  • Office 365 Pro Plus will also continue to be supported on Windows 7 (ESU) Extended Security Updates through Janaury 2023. Windows 7 ESU will only be available for Windows 7 Pro/Enterprise customers with Volume Licensing.

Other big news is four changes Microsoft have also announced (Longer support windows for Windows 10):

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

Populate your Exchange Mailbox with dummy data before migrating to Exchange Online or Vice Versa

Have you ever had a requirement where you need to populate an Exchange or Office 365 Mailbox with data? This is general a common ask when looking to migrate to/from Exchange Online and can be time consuming if your manually sending emails. The following script has been modified to provide an easy way of sending data using the Send-MailMessage PowerShell cmdlet and also capture better error logging.

I would like to thank Andreas Hähnel for his efforts in creating the original script.

This modified script using Try and Catch variables to ensure the specified File location contains documents which can be used and also provide Help on each parameter. Add-MailboxData.zip (113 downloads)

Add-MailboxData.zip (113 downloads)

Check out the video demonstration below

Understanding the roles within Office 365 administration

Are you Office 365 Global Administrator? Do you understand the roles available within Office 365 Administrator for granting access?

The answer is probably no, as in my experience customers or Global Administrators don’t really understand the options that are available without Professor Google.

The below table lists all the available roles that are currently in action within Office 365. So whether you are a Helpdesk Admin or a dedicated Exchange Admin, Office 365 has the correct roles that fits your needs.

Global admin Global administrator

Accesses all administrative features in the Office 365 suite of services in your plan, including Skype for Business. By default the person who signs up to buy Office 365 becomes a global admin.

Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. As a best practice we recommend that only a few people in your company have this role. It reduces the risk to your business.

Tip: Make sure everyone who is a global admin in your organization has a mobile phone number and alternate email address in their contact info. Check out Change your organization’s address, technical contact email, and other information for more details.

Credit card Billing administrator Makes purchases, manages subscriptions, manages support tickets, and monitors service health.
Exchange OnlineExchange administrator Manages mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Office 365 admin center.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.

To learn more, see About the Exchange Online admin role.

SharePoint adminSharePoint administrator Manages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators and term store administrators.

Permissions assigned to SharePoint sites are completely separate from the Office 365 global admin role. You can be a global admin without access to a SharePoint site if you weren’t added to it or didn’t create the site.

People in this role can also can view all the activity reports in the Office 365 admin center.

To learn more, see About the SharePoint admin role.

Key, permissions Password administrator Resets passwords, manages support tickets, and monitors service health. Password admins are limited to resetting passwords for users.
Skype for Business OnlineSkype for Business administrator (Also includes Microsoft Teams) Configures Skype for Business/Microsoft Teams for your organization and can view all the activity reports in the Office 365 admin center.

To learn more, see About the Skype for Business admin role.

Headset Service administrator Opens support tickets with Microsoft, and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them.

Tip: People who are assigned to the Exchange Online, SharePoint Online, and Skype for Business admin roles should also be assigned to the Service admin role. This way they can see important information in the Office 365 admin center, such as the health of the service, and change and release notifications.

User User management administrator Resets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Office 365 groups. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance and Skype for Business admins.

Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.

Reporting reader admin Reports reader Can view all the activity reports in the Office 365 admin center and any reports exposed through the reporting APIs.
Security and Compliance center roles If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review.

To learn more about them, see Permissions in the Office 365 Security & Compliance Center.

Icon for Dynamics 365Dynamics 365 (online) When a person is assigned to the Office 365 global administrator role, they are automatically assigned to the System Administrator security role in Dynamics 365 (online).

A person assigned to the System Administrator security role in Dynamics 365 can assign other people to Dynamics 365 security roles. With the System Administrator security role, you can manage all aspects of Dynamics 365. For more information about Dynamics 365 security roles, check out Manage subscriptions, licenses, and user accounts.

Icon for Dynamics 365

Dynamics 365 service administrator

Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.

Check out Use the Dynamics 365 service admin role to manage your tenant to learn more.

Power BI administrator A person assigned to the Power BI admin role will have access to Office 365 Power BI usage metrics. They’ll also be able to control your organization’s usage of Power BI features. For more information about administering Power BI, see Administering Power BI in your organization.
Message Center reader

Monitors changes to the service and can view all posts to the Message center in Office 365 and share Message center posts with others through email. Users assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions

The above information has been taken from Microsoft and reposted for public awareness.

Regards,
The Author

Granting permissions to users based on Group Membership with PowerShell

Hello,

Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?

I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.

I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.

  • You have a basic understanding of PowerShell Scripting
  • You have modified all locations shown with ‘#########’ to your requirements

For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.


clear-host
# Define Service Account
$username = '#########'
$password = '#########'
$pass = Convertto-Securestring -String $password -asPlaintext -Force
$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)

# Connect to Office 365
Import-Module MSOnline
Connect-MsolService -Credential $credential

# Connect to Skype for Business Online
Import-Module -Name SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession -Session $sfboSession -AllowClobber

# Get Group Members
Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

# Import Users
$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv

# Assign CsClientPolicy
Foreach ($row in $csv) {
If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})
{
Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'
}
else
{
Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"
get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt
}
}

You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.


# Get Group Members
Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv

This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes

Regards

The Author