All posts in Office 365

Office ProPlus ToolKit

Office ProPlus ToolKit

By Author on Leave a Comment

Installing Office 365 ProPlus can be a bit of a headache and also there are many different tricks/hacks which can be implemented to test out the latest channels.

The Office ProPlus ToolKit script is built with following options to help you test and deploy ProPlus in the most effective way. This script is built with the following menu options

1) Configure Monthly Channel –>
2) Configure Semi Annual (Targeted) Channel –>
3) Configure Semi Annual Channel –>
4) Configure Monthly (Targeted) Channel –>
5) Configure Insider (Unsupported) Channel –>
6) Check your Office 365 ProPlus Configuration –>

7) Download the Office Readiness Toolkit for Add-ins & VBS –>
8) Download Microsoft FixIT Removal Tool –>
9) Download Offscrub Files (Office 03,07,10, O15 & O16) –>
10) Download Office 2016/2019/ProPlus Group Policy Templates –>
11) Download Office Telemetry Requirements –>

15) Download Office Deployment Tool (Official) –>
16) Download Pre-Loaded Office 365 Configuration Files –>

20) Install Office 365 ProPlus –>
21) Install SQL Express –>
22) Install SQL Management Studio –>
23) Install Office Telemetry Dashboard –>

30) Build your own configuration.xml (config.office.com) –>
31) Install Office using your modified configuration.xml –>

This script has seen a number of updates recently which have been logged below

Download

Get-OfficeProPlusToolKit.ps1 (556 downloads)

Change Log

Version 1.1 – Features

  • Download Pro-Loaded Office 365 Configuration Files – This contains Office 365 ProPlus and Office 2019. This option supports menu 20 which calls the downloaded setup.exe and xml files.
  • Support for PowerShell Version 5 – This script using Version 5 to expand Zip archives which allows the script to call the contents. If Version 5 is not detected you will be prompted to extract the required files manually.

Reporting Issues

If you identity any issues within running the script please email theauthor@blogabout.cloud

Regards
The Author – Blogabout.Cloud

PowerShell – How to format your PowerShell output into a table using Format-Table

PowerShell – How to format your PowerShell output into a table using Format-Table

By Author on Leave a Comment

When working with PowerShell and using a (get-command | fl or format-list) you will receive a whole list of information which sometimes can be difficult to digest as shown below. In most cases normally you are only after one or two peices of key information

Get-SPOSite | Format-List

Using Format-List or LT you can specify the required information into something a bit more readable.

For example, I am currently working Get-SPOSite (SharePoint Online Sites) and I would like to know if any of the sites have sharing capabilities and site defined sharing capabilities. 

# Command
Get-SPOSite | Select-Object -Property URL,SharingCapability,SiteDefinedSharingCapability | ft
Get-SPOSite | Select-Object -Property URL,SharingCapability,SiteDefinedSharingCapability | ft

As you can see from the above image the output for the required fields is more readable to my needs. You can use this approach for many different scenarios and maybe within a technical script you are writing for a deployment or an action.


Regards

The Author – Blogabout.Cloud

Office365 and PowerShell DSC? Whats this all about

Office365 and PowerShell DSC? Whats this all about

By Author on Leave a Comment

Just come across an interesting blog post about Office365DSC Module and like a kid in the candy store. Just had to have it and start playing

The module has been created by a number of Microsoft Premier Field Engineers (PFE’s) and its very much in the earlier stages but supports the following.

  • O365Group: Office 365 Groups (Security, Distribution List, Mail enabled and Office 365)
  • O365User: Office 365 User and Licenses
  • SPOSite: SharePoint Online site collection

The blog is quite vague of information but the goal is to make the community aware that the effort is currently undergoing, and that if people want to contribute to it, that they are encouraged to report issues, comments/feedback or to fork and submit Pull Requests to help out with the code base.

https://GitHub.com/Microsoft/Office365DSC

To install the Early Preview, run the following line of Powershell

install-module – Name Office365DSC -AllowPrerelease

The Author – Blogabout.Cloud



Bulk Enable Exchange Online Archiving – PowerShell Script

Bulk Enable Exchange Online Archiving – PowerShell Script

By Author on Leave a Comment

This script enables the Online Archiving Mailbox for users in Exchange Online. The script will generate the log and error outputs by checking if the users exists in Exchange Online based on the information provided in the csv file.

The script needs to be run from the On-prem Exchange environment.

Example of script block, this demonstrates the actions taken within the script to check the csv file row by row and output if sucessful or not.

Foreach ($row in $csv)
{
if (get-remotemailbox -identity $row.mailboxemail)
{
get-remotemailbox -identity $row.mailboxemail | enable-remotemailbox -archive
Add-Content -Path $logfilepath -Value ('{0} SUCCESS: Mailbox {1} enabled for Archive' -f (Get-Date), $row.mailboxemail)
}
else {
$outputfiles |%{ Add-Content -Path $_ -Value ('{0} ERROR: Mailbox {1} not enabled for Archive {2}' -f (Get-Date), $row.mailboxemail, $_.exception.message)}
}
}

Example of csv file used; please note the heading mailboxemail is very important as the script checks for this heading.

To view if an Online archive has been activated in the Mailbox, run the following cmdlets.

It is very easy to enable Online Archiving and verify afterwards if it has been enabled.

Download this script

Enable-RemoteMailbox -Archive (64 downloads)

Regards

Author – Blogabout.Cloud

Office ProPlus Deployment Tool Developments 16.0.10810.33603

Office ProPlus Deployment Tool Developments 16.0.10810.33603

By Author on Leave a Comment

With Office Pro Plus being a subject and technology close to my heart, there have been a number of developments which I would like to point out.

Download and installation of Office 2019 products

At Microsoft Ignite is has been announced that Office 2019 is now available for commercial volume licensed (trusted) customers and then will be available to all customers, consumer and commercial over next far weeks.

Better logic using /Download switch

Microsoft have now built in better logic when using the download switch. The Office Deployment Tool will now only download the missing files when pointing to an existing source path.

AcceptEULA Issue

Microsoft identified an issue in the previous Office Deployment Tool where the AcceptEULA was not properly applied to all users when running as a system account. This will require product version 16.0.9126.2116 or higher, 2116 was released on 27th March 2018 into Monthly Channel.

ExcludeApp Issue

Microsoft identified an issue in the previous Office Deployment Tool where the ExcludeApp was not being honored during second install. This will require ODT product version 16.0.10225.36926 or higher

Existing ODT Version Level 16.0.10810.33603

Regards

The Author – Blogabout.Cloud

Big news in the world of the modern desktop: Office 2016 supported extended

Big news in the world of the modern desktop: Office 2016 supported extended

By Author on Leave a Comment

Microsoft announced in April 2017 that they be ceasing support for legacy Office clients into Office 365 services, however this stance has now changed based on customer feedback to Microsoft

  • Office 2013 and below will cease as expected on 13th October 2020
  • Office 2016 will now be extended until October 2023

 

With this announcement it also includes a number of changes to the supported operating system versions of Windows.

Office 365 ProPlus delivers cloud-connected and always up-to-date versions of the Office desktop apps. To support customers already on Office 365 ProPlus through their operating system transitions, we are updating the Windows system requirements for Office 365 ProPlus and revising some announcements that were made in February. We are pleased to announce the following updates to our Office 365 ProPlus system requirements:

  • Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end of support date for Windows 8.1.
  • Office 365 ProPlus will also continue to be supported on Windows Server 2016 until October 2025.
  • Office 365 Pro Plus will also continue to be supported on Windows 7 (ESU) Extended Security Updates through Janaury 2023. Windows 7 ESU will only be available for Windows 7 Pro/Enterprise customers with Volume Licensing.

Other big news is four changes Microsoft have also announced (Longer support windows for Windows 10):

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

Populate your Exchange Mailbox with dummy data before migrating to Exchange Online or Vice Versa

Populate your Exchange Mailbox with dummy data before migrating to Exchange Online or Vice Versa

By Author on Leave a Comment

Have you ever had a requirement where you need to populate an Exchange or Office 365 Mailbox with data? This is general a common ask when looking to migrate to/from Exchange Online and can be time consuming if your manually sending emails. The following script has been modified to provide an easy way of sending data using the Send-MailMessage PowerShell cmdlet and also capture better error logging.

I would like to thank Andreas Hähnel for his efforts in creating the original script.

This modified script using Try and Catch variables to ensure the specified File location contains documents which can be used and also provide Help on each parameter. Add-MailboxData.zip (128 downloads)

Add-MailboxData.zip (128 downloads)

Check out the video demonstration below

Configuring Pexip with Office 365 for Scheduling Meetings

Configuring Pexip with Office 365 for Scheduling Meetings

By Author on Leave a Comment

In this article we will look at steps required for configuring your Pexip deployment with Office 365 mailboxes for scheduling meetings. The following process will be step by step using Powershell to complete the configuration of Office 365 with Pexip and at the end of this article will be a complete powershell which will allow quick provisioning with prompts for information.

Please note: The follow steps have been taken from the Pexip website, I have used their article to create an easy to use PowerShell for O365/Exchange Deployments.

Connecting to Office 365



Set-ExecutionPolicy RemoteSigned

$Credential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri <a href="https://outlook.office365.com/powershell-liveid/">https://outlook.office365.com/powershell-liveid/</a> -Credential $Cred -Authentication Basic -AllowRedirection

Import-PSSession $Session

Import-Module MsOnline

Connect-MsolService -Credential $Credential

Creating the service account

The first command lets the administrator type in a password for the service account as a secure string. This password variable is then used in the second command to create a mailbox for the service account. The third command ensures the password of the service account will not expire. The final command terminates the remote session.

For example:



New-Mailbox -Name "Service Account" -MicrosoftOnlineServicesID pexip@pexip.no -Password $password -Alias pexip -FirstName Service -LastName Account -DisplayName "Service Account"



Set-MsolUser -UserPrincipalName pexip@pexip.no -PasswordNeverExpires $true

Configuring Application Impersonation on the service account

The service account must be configured with a Role of Application Impersonation. This allows the service account to impersonate all users who will be using VMR Scheduling for Exchange, and to impersonate the equipment resource that is to be used for the scheduling service.

To check if your service account has Application Impersonation already configured, use the PowerShell command:



Get-ManagementRoleAssignment -RoleAssignee "&lt;email_of_service_account&gt;" -Role ApplicationImpersonation | Format-List

Below is an example of the output of the command when the service account already has Application Impersonation configured:

If the service account does not have Application Impersonation configured, then the above command will not return anything at all. If this is the case, enable Application Impersonation as follows:



New-ManagementRoleAssignment -name:"&lt;role_name&gt;" -Role:ApplicationImpersonation -User:"&lt;email_of_service_account&gt;"

For example:



New-ManagementRoleAssignment -name:PexipSchedulingService -Role:ApplicationImpersonation -User:pexip@office365.com

This will enable the service account to impersonate all users in the organization.

Creating an equipment resource

The equipment resource will be added as a resource attendee to all VMR Scheduling for Exchange meetings. Users will see replies from this resource when it accepts or rejects a meeting request.

Each equipment resource can be used by only one Pexip Exchange Integration.

This command creates an equipment resource with the specified Name, Alias and Display Name. Name and Display Name should be the same, and will appear as the location of any meeting requests, and as a recipient. The Alias (also known as the mail nickname) will be used as the email address.



New-Mailbox -Equipment -Name "&lt;Equipment Name&gt;" -Alias "&lt;Equipment Alias&gt;" -DisplayName "&lt;Equipment Name&gt;"

For example:



New-Mailbox -Equipment -Name "Pexip Meeting" -Alias pexipmeeting -DisplayName "Pexip Meeting"

Configuring the equipment resource

You must configure the equipment resource to disable automatic processing for the equipment resource, so that the processing can be done by the scheduling service. You must also configure it to permit conflicts, because meetings may be scheduled at the same time by different users.

This configuration is done using the following PowerShell command:



Set-CalendarProcessing -Identity "&lt;email_of_equipment_resource&gt;" -AutomateProcessing None -AllowConflicts $true -BookingWindowInDays 1080 -MaximumDurationInMinutes 0 -AllowRecurringMeetings $true -EnforceSchedulingHorizon $false -ScheduleOnlyDuringWorkHours $false -ConflictPercentageAllowed 100 -MaximumConflictInstances 2147483647

To verify that the above command has configured everything correctly, use the PowerShell command:



Get-CalendarProcessing -Identity "&lt;email_of_equipment_resource&gt;" | Format-List

Viewing the equipment resource’s mailbox

There may be occasions, such as when troubleshooting, that you want to view the equipment resource’s mailbox or calendar. To do this, you first need to assign full access to the equipment resource’s mailbox to a delegate account, and then view the mailbox or calendar using the delegate account. (The delegate account could be the service account, or it could be, for example, an administrator’s account.)

 


	

	



	

		

				Understanding the roles within Office 365 administration
	
Understanding the roles within Office 365 administration
		

		

			By Author on Leave a Comment		

	

	

		
Are you Office 365 Global Administrator? Do you understand the roles available within Office 365 Administrator for granting access?


The answer is probably no, as in my experience customers or Global Administrators don’t really understand the options that are available without Professor Google.


The below table lists all the available roles that are currently in action within Office 365. So whether you are a Helpdesk Admin or a dedicated Exchange Admin, Office 365 has the correct roles that fits your needs.






Global admin Global administrator


Accesses all administrative features in the Office 365 suite of services in your plan, including Skype for Business. By default the person who signs up to buy Office 365 becomes a global admin.


Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. As a best practice we recommend that only a few people in your company have this role. It reduces the risk to your business.


Tip: Make sure everyone who is a global admin in your organization has a mobile phone number and alternate email address in their contact info. Check out Change your organization’s address, technical contact email, and other information for more details.





Credit card Billing administrator
Makes purchases, manages subscriptions, manages support tickets, and monitors service health.




Exchange OnlineExchange administrator
Manages mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Office 365 admin center.


Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.


To learn more, see About the Exchange Online admin role.





SharePoint adminSharePoint administrator
Manages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators and term store administrators.


Permissions assigned to SharePoint sites are completely separate from the Office 365 global admin role. You can be a global admin without access to a SharePoint site if you weren’t added to it or didn’t create the site.


People in this role can also can view all the activity reports in the Office 365 admin center.


To learn more, see About the SharePoint admin role.





Key, permissions Password administrator
Resets passwords, manages support tickets, and monitors service health. Password admins are limited to resetting passwords for users.




Skype for Business OnlineSkype for Business administrator (Also includes Microsoft Teams)
Configures Skype for Business/Microsoft Teams for your organization and can view all the activity reports in the Office 365 admin center.


To learn more, see About the Skype for Business admin role.





Headset Service administrator
Opens support tickets with Microsoft, and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them.


Tip: People who are assigned to the Exchange Online, SharePoint Online, and Skype for Business admin roles should also be assigned to the Service admin role. This way they can see important information in the Office 365 admin center, such as the health of the service, and change and release notifications.





User User management administrator
Resets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Office 365 groups. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance and Skype for Business admins.


Someone with BOTH the Exchange admin role and the user management role can create and manage Office 365 groups in the Office 365 admin center.





Reporting reader admin Reports reader
Can view all the activity reports in the Office 365 admin center and any reports exposed through the reporting APIs.




Security and Compliance center roles
If you have an Office 365 E3 or E5 business subscription, it includes security and compliance tools. In that case, you have access to these additional roles: Compliance administrator, eDiscovery Manager, Organization management, Reviewer, Security Administrator, Security Reader, Service Assurance User, Supervisory Review.


To learn more about them, see Permissions in the Office 365 Security & Compliance Center.





Icon for Dynamics 365Dynamics 365 (online)
When a person is assigned to the Office 365 global administrator role, they are automatically assigned to the System Administrator security role in Dynamics 365 (online).


A person assigned to the System Administrator security role in Dynamics 365 can assign other people to Dynamics 365 security roles. With the System Administrator security role, you can manage all aspects of Dynamics 365. For more information about Dynamics 365 security roles, check out Manage subscriptions, licenses, and user accounts.





Icon for Dynamics 365


Dynamics 365 service administrator

Use this new role to assign users to manage Dynamics 365 at the tenant level without having to assign the more powerful Office 365 global admin privileges. A Dynamics 365 service admin can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Office 365 global admin such as manage user accounts, manage subscriptions, access settings for Office 365 apps like Exchange or SharePoint.


Check out Use the Dynamics 365 service admin role to manage your tenant to learn more.





Power BI administrator
A person assigned to the Power BI admin role will have access to Office 365 Power BI usage metrics. They’ll also be able to control your organization’s usage of Power BI features. For more information about administering Power BI, see Administering Power BI in your organization.




Message Center reader


Monitors changes to the service and can view all posts to the Message center in Office 365 and share Message center posts with others through email. Users assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions








The above information has been taken from Microsoft and reposted for public awareness.


Regards,

The Author

	

	



	

		

				Granting permissions to users based on Group Membership with PowerShell
	
Granting permissions to users based on Group Membership with PowerShell
		

		

			By Author on Leave a Comment		

	

	

		
Hello,


Question: Have you ever had to perform a task for multiple users like granting a permission, policy or something else? and did you do it manually?


I can honestly say I have and it was so time consuming, especially when we have free tools available to use to perform theses actions within seconds/minutes instead of hours/days.


I have generated a script below which I have created to grant a Skype for Business Online policy to a number of users based on their Group Membership. Before you run this script the following assumputions will be made.


    

  • You have a basic understanding of PowerShell Scripting
    • 

  • You have modified all locations shown with ‘#########’ to your requirements
    • 



For the below script I have left in ‘IMOnly’ to show exactly what this script is designed to achieve. If a User doesnt have the IMOnly policy they will be granted the policy but if a User already has IMOnly granted. The script will skip the user and generate an output on screen plus to a definited .txt file before moving onto the next user.




clear-host

# Define Service Account

$username = '#########'

$password = '#########'

$pass = Convertto-Securestring -String $password -asPlaintext -Force

$credential = New-Object -TypeName System.Management.Automation.PScredential -ArgumentList ($username, $pass)



# Connect to Office 365

Import-Module MSOnline

Connect-MsolService -Credential $credential



# Connect to Skype for Business Online

Import-Module -Name SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $credential

Import-PSSession -Session $sfboSession -AllowClobber



# Get Group Members

Get-MsolGroupMember -GroupObjectId '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv



# Import Users

$csv = Import-Csv -Path $env:HOMEDRIVE\#########\#########.csv



# Assign CsClientPolicy

Foreach ($row in $csv) {

If(Get-CsOnlineUser -Identity $row.EmailAddress | Where-object {$_.ClientPolicy -notcontains 'IMOnly'})

{

Grant-CsClientPolicy -Identity $row.EmailAddress -PolicyName 'IMOnly'

}

else

{

Write-Host -ForegroundColor Yellow $row.EmailAddress "Skipped User"

get-csonlineuser -id $row.EmailAddress | Where-object {$_.ClientPolicy -contains 'IMOnly'} | select-object DisplayName,ClientPolicy | out-file -FilePath $env:HOMEDRIVE\INSTALL\groupuserenbled.txt

}

}





You can also complete this command for On-Premises users by modifying the script to use Get-ADGroupMember as shown below.




# Get Group Members

Get-ADGroupMember -Identity '#########' | export-csv -Path $env:HOMEDRIVE\INSTALL\#########.csv





This script can be modified to complete other provisioning based on Group Membership, just copy and paste into PowerShell ISE and make the necessary changes


Regards


The Author