Thursday, July 27, 2017

Getting Started with PowerShell for Administering Office 365

Why Use PowerShell for Administering Office 365?

PowerShell is a powerful and convenient tool for administering Office 365. There are a variety of reasons why you would use PowerShell, including:
  • Adding or editing a large number of records (e.g., users, list items, documents, etc...)
  • Sifting through a large amount of data using filters
  • Exporting data. A common scenario is keeping more than 90 days of audit log data. Audit logs are only kept for a rolling 90 days. One way to keep the data for a long period of time is to export it using PowerShell. For a detailed walkthrough of how to do that, see Paul Hunt's post here: Keeping Office 365 Audit data beyond 90 days with the Microsoft Graph
  • Sometimes PowerShell is the only option. For example, enabling or disabling Office 365 Group creation is done through PowerShell. Also, some government tenants (L4 and L5) do not have an Admin UI and configuration is only done through PowerShell.
This post is meant to be an introduction. It will help you get started with some PowerShell basics for Office 365.

Download The Appropriate Installation Files

First, download and install the Microsoft Services Sign-In Assistant For IT Professionals RTW

Next, download and install the Windows Azure Active Directory Module for PowerShell

There are several different PowerShell modules for the Office 365 workloads. Below are a couple more to download and install:

Connect to Azure Active Directory for Office 365

Open up the Azure Active Directory Module for Windows PowerShell in Administrator mode. To connect to Azure AD in Office 365, type this command:


Enter your username/password and click Enter. If no error comes back, then it connected successfully. Note: you are only connected to Azure AD in your Office 365 tenant. You are not connected to Exchange Online or SharePoint Online.

Get A List of Users and Assign Licenses

Run the following commands:

Set-MsolUser -UserPrincipalName "" -UsageLocation "US"
Set-MsolUserLicense -UserPrincipalName "" -AddLicenses "dough:ENTERPRISEPACK"

The Get-MsolUser command gets a list of all users in the tenant. You can filter the set of users returned to only include unlicensed users by adding the "-UnlicensedUsers" parameter

The Get-MsolAccountSku gets the Office 365 Tenant License SKU.

The Set-MsolUser command sets the user's location

The Set-MsolUserLicense assigns a license to the user.

Enable or Disable Office 365 Group Creation

Frequently, when companies first migrate to Office 365, they don't want users to be able to create their own least not initially. The following PowerShell scripts turn off the ability to create Office 365 groups for all users.

First, connect to Exchange Online. Exchange doesn't have a separate command module for PowerShell. So, open up the standard PowerShell Window in administrative mode and enter the follow commands:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session

Then, to turn off group creation for all users, run the following command

Set-OwaMailboxPolicy -Identity\OwaMailboxPolicy-Default -GroupCreationEnabled $false

Additional Resources

There are lots of additional resources to help you get started with PowerShell for Office 365:

No comments:

Post a Comment