Office 365 or Microsoft 365?
You may quickly note that many references to the PowerShell modules refer to Office 365 PowerShell commands. Microsoft is still using both terms in various locations, with Microsoft 365 being the newest branding of Microsoft’s Software-as-a-Service (SaaS) platform. However, for most purposes, using Office 365 PowerShell commands is synonymous with PowerShell for Microsoft 365. Therefore, throughout this post, we will use the terms interchangeably.Why use PowerShell for Microsoft 365?
Most Microsoft 365 or Office 365 administrators and helpdesk staff become proficient in using the Microsoft 365 admin center to manage and administer their Microsoft 365 environment. Utilizing the M365 admin center, you can take care of daily tasks that need to be accomplished. These tasks may include creating new M365 user accounts, troubleshooting passwords, managing licensing for users, and other user-specific administration. It may also include administering services such as Exchange Online, Teams, SharePoint Online, and other Microsoft Office 365 solutions found in the Microsoft 365 cloud SaaS solution. While you can manage your Microsoft 365 effectively using the Microsoft 365 admin center, it may not be the most efficient way to administer, especially when it comes to managing your Microsoft 365 environment at scale. Many administrators and junior administrators are familiar with GUI dashboards and “point and click” management interfaces. It is a great way to “get to know” a system and understand the management fundamentals. However, as you begin managing organizations at scale with hundreds or even thousands of users, the GUI-driven approach becomes very labor-intensive, slow, and inconsistent. Today’s organizations are shifting to automated DevOps processes, from provisioning workstations to cloud resources and even cloud SaaS environment management. The heart of DevOps automation is scripting languages. There are many automation frameworks and scripting languages that businesses today can choose from for automation. However, PowerShell stands out as a frontrunner in many areas. PowerShell has been around for quite some time, and many organizations have been heavily using PowerShell automation in on-premises environments for years now. In addition, PowerShell is a relatively straightforward scripting language to learn as it is very human-readable and consists of an intuitive verb-noun pairing for cmdlets used for scripting tasks. Starting with PowerShell 2.0 integrated into Windows 7 and Windows Server 2008 R2, PowerShell has been integrated with each subsequent Windows release. In the newest releases of Windows 10, PowerShell is now the default command-line environment. So, it is a highly mature platform that most administrators are very familiar with now. Additionally, there are many PowerShell learning and other community-supported resources available.
Windows PowerShell environment in Windows 10
There are some things you can only do with PowerShell for M365
Microsoft quickly mentions that PowerShell for Microsoft 365 does not replace the admin center, the default management tool for Microsoft 365. Instead, in most cases, PowerShell for Microsoft 365 is a complimentary administrative tool used to perform bulk operations, consistent processes, and efficiently view/export information. However, there is a critical reason admins need to use PowerShell for Microsoft 365. Admins can only perform some configuration tasks using PowerShell for Microsoft 365. What are some of these unique PowerShell capabilities for Microsoft 365?-
- PowerShell for Microsoft 365 can reveal information that you can’t see with the Microsoft 365 admin center
-
-
- PowerShell allows seeing low-level configurations and other data that you can’t see using the admin center
-
-
-
- Microsoft provides the example of Microsoft 365 licensing (and the Microsoft 365 features available to a user) depending on the user’s geographic location. With PowerShell for Microsoft 365, you can display this information for all of your users by using the command: Get-AzureADUser | Select DisplayName, UsageLocation
-
-
- It has features that you can only configure with PowerShell for Microsoft 365
-
-
- As with many technologies, the deeper-level configurations are only exposed using the command-line
-
-
-
- As an example, Skype for Business Online, you can change the following with PowerShell for Microsoft 365 and not from the admin center:
-
-
-
-
- Anonymous users to gain automatic entrance to each meeting
-
-
-
-
-
- Attendees to record the meeting
-
-
-
-
-
- All users from your organization to be designated as presenters when they join the meeting
-
-
-
-
-
-
- Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $False -AllowConferenceRecording $False -DesignateAsPresenter “None”
-
-
-
-
- PowerShell for Microsoft 365 is an excellent tool for bulk operations
-
- It allows easy data filtering
PowerShell for Microsoft 365 is an excellent tool for bulk operations
We touched on this earlier. However, PowerShell is great for bulk and automated operations. For example, when you have one task that needs to be performed on a Microsoft 365 object or service, logging into the admin center and completing the task manually through the GUI works well. A case in point would be changing the password for a single user in Microsoft 365. However, what if hundreds or thousands of users need to have an attribute updated on their account? It might take hours, if not days, to go through the accounts manually and set the attribute. However, these types of tasks are well-suited for PowerShell for Microsoft 365 and may only take minutes to complete with a PowerShell script. Additionally, once a PowerShell script is written, it can be reused repeatedly for the same types of processes in the future, saving even more time and administrative effort. Bulk operations may also involve many separate processes and tasks that need to be performed in a certain order or in a certain way. PowerShell allows capturing these processes in code to be repeated exactly the same way in the future. Using PowerShell scripting in Microsoft 365 and Office 365 workflows facilitates a DevOps operational model. Code can be versioned, and changes can be documented as these are checked into the version control system. All the DevOps advantages come into play in this model, such as peer code reviews, change control, and other necessary requirements.Data filtering with PowerShell with Microsoft 365
GUI management tools are usually not the best at filtering data. Filtering means you are searching on a subset of data based on the criteria specified. If the GUI tool is not explicitly written to display the data how you want to see it, you are out of luck. However, this is where the robust power of PowerShell for Microsoft 365 comes into play. With the filtering capabilities of PowerShell for Microsoft 365, IT admins can pull various data from the Microsoft 365 environment as they need to see it. For example, note the following PowerShell for Microsoft 365 script that pulls Exchange Online users living in specific cities.- Get-User | Where {$_.RecipientTypeDetails -eq “UserMailbox” -and ($_.City -eq “New York” -or $_.City -eq “San Francisco”)} | Select DisplayName, City
How to connect to PowerShell for Microsoft 365
Now that we have explored the benefits and reasons for using PowerShell for Microsoft 365 let’s get down to how we use it. To begin using Powershell for Microsoft 365, you have to do two things:-
- Install the required PowerShell for Microsoft 365 modules – these provide the cmdlets, providers, functions, etc. needed to communicate with the cloud SaaS technologies
-
- Connect your PowerShell installation to Microsoft 365 – After installing the modules, you need to connect to the cloud SaaS environment and authenticate accordingly.
Install the required PowerShell for Microsoft 365 modules
As mentioned earlier, PowerShell for Microsoft 365 is a collection of PowerShell modules that allow interacting with the various cloud services found in Microsoft 365. For this, you need to install the required modules. First, let’s look at installing the following primary modules that allow administering and managing your Microsoft 365 environment. The primary modules required for interacting with the core Microsoft 365 services include:-
- Exchange Online
-
- SharePoint Online
-
- Skype for Business Online
-
- Teams
AzureAD PowerShell module
To install the AzureAD PowerShell module, run the following cmdlet:-
- Install-Module -Name AzureAD
Installing the AzureAD PowerShell module
Installing Exchange Online PowerShell Module
To install the Exchange Online Powershell module, run the following cmdlet:-
- Install-Module -Name ExchangeOnlineManagement
Installing the ExchangeOnlineManagement PowerShell module
Installing SharePoint Online PowerShell Module
To install the SharePoint Online PowerShell module, run the following cmdlet:-
- Install-Module Microsoft.Online.SharePoint.PowerShell
Installing the SharePoint Online PowerShell module
Installing Skype for Business and Teams PowerShell Module
The Skype for Business and Teams PowerShell module is a single module installed using:-
- Install-Module -Name MicrosoftTeams
Installing the Microsoft Teams PowerShell module
Connect your PowerShell installation to Microsoft 365
Once you have installed the AzureAD PowerShell module, you need to import it into your PowerShell environment and then connect your PowerShell for Microsoft 365 using your Microsoft 365 account. Use the following commands to import the module and begin connecting to your Microsoft 365 environment. The cmdlets include:-
- Import-Module AzureAD
-
- Connect-AzureAD
Import the AzureAD PowerShell module
Enter your Microsoft 365 credentials
Successfully connected to the Azure AD environment
A note about Windows PowerShell vs. PowerShell Core
If you are not aware, Microsoft has produced and currently supports two PowerShell versions – Windows PowerShell and PowerShell Core. Windows PowerShell is the version of PowerShell that has been around for years now and is embedded in the Windows operating system. PowerShell Core is the new version of PowerShell based on .NET Core and is a standalone PowerShell install that is installed using an installation package. Even Windows 11 or Windows Server 2022 do not have PowerShell Core installed by default. It is worth noting the difference as it can cause you to perform unnecessary troubleshooting when connecting to your Microsoft 365 environment if you use one or the other PowerShell environment and don’t use the correct modules. As an example, the AzureAd module is not supported in PowerShell Core. Instead, the AzureAz module is the supported module for interacting with your Azure AD environment in PowerShell Core. Below is the PowerShell one-liner to install the Azure AD module in PowerShell Core. As you can see, it is different from using the Windows PowerShell install-module process.
Installing the Az Module in PowerShell Core
Connecting multiple PowerShell for Microsoft 365 services in a single window
As mentioned earlier, many organizations will be managing and administering multiple services with Microsoft 365, including:-
- Azure Active Directory (Azure AD)
-
- Exchange Online
-
- SharePoint Online
-
- Skype for Business Online
-
- Teams
- Teams
Connecting multiple PowerShell for Microsoft 365 services with MFA enabled
If you have multi-factor authentication (MFA) enabled on your Microsoft 365 accounts (and you should!), the code block is slightly different for combining all services in a single Microsoft 365 window. As you notice below, we aren’t storing the credential in a variable. $orgName = “mybusiness.onmicrosoft.com” $acctName=”admin@mybusiness.onmicrosoft.com” #Azure Active Directory Connect-AzureAD #SharePoint Online Connect-SPOService -Url https://$orgName-admin.sharepoint.com #Exchange Online Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $acctName -ShowProgress $true #Security & Compliance Center Connect-IPPSSession -UserPrincipalName $acctName #Teams and Skype for Business Online Import-Module MicrosoftTeams Connect-MicrosoftTeams When you connect using this code block, you will see the popup asking you to sign in, and then it will push the one-time password to your mobile device. After receiving the one-time passcode, you will enter the code to finish authenticating.
MFA-enabled PowerShell for Microsoft 365
Is Azure Cloud Shell an option for Office 365 PowerShell?
Microsoft is constantly working on improving the management tools available to admins managing Microsoft 365. Now, Microsoft 365 has a built-in way to access PowerShell “in the cloud” right from your Microsoft 365 admin center. Admins can access the cloud version of PowerShell for Microsoft by logging into the admin center and clicking the terminal icon in the upper right-hand corner of the screen..
Accessing cloud shell from your Microsoft 365 environment
Select PowerShell in the Azure Cloud Shell prompt
What are common tasks well-suited for PowerShell for Microsoft 365?
PowerShell has been described as a “Swiss army knife” tool that can do many different things. The same is true in the realm of Microsoft 365. PowerShell for Microsoft 365 is a robust and powerful scripting language that allows administrators to streamline bulk processes, filter data, and automate workflows. Let’s look at the following PowerShell for Microsoft 365 cmdlets and see how they allow completing common tasks. These are just a few of the common tasks, among many others, that can be accomplished with PowerShell for Microsoft Office 365.- Get a list of Microsoft 365 AzureAD module commands
- List Microsoft Azure AD users
- List Microsoft Azure AD groups
- List Exchange Online Mailboxes
- Change a user password in Microsoft 365
- Add a new Azure AD user
- Add a new Azure AD group
- Get subscription details
1. Get a list of Microsoft 365 AzureAD module commands
With the above walkthrough, we have the AzureAD module installed. However, how do we know what commands are possible with the Azure AD module? Use the following:-
- Get-Command -module AzureAD
Listing out commands included with the AzureAD module
2. List Microsoft 365 Azure AD users
What if you want to list out your Azure AD users? You can do that easily with the following one-liner:-
- Get-AzureADUser | Select DisplayName, City, Department, ObjectID
Listing Azure AD users
3. List Microsoft Azure AD groups
Use the following command to list out the Azure AD groups:-
- Get-AzureADGroup
Listing out Azure AD groups
4. List Exchange Online Mailboxes
What if you want to know the users with Exchange Mailboxes configured? Using the Exchange Online Management PowerShell module, we can query specific mailbox information.-
- Get-EXOMailbox | select UserPrincipalName, DisplayName
Viewing Exchange Online Mailboxes
5. Change a Microsoft 365 user password
Changing a password is one of the most basic tasks of an administrator. Using PowerShell for Microsoft 365, you can easily change a user’s password from the command line.-
- Set-AzureADUserPassword -objectID <object ID>
Change a Microsoft 365 user password
6. Add a new Azure AD user
Below is a PowerShell template that will allow adding a new Azure AD user. This can be used to fill in data from other sources to the Powershell template and loop through creating new users, using variables in the appropriate placeholders. $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = “<Password>” New-AzureADUser -DisplayName “New User” -PasswordProfile $PasswordProfile -UserPrincipalName “NewUser@contoso.com” -AccountEnabled $true -MailNickName “Newuser”7. Add a new Azure AD Group
Adding groups in Azure AD using PowerShell is equally easy. For example, you can use the below as a template for creating a new Azure AD group.-
- New-AzureADGroup -DisplayName “My new group” -MailEnabled $false -SecurityEnabled $true -MailNickName “NotSet”
8. Get subscription details
Having visibility to subscription details for your Microsoft 365 is extremely important. PowerShell for Microsoft 365 allows seeing this type of information quickly and easily. For a summary of the information about your current licensing plans and available licenses, use the following-
- Get-AzureADSubscribedSku | Select -Property Sku*,ConsumedUnits -ExpandProperty PrepaidUnits
Summary of licensing information
-
- Get-AzureADSubscribedSku | Select SkuPartNumber
View Microsoft 365 services details for license plans
Debugging PowerShell code
Many may wonder how you get started debugging PowerShell code, especially if you are new to working with PowerShell with Microsoft 365. One of the best ways to get started debugging PowerShell code is using a good Integrated Development Environment (IDE). Arguably one of the best IDEs out there for PowerShell is free – Visual Studio Code. Visual Studio Code (VS Code) is one of the easiest and most fully-featured IDEs available that provides robust features for PowerShell coding and many other languages. VS Code works off plugins installed to allow the platform to “understand” the language in which you are coding. It features IntelliSense, tab completion, syntax highlighting, and many other powerful features when you are writing your PowerShell code for scripting or other purposes. It also features seamless integration with Git workflows, which allows easy integration with your existing version control system, a great feature (some would argue a requirement) for modern DevOps practices.
Using VS Code for PowerShell debugging
Tab completion and intellisense in VS Code