PowerShell
Scripting - the new way
Hi All,
A few hours ago, Microsoft has released the Microsoft.Online.SharePoint.PowerShell 16.0.22615.12000 PowerShell Module
Microsoft.Online.SharePoint.PowerShell 16.0.23311.12000
https://www.powershellgallery.com/packages/Microsoft.Online.SharePoint.PowerShell/16.0.23311.12000
Check the installed Version and what is available from the PowerShell Gallery
Get-InstalledModule Microsoft.Online.SharePoint.PowerShell
Find-Module Microsoft.Online.SharePoint.PowerShell
Uninstall the old Version and install the new Version of the Module
Uninstall-Module Microsoft.Online.SharePoint.PowerShell
Install-Module Microsoft.Online.SharePoint.PowerShell
Get-InstalledModule Microsoft.Online.SharePoint.PowerShell
List the Commands of the Module
Get-Command -Module Microsoft.Online.SharePoint.PowerShell
Connect to Sharepoint Online
Connect-SPOService -Url https://icewolfch-admin.sharepoint.com
Get some Settings
Get-SPOTenant | fl
Regards
Andres Bohren
Hi All,
I recently had a case where i needed to access the AzureAD Signin Logs with PowerShell.
I've started at the Azure AD Signin Logs and filtered by UPN
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/SignIns
Next step was Graph Explorer where i found the needed Permissions
###############################################################################
# Graph Explorer
###############################################################################
#Go to https://aka.ms/ge
https://graph.microsoft.com/v1.0/auditLogs/signIns
https://graph.microsoft.com/v1.0/auditLogs/signIns?&$filter=startsWith(userPrincipalName,'a.bohren@icewolf.ch')
Let's connect with these Permissions (they need Admin Consent and i already have that)
#Import-Module and Connect to Microsoft Graph
Import-Module Microsoft.Graph.Reports
Connect-MgGraph -Scope AuditLog.Read.All,Directory.Read.All
By default you only get 1000 Rows
#Get Signins
$Signins = Get-MgAuditLogSignIn
$Signins.Count
Let's check the Details of one Record
#Show Details of one Record
$Signins[0] | fl
Do we have SignIns where RiskState is set?
#List RiskState
$Signins | where {$_.RiskState -ne "none"}
By using a Filter...
Hi All,
Microsoft has released another Version of theyr MSIdentityTools PowerShell Module to the Powershell Gallery.
MSIdentityTools 2.0.36
https://www.powershellgallery.com/packages/MSIdentityTools/2.0.36
Check what Version of the Module is installed and what's available in the PowerShell Gallery
Get-InstalledModule MSIdentityTools
Find-Module MSIdentityTools
Uninstall the old version of the PowerShell Module and install the newest one
Uninstall-Module MSIdentityTools
Install-Module MSIdentityTools
Get-InstalledModule MSIdentityTools
To see what commands are available use the following command
Get-Command -Module MSIdentityTools
To get the Signin URL you can use the following Command
Get-MsIdAuthorityUri -TenantId icewolfch.onmicrosoft.com
To get the OpenIDConnect Configuration you can use this Command
Get-MsIdAuthorityUri -TenantId icewolfch.onmicrosoft.com | Get-MsIdOpenIdProviderConfiguration
Regards
Andres Bohren
Hi All,
Somehow i missed, that the AZ PowerShell Module 9.3.0 has already been released a Week ago.
Az 9.3.0
https://www.powershellgallery.com/packages/AZ/9.3.0
Azure PowerShell release notes
https://learn.microsoft.com/en-us/powershell/azure/release-notes-azureps?view=azps-9.3.0
Show Installed AZ Module and what's available in the PowerShell Gallery
Get-InstalledModule AZ
Find-Module AZ
To uninstall all the old Modules and install the new Modules i have written a PowerShell Script that is published at my GitHub Repo.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/Azure/Cleanup-AZModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
The AZ Module is just a Wrapper Module for all AZ* Modules
Get-InstalledModule AZ*
Regards
Andres Bohren
Hi All,
Just a few Days ago, Microsoft has released Microsoft.Graph PowerShell Module 1.20.0.
Microsoft.Graph 1.20.0
https://www.powershellgallery.com/packages/Microsoft.Graph/1.20.0
Release Notes
https://github.com/microsoftgraph/msgraph-sdk-powershell/releases
Let's check the installed Version and what's available on the PowerShell Gallery
Get-InstalledModule Microsoft.Graph
Find-Module Microsoft.Graph
To install the newest Version of the PowerShell Modules and also uninstalling the old Versions, you can use my GitHub Script. It takes a while until all Modules are installed. Wait until "Cleanup finished" is shown.
#Run Script directly from GitHub
$ScriptFromGitHub = Invoke-WebRequest "https://raw.githubusercontent.com/BohrenAn/GitHub_PowerShellScripts/main/ExchangeOnline/GraphAPI/Cleanup-GraphModules.ps1"
Invoke-Expression $($ScriptFromGitHub.Content)
To list the Modules you can use the following Command
Get-Module Microsoft.Graph* -ListAvailable
Regards
Andres Bohren
Hi All,
Microsoft has released another Version of theyr MSIdentityTools PowerShell Module to the Powershell Gallery.
MSIdentityTools 2.0.33
https://www.powershellgallery.com/packages/MSIdentityTools/2.0.33
Check what Version of the Module is installed and what's available in the PowerShell Gallery
Get-InstalledModule MSIdentityTools
Find-Module MSIdentityTools
Uninstall the old version of the PowerShell Module and install the newest one
Uninstall-Module MSIdentityTools
Install-Module MSIdentityTools
Get-InstalledModule MSIdentityTools
To see what commands are available use the following command
Get-Command -Module MSIdentityTools
Regards
Andres Bohren
Hi All,
Just a few hours ago, Microsoft has released the ExchangeOnlineManagement PowerShell Module 3.1.0 as GA.
ExchangeOnlineManagement 3.1.0
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0
What is new in this release:
v3.1.0 :
1. Support for providing an Access Token with Connect-ExchangeOnline.
2. Bug fixes in Connect-ExchangeOnline and Get-ConnectionInformation.
3. Bug fix in Connect-IPPSSession for connecting to Security and Compliance PowerShell using Certificate Thumbprint.
Check what Version is installed and what's available from the PowerShell Gallery
Get-InstalledModule ExchangeOnlineManagement
Find-Module ExchangeOnlineManagement
Uninstall the old Module and install the GA Module
Uninstall-Module ExchangeOnlineManagement -Force
Install-Module ExchangeOnlineManagement
Get-InstalledModule ExchangeOnlineManagement
Let's test it
Connect-ExchangeOnline
Get-ConnetionInformation
Get-Mailbox -Identity <Mailbox>
Works so far. I will use now this Version in my Daily work and we will see how...
Hi All,
Do you know the Certification Authority Authorization (CAA) DNS Records?
With these Records you can control what CA can issue Certificates for your domain.
DNS Certification Authority Authorization
https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization
CAA implementation mandatory for all certificate authorities by September 2017.
RFC 8659 DNS Certification Authority Authorization (CAA) Resource Record
https://www.rfc-editor.org/rfc/rfc8659
That Record means no CA is allowed to issue Certificates and Wildcard Certifcates for that Domain
domain.tld. IN CAA 0 issue ";"
domain.tld. IN CAA 0 issuewild ";"
Only the specified CA can Issue Certificates and Wildcard Certifcates for that Domain
domain.tld. IN CAA 0 issue "ca.domain.tld"
domain.tld. IN CAA 0 issuewild "ca.domain.tld"
To indicate that certificate authorities should report invalid certificate...
Hi All,
I've performed a lot of Exchange Online Migrations this Year.
After the Mailbox was migrated i did run a Post Migration Script to set some Setting on the Mailbox like:
Set-MailboxRegionalConfiguration -Identity $UPN -TimeZone "W. Europe Standard Time" -DateFormat "dd.MM.yyyy" -TimeFormat "HH:mm" -Language "de-CH" -ErrorAction Stop
Set-MailboxCalendarConfiguration -Identity $UPN -WeekStartDay Monday -WorkDays Weekdays -WorkingHoursStartTime 08:00:00 -WorkingHoursEndTime 17:00:00 -WorkingHoursTimeZone "W. Europe Standard Time" -ShowWeekNumbers $True -ErrorAction Stop
In some cases there where this Error: "WorkHoursVersion1 is null"
While googling i found the Fix for that in my own Blog :)
How to fix "WorkHoursVersion1 is NULL"
https://blog.icewolf.ch/archive/2016/01/20/how-to-fix-workhoursversion1-is-null.aspx
Sadly i don't have any Screenhot. This one is an old...
Hi All,
I write this Blog Article in Addition to the Exchange Online POP and IMAP OAUTH 2.0 Client Credentials Flow
https://blog.icewolf.ch/archive/2022/12/17/exchange-online-pop-and-imap-oauth-2-0-client-credentials.aspx
I tried out other ways of testing
First we need to get the Access Token
###############################################################################
# Get Access Token with MSAL
###############################################################################
Import-Module MSAL.PS
$AppID = "3bf0cf36-87bf-47a9-927b-0ef9df7cf146"
$TenantID = "icewolfch.onmicrosoft.com"
$ClientSecret = ConvertTo-SecureString "YourClientSecret" -AsPlainText -Force
$Scope = "https://outlook.office.com/.default"
Clear-MsalTokenCache
$Token = Get-MSALToken -ClientId $AppID -ClientSecret $ClientSecret -TenantId $TenantID -Scope $Scope
$AccessToken = $Token.AccessToken
You can decode your Access Token with https://jwt.ms/
Make sure you se the Roles POP.AccessAsApp or IMAP.AccessAsApp
Or use the JWTDetails Module and the command
Get-JWTDetails -token $AccessToken
It is explained that you need to use Base64 Encoding with Username and...
Full PowerShell Archive