Office 365 groups:

Blog: https://www.avepoint.com/blog/office-365/top-office-365-groups-questions-answered/

Manage Office 365 groups with PowerShell:

https://support.office.com/en-us/article/manage-office-365-groups-with-powershell-aeb669aa-1770-4537-9de2-a82ac11b0540

Allow/Block guest access to Office 365 groups:

https://technet.microsoft.com/en-us/library/mt842200%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

Office 365 groups naming policies: (I know how to use PowerShell to apply naming convention for new and current groups and blacklisting words in group names!)

https://support.office.com/en-us/article/office-365-groups-naming-policy-6ceca4d3-cad1-4532-9f0f-d469dfbbb552

https://support.office.com/en-us/article/manage-office-365-groups-with-powershell-aeb669aa-1770-4537-9de2-a82ac11b0540?ui=en-US&rs=en-US&ad=US

https://www.petri.com/office-365-groups-naming-policy

How to restrict who can create Office 365 groups:

https://support.office.com/en-us/article/Manage-who-can-create-Office-365-Groups-4c46c8cb-17d0-44b5-9776-005fced8e618?ui=en-US&rs=en-US&ad=US

Connect to AzureAD:

Check installed module:
Get-InstalledModule -Name “AzureAD*”
To uninstall a previous version of AzureADPreview or AzureAD, run this command:
Uninstall-Module AzureADPreview
or
Uninstall-Module AzureAD

To install the latest version of AzureADPreview, run this command:   Install-Module AzureADPreview -force

At the message about an untrusted repository, type Y. It will take a minute or so for the new module to install.

Then Connect-azureAD

Office 365 groups governance guidance:

I am in favour of the self-service of the end users. This kind of freedom helps to improve the collaboration and the adoption. But It’s true that a bad use of this self-sevice, can be a nightmare in terms of governance. Here some ideas or highlights to balance the user needs and IT management :

Questions to be addressed before the real production phase:

  • Do we want to continue to allow ALL users to create groups ! or do we want to only allow some users?
    • By default all users can create such office 365 groups ! (contrarily to a normal active directory)
    • In one side it is good for end-user (more flexibility and autonomy) => self-service
    • But in other side, it can be a mess for IT !
  • Do we need a naming convention? (but limited to only one naming convention: ie. OG_, O365_ , <prefix>_<attribute>_<free text> …)
  • Do we need to blacklist words? (which ones? Who decide? …)

Other subject:

  • Need to change the expiration policy ? ( Retention period is 30 days after deletion)
  • To restore Office 365 groups is only via PowerShell or with Exchange admin center
  • Need an end-user procedure to request new group
  • Need an end-user procedure to request group restore

 

 

PowerShell connection to exchange online:

Office 365 group => management using PowerShell => not part of AzureAD or MSOnline module => only available online ! But need Basic authentication on the client:

PS C:\WINDOWS\system32> Set-ExecutionPolicy -scope currentUser RemoteSigned

PS C:\WINDOWS\system32> $UserCredential = Get-Credential     <== do not use an account with Azure MFA enabled

Note: if you are using Azure MFA to connect to Exchange online, follow this article: https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

In case of problem due to Message: “The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration”

PS E:\–DEV WORK–> winrm get winrm/config/client
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false [Source=”GPO”]
Auth
Basic = false [Source=”GPO”]
Digest = false [Source=”GPO”]
Kerberos = true [Source=”GPO”]
Negotiate = true [Source=”GPO”]
Certificate = true
CredSSP = true [Source=”GPO”]
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts

 

Import-PSSession $Session

ModuleType Version    Name                                ExportedCommands
———- ——-    —-                                —————-
Script     1.0        tmp_0gtrs5dm.juw                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-MailboxFolderPermission, Add-MailboxLocation…}

PS C:\WINDOWS\system32> Get-Mailbox | Get-MailboxStatistics

Note: https://technet.microsoft.com/library/13843002-56ca-4b75-81c5-84386522b01b.aspx

For Office 365 groups:

Note: https://thoughtsofanidlemind.com/2015/05/07/new-management-cmdlets-for-office-365-groups/

PS C:\WINDOWS\system32> get-unifiedgroup “All Guest users”

After your work, dont forget to stop the remote session:

Remove-PSSession $Session

Advertisements