diff --git a/Address book policy-UpdateUserAttributes-EducationDomain/ABP-UpdateUsersAttributes.ps1 b/Address book policy-UpdateUserAttributes-EducationDomain/ABP-UpdateUsersAttributes.ps1 new file mode 100644 index 0000000..079120c --- /dev/null +++ b/Address book policy-UpdateUserAttributes-EducationDomain/ABP-UpdateUsersAttributes.ps1 @@ -0,0 +1,65 @@ +# This script will update address book policy by user attributes +$logfile = ".\ABP-UpdateUsersAttributeslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +If(Get-Module -ListAvailable -Name AzureAD) + { + Write-Host "AzureAD Already Installed" + } + else { + try { Install-Module -Name AzureAD + Write-Host "Installing AzureAD" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + }} + if(Get-Module -ListAvailable -Name ExchangeOnlineManagement) + { + Write-Host "ExchangeOnlineManagement Already Installed" + } + else { + try { +Install-Module -Name ExchangeOnlineManagement + Write-Host "ExchangeOnlineManagement is installing" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + }} + + try{ +$credential= get-credential +Connect-AzureAD -Credential $credential +Connect-ExchangeOnline -credential $credential +} +catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + #Setting custom Attribute for Students +$group = Get-AzureADGroup -SearchString "Students of" -All $true +foreach ($group in $group){ +$school= $group.displayname +$school = $school -replace("students of","") +$school=$school.Where({ $_ -ne "" }) +$school=$school.Trim() +try{ +$group | Get-AzureADGroupMember | Get-EXOMailbox | Set-Mailbox -CustomAttribute10 $school +}catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + }} + +#Setting custom Attribute for teachers +$group = Get-AzureADGroup -SearchString "teachers of" -All $true +foreach ($group in $group){ +$school= $group.displayname +$school = $school -replace("teachers of","") +$school=$school.Where({ $_ -ne "" }) +$school=$school.Trim() +try{ +$group | Get-AzureADGroupMember | Get-EXOMailbox | Set-Mailbox -CustomAttribute10 $school +} +catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + }} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/Address book policy-UpdateUserAttributes-EducationDomain/README.md b/Address book policy-UpdateUserAttributes-EducationDomain/README.md new file mode 100644 index 0000000..d5a1ec6 --- /dev/null +++ b/Address book policy-UpdateUserAttributes-EducationDomain/README.md @@ -0,0 +1,26 @@ +# Address book policy-UpdateUserAttributes + +# Description +Script will check all groups of teachers, students and removes the part “students of” or “teachers of” and then it will update the user custom attribute with the school name, this way we can have both teachers, students of the same school can share the same attribute value + +System should have the AzureADPreview module [`Install-Module AzureADPreview`](https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview#installing-the-azure-ad-module) and [`Exchange Online`](https://docs.microsoft.com/en-us/powershell/module/exchange/connect-exchangeonline?view=exchange-ps) to exceute the script + +# Inputs +Global Administrator or Azure AD Administrator and ExchangeOnline Administrator credentials + +# Prerequisites +Exchange Online and AzureAD module + +# How to run the script +As an Administrator, type PowerShell in the start menu. Right-click on Windows PowerShell, then select run as Administrator. Click Yes at the UAC prompt + +Run the script + +Provide the Global Administrator credentials or AzureAD and ExchangeOnline Administrator credentials when it prompts + +Hit enter to continue + +# Expected output +User custom attributes are updated + +A log file will be generated with exceptions, errors along with script execution time diff --git a/Call Quality Dashboard Report/Call Quality Dashboard Report.ps1 b/Call Quality Dashboard Report/Call Quality Dashboard Report.ps1 new file mode 100644 index 0000000..ace827c --- /dev/null +++ b/Call Quality Dashboard Report/Call Quality Dashboard Report.ps1 @@ -0,0 +1,67 @@ +# This script will provide Total stream count and cqd report of given time using Teams powershell cqd module cmdlets +$start = [system.datetime]::Now +$logfile = ".\CQDLog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" + +$proceed = Read-host " +Provide 1 For Total Steram count including Audio,video,Appsharing +Provide 2 for CQD Report of Given time" +if ($proceed -eq "1") +{ +try{ +write-host "Provide startDate and Enddate in MM/dd/yyyy H:mm(Ex:31-03-2020 4:34)" + +$StartDate = read-host "Please provide start date" +$EndDate = read-host "please provide end date" + +$dimensions = "AllStreams.Date","AllStreams.Media Type","AllStreams.Second UPN" +$measures = "Measures.Total Stream Count","Measures.Audio Stream Count","Measures.Video Stream Count","Measures.AppSharing Stream Count","Measures.VBSS Stream Count" +#"Measures.Call Count","Measures.Audio Call Count","Measures.Video Call Count" + +$CustomFilter = @() +$F1 = New-Object pscustomobject +$F1 | Add-Member -Type NoteProperty -Name FName -Value "AllStreams.Is Teams" +$F1 | Add-Member -Type NoteProperty -Name FValue -Value "1" +$F1 | Add-Member -Type NoteProperty -Name Op -Value 0 +$CustomFilter += $F1 + +$F2 = New-Object pscustomobject +$F2 | Add-Member -Type NoteProperty -Name FName -Value "AllStreams.Second UserType" +$F2 | Add-Member -Type NoteProperty -Name FValue -Value "User" +$F2 | Add-Member -Type NoteProperty -Name Op -Value 0 +$CustomFilter += $F2 + + $CQDTableTemp= Get-CQDData -OutPutType CSV -OutPutFilePath cqdoutput.csv -CQDVer V3 -LargeQuery -StartDate $StartDate -EndDate $EndDate -IsServerPair 'Client : Server','Client : Client' ` + -Dimensions $dimensions -Measures $measures -customfilter $CustomFilter -ShowQuery $true +} +catch +{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + } + +if ($proceed -eq "2") + { + try{ + $cqd_List = Import-Csv -path ".\CQD_data.csv" + + +Foreach ($cqd in $cqd_List) +{ + +Get-CQDData -Dimensions $cqd.Dimensions -Measures $cqd.Measures -OutPutFilePath $cqd.OutPutFilePath -StartDate $cqd.StartDate -EndDate $cqd.EndDate -OutPutType $cqd.OutPutType -MediaType $cqd.MediaType -IsServerPair $cqd.IsServerPair -OverWriteOutput +} + } + catch +{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + } + + Else { + write-host "Please run the script again choose option 1 or 2" + } +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script + diff --git a/Call Quality Dashboard Report/README.md b/Call Quality Dashboard Report/README.md new file mode 100644 index 0000000..8f6a52a --- /dev/null +++ b/Call Quality Dashboard Report/README.md @@ -0,0 +1,85 @@ +# Call Quality Dashboard Report + +# Description + +Script will provide total stream count including audio, video, app sharing for provided start time and end time, CQD report of a given time + +PowerShell should be more than 3.0 version + +# Example + +##### Example 1 for total stream count including audio, video, app sharing + +![Example](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/CQD-Example.png) + +##### Example 2 for CQD report of the given time (DD-MM-YYYY(Ex:31-03-2020) + +Start Date: 1-10-2020 + +End Date: 1-11-2020 + + # Parameters + + `-Date` + + Type: String + + # Inputs + + Provide input 1 to get total stream count including audio, video, app sharing + + Start Date – “Please provide start date" + + End Date – “Please provide end date" + + Provide input 2 to get the CQD report of a given time + + Give the input file as shown below. Keep this file in current location(CQD_Input.csv). The script will collect the data from `CQD_Input.csv` file and capture the data from call quality dashboard + + |Dimensions | Measures| OutPutFilePath | StartDate| EndDate | OutPutType | MediaType | IsServerPair | + |------------|---------|----------------|-----------|---------|------------|-----------|--------------| + + Each row data will be collected and executed through script accordingly + + To construct the input.csv file refer [dimensions-and-measures-available-in-call-quality-dashboard](https://docs.microsoft.com/en-us/microsoftteams/dimensions-and-measures-available-in-call-quality-dashboard) + + # Procedure + +PowerShell should be more than 3.0 version + +Run the script + +Once you run the script it will prompt for option 1 or 2 + +If you have chosen the **option 1** please provide the parameters + +Start Date – “Please provide start date” + +End Date – “Please provide end date” + +Press enter to continue + +Or if you have chosen the **option 2** please provide the `Input.csv` file + +Now the script will pop-up for Teams Administrator credentials to connect the CQD tool + +![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/CQD-Signin.png) + +Provide the Teams Administrator credentials + +# Output + +For option 1 + +##### Example output + +Script will execute and creates `cqdoutput.csv` file +![SampleOutput](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/CQD-SampleOutput.png) + +For option 2 + +##### Example output + +![Output](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/CQD-output.png) + +A log file will be generated with exceptions, errors along with script execution time diff --git a/CreateAndAssignAddressBookPolicy-EducationDomain/Create and assign address book policy.ps1 b/CreateAndAssignAddressBookPolicy-EducationDomain/Create and assign address book policy.ps1 new file mode 100644 index 0000000..e4734e7 --- /dev/null +++ b/CreateAndAssignAddressBookPolicy-EducationDomain/Create and assign address book policy.ps1 @@ -0,0 +1,41 @@ +# This script will create and assign addressbook policy +$logfile = ".\CreateAndAssignAddressbookPolicylog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +if(Get-Module -ListAvailable -Name ExchangeOnlineManagement) + { + Write-Host "ExchangeOnlineManagement Already Installed" + } + else { + try { +Install-Module -Name ExchangeOnlineManagement + Write-Host "ExchangeOnlineManagement is installing" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + #Creating and assigning address policy +try{ +$cred = Connect-ExchangeOnline +$user= Get-Mailbox -ResultSize unlimited +$school = $user.CustomAttribute10 | Sort-Object | Get-Unique +$school=$school.Where({ $_ -ne "" }) +$school=$school.Trim() +foreach ($school in $school) +{ +New-AddressList -Name $school -ConditionalCustomAttribute10 $school -IncludedRecipients "AllRecipients" +$addresslist = (Get-AddressList $school).name+' GAL' +New-GlobalAddressList -Name "$addresslist" -ConditionalCustomAttribute10 $school -IncludedRecipients "AllRecipients" +$GAL= $school+' GAL' +New-OfflineAddressBook -Name $school -AddressLists "\$gal" +New-AddressBookPolicy -Name $school -AddressLists "\$school" -RoomList "\All Rooms" -OfflineAddressBook "$school" -GlobalAddressList "$gal" +Get-Mailbox | where{$_.customattribute10 -like "*$school*"} | Set-Mailbox -AddressBookPolicy $school +} +} +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/CreateAndAssignAddressBookPolicy-EducationDomain/README.md b/CreateAndAssignAddressBookPolicy-EducationDomain/README.md new file mode 100644 index 0000000..5146f37 --- /dev/null +++ b/CreateAndAssignAddressBookPolicy-EducationDomain/README.md @@ -0,0 +1,29 @@ +# CreateAndAssignAddressBookPolicy-EducationDomain + +# Description + +Script will create and assign the address lists, address book policies to users based on the attribute + +A log file will be generated with exceptions, errors along with script execution time + +# Inputs +Global Administrator or ExchangeOnline Administrator credentials + +# Prerequisites +As an Administrator, type PowerShell in the start menu + +Right-click on Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt +1. Type the following within PowerShell and then press Enter: + + `Import-Module ExchangeOnlineManagement` + + `$UserCredential = Get-Credential` + +2. In the Windows PowerShell credential request dialog box that appears, type global or exchange online admin account and password, and then click OK + +# How to run the script +To run the script you will need to either download it or copy and paste the script into PowerShell + +Provide the Global Administrator credentials or exchange online Administrator credentials when it prompts + +Hit enter to continue diff --git a/Group or TeamsCreationRestrictionPolicy-Bulk/README.md b/Group or TeamsCreationRestrictionPolicy-Bulk/README.md new file mode 100644 index 0000000..545434a --- /dev/null +++ b/Group or TeamsCreationRestrictionPolicy-Bulk/README.md @@ -0,0 +1,49 @@ +# Group or TeamsCreationRestrictionPolicy-Bulk + +# Description + +You can restrict Office 365 group creation to the members of a particular security group + +Office 365 global admins can create groups via any means, such as the Microsoft 365 admin center, Planner, Teams, Exchange, and SharePoint Online + +The system should have the AzureADPreview module [`Install-Module azure preview`](https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview#installing-the-azure-ad-module) + +# Example +Restricting HR group members from creating Teams or groups + +# Inputs +Import _GroupTeamsCreationRestrictionPolicy.xlsx_ file as an input which contains Groupname and AllowGroupCreation, Please refer example table + + | Groupname | AllowGroupCreation | + |--------------|-------------------- | + | Group1 | True | + | HR | False | + +# Parameters +Groupname: The name of the created O365 security group + +AllowGroupCreation: Do You want to allow this group to create Teams True/False + +# Prerequisites +As an Administrator, type PowerShell in the start menu +Right-click Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt. +1. Type the following within PowerShell and then press Enter: + + `Install-Module AzureAd` + +2. Type Y at the prompt. Press Enter + +3. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +# How to run the script +To run the script you will need to either download it or copy and paste the script into PowerShell + +Provide the Global Administrator credentials or AzureAD Administrator credentials when it prompts + +The script will restrict or allow the group users based on AllowGroupCreation input + +# Output +The last line of the script will display the updated settings: +![output](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Restricting%20group%20creation.png) + +A log file will be generated with exceptions, errors along with script execution time diff --git a/Group or TeamsCreationRestrictionPolicy-Bulk/TeamsCreationRestrictionPolicy - Bulk.ps1 b/Group or TeamsCreationRestrictionPolicy-Bulk/TeamsCreationRestrictionPolicy - Bulk.ps1 new file mode 100644 index 0000000..8d789d2 --- /dev/null +++ b/Group or TeamsCreationRestrictionPolicy-Bulk/TeamsCreationRestrictionPolicy - Bulk.ps1 @@ -0,0 +1,70 @@ +#This script will restrict Office 365 group creation to the members of a particular security groups using AzureAD PowerShell cmdlets +$logfile = ".\GroupTeamsCreationRestrictionPolicyBulklog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +try{ + $conDetails = Connect-AzureAD + $tenantDomain = $conDetails.TenantDomain +} +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + +#Declare the file path and sheet name + $file = ".\GroupTeamsCreationRestrictionPolicy.xlsx" + $sheetName = "Sheet1" + +#Create an instance of Excel.Application and Open Excel file + $objExcel = New-Object -ComObject Excel.Application + $workbook = $objExcel.Workbooks.Open($file) + $sheet = $workbook.Worksheets.Item($sheetName) + $objExcel.Visible = $false +#Count max row + $rowMax = ($sheet.UsedRange.Rows).count + +#Declare the starting positions + $rowGroupName, $colGroupName = 1, 1 + $rowAllowGroupCreation, $colAllowGroupCreation = 1, 2 + +#loop to get values and store it + for ($i = 1; $i -le $rowMax - 1; $i++) { + + $GroupName = $sheet.Cells.Item($rowGroupName + $i, $colGroupName).text + $AllowGroupCreation = $sheet.Cells.Item($rowAllowGroupCreation + $i, $colAllowGroupCreation).text + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id +if(!$settingsObjectID) + {try{ + $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"} + $settingsCopy = $template.CreateDirectorySetting() + New-AzureADDirectorySetting -DirectorySetting $settingsCopy + $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id + } + catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + } + + $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID + $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation + + if($GroupName) + {try{ + $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid + } + catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + } + + Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy + + (Get-AzureADDirectorySetting -Id $settingsObjectID).Values +} +$objExcel.quit() +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/Group or TeamsCreationRestrictionPolicy/README.md b/Group or TeamsCreationRestrictionPolicy/README.md new file mode 100644 index 0000000..8f3edec --- /dev/null +++ b/Group or TeamsCreationRestrictionPolicy/README.md @@ -0,0 +1,46 @@ +# Group or TeamsCreationRestrictionPolicy + +# Description +You can restrict Office 365 group creation to the members of a particular security group + +Office 365 global admins can create groups via any means, such as the Microsoft 365 admin center, Planner, Teams, Exchange, and SharePoint Online + +The system should have the AzureADPreview module [`Install-Module azure preview`](https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview#installing-the-azure-ad-module) + +# Example +Restricting HR group members from creating Teams or groups + +# Inputs +$Groupname Ex: HR + +$AllowGroupCreation Ex: False + +# Parameters +Groupname: The name of the created O365 security group + +AllowGroupCreation: Do you want to allow this group to create Teams True/False + +# Prerequisites +As an Administrator, type PowerShell in the start menu + +Right-click Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt +1. Type the following within PowerShell and then press Enter: + + `Install-Module AzureAd` + +2. Type Y at the prompt. Press Enter + +3. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +# How to run the script +To run the script you will need to either download it or copy and paste the script into PowerShell + +Provide the Global Administrator credentials or AzureAD Administrator credentials when it prompts + +The script will restrict or allow the group users based on AllowGroupCreation input + +# Output +The last line of the script will display the updated settings: +![output](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Restricting%20group%20creation.png) + +A log file will be generated with exceptions, errors along with script execution time diff --git a/Group or TeamsCreationRestrictionPolicy/TeamsCreationRestrictionPolicy.ps1 b/Group or TeamsCreationRestrictionPolicy/TeamsCreationRestrictionPolicy.ps1 new file mode 100644 index 0000000..bd0d9c3 --- /dev/null +++ b/Group or TeamsCreationRestrictionPolicy/TeamsCreationRestrictionPolicy.ps1 @@ -0,0 +1,48 @@ +#This script will restrict Office 365 group creation to the members of a particular security group using AzureAD PowerShell cmdlets +param( + [Parameter(Mandatory=$true)][System.String]$Groupname, + [Parameter(Mandatory=$true)][System.String]$AllowGroupCreation + ) +$logfile = ".\GroupTeamsCreationRestrictionPolicylog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +try +{ +$conDetails = Connect-AzureAD +$tenantDomain = $conDetails.TenantDomain +} +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + +$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id + if(!$settingsObjectID) + {try{ + $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"} + $settingsCopy = $template.CreateDirectorySetting() + New-AzureADDirectorySetting -DirectorySetting $settingsCopy + $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id + } + catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} + } + + $settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID + $settingsCopy["EnableGroupCreation"] = $AllowGroupCreation + + if($GroupName) + { + try{ + $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy + + (Get-AzureADDirectorySetting -Id $settingsObjectID).Values +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/GuestRestrictionForGivenTeams/GuestRestricationForGivenTeams.ps1 b/GuestRestrictionForGivenTeams/GuestRestricationForGivenTeams.ps1 new file mode 100644 index 0000000..5eca53a --- /dev/null +++ b/GuestRestrictionForGivenTeams/GuestRestricationForGivenTeams.ps1 @@ -0,0 +1,166 @@ +#This script will restrict the guest users in Teams by changing the O365 group AllowToAddGuests parameter value to false +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\GuestRestricationForGivenTeamslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + #Getting Team details + $TeamsList = Import-Csv -path ".\Teamslist.csv" + foreach($Teams in $TeamsList){ + + $uri = "https://graph.microsoft.com/v1.0/groups/" + $Teams.Teamsid + $details = Invoke-RestMethod -Headers $Header -Uri $uri -Method Get -ContentType 'application/json' + + #Get group settings + $settingsuri = "https://graph.microsoft.com/v1.0/groups/" + $Teams.Teamsid + "/settings" + try{ + $groupsettings = Invoke-RestMethod -Headers $Header -Uri $settingsuri -Method get -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Groupvalue = $groupsettings.value + $body = '{ + "displayName": "Group.Unified.Guest", + "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9", + "values": [ + { + "name": "CustomBlockedWordsList", + "value": "" + }, + { + "name": "EnableMSStandardBlockedWords", + "value": "False" + }, + { + "name": "ClassificationDescriptions", + "value": "" + }, + { + "name": "DefaultClassification", + "value": "" + }, + { + "name": "PrefixSuffixNamingRequirement", + "value": "" + }, + { + "name": "AllowGuestsToBeGroupOwner", + "value": "False" + }, + { + "name": "AllowGuestsToAccessGroups", + "value": "False" + }, + { + "name": "GuestUsageGuidelinesUrl", + "value": "" + }, + { + "name": "GroupCreationAllowedGroupId", + "value": "62e90394-69f5-4237-9190-012177145e10" + }, + { + "name": "AllowToAddGuests", + "value": "'+$Teams.AllowToAddGuests+'" + }, + { + "name": "UsageGuidelinesUrl", + "value": "" + }, + { + "name": "ClassificationList", + "value": "" + }, + { + "name": "EnableGroupCreation", + "value": "True" + } + ] +}' + + if($Groupvalue.id){ + #if settings available update the settings + $settingsid = $Groupvalue.id + $patchuri = "https://graph.microsoft.com/v1.0/groups/" +$Teams.Teamsid+ "/settings/" + "$settingsid" + try{ + $updatesettings = Invoke-RestMethod -Headers $Header -Uri $patchuri -Method Patch -Body $body -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host "settings has been updated for" $details.displayName + } + else{ + #create settings template and apply + $createuri = "https://graph.microsoft.com/v1.0/groups/" +$Teams.Teamsid+ "/settings/" + try{ + $newsettings = Invoke-RestMethod -Headers $Header -Uri $createuri -Method Post -Body $body -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host "new settings has been created and applied to Team" $details.displayName + } + + $finaluri = "https://graph.microsoft.com/v1.0/groups/" +$Teams.Teamsid+ "/settings" + try{ + $final = Invoke-RestMethod -Headers $Header -Uri $finaluri -Method Get -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $status = $final.value.values.value + + $Teamuri = "https://graph.microsoft.com/v1.0/groups/" + $Teams.Teamsid + $Teamdetails = Invoke-RestMethod -Headers $Header -Uri $Teamuri -Method Get -ContentType 'application/json' + + write-host "exporting data for Team" $Teamdetails.displayName + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name TeamsName $Teamdetails.displayName + $file | add-member -MemberType NoteProperty -Name Teamsid $Teams.Teamsid + $file | add-member -MemberType NoteProperty -Name AllowToAddGuests $status + $file | export-csv GuestRestricationForGivenTeamsOutput.csv -NoTypeInformation -Append + } + } + else +{ + write-host "You need to login admin consent in order to continue... " +} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/GuestRestrictionForGivenTeams/README.md b/GuestRestrictionForGivenTeams/README.md new file mode 100644 index 0000000..a806183 --- /dev/null +++ b/GuestRestrictionForGivenTeams/README.md @@ -0,0 +1,85 @@ +# GuestRestrictionForGivenTeams + +# Description + +This script will restrict the guest users in Teams by changing the O365 group AllowToAddGuests parameter value to false. It takes the input from the current folder and creates the output in the current folder + +PowerShell 3.0 or more should be available + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure app and tenant id from Azure portal + +#### Required Permissions + +| Permission type | Permissions (from least to most privileged)| +|-----------------|--------------------------------------------| +|Application|Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All| + +# Example + +|TeamsName | AllowToAddGuests | +|-----------|------------------| +|HR | FALSE | + +# Parameters + +`-Group.Unified.Guest` + +Boolean indicating whether or not a guest user can have access to Microsoft 365 groups content. This setting does not require an Azure Active Directory Premium P1 license + +AllowGuestsToAccessGroups +*** +Type: Boolean +*** +Default: True + +# Inputs + +Prepare `input.csv` file in below format and keep it in a current location where the script is running + +![Input](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/InkedGuestrestrictionForGivenTeams-Input_LI.jpg) + +# Procedure to run the script + + To execute `GuestRestrictionForGivenTeams` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further in the script + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide the Global Administrator credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform the operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in the script + + Script will take the input from _Teamslist.csv_ + + Once the script is executed GuestRestricationForGivenTeamsOutput.csv file will generate + +# Output +##### Example + +|TeamsName | AllowToAddGuests | +|-----------|------------------| +|HR | FALSE | +|IT Team | FALSE | +|Admin | FALSE | +|Accounts | FALSE | diff --git a/InstalledAPPs/InstalledApps.ps1 b/InstalledAPPs/InstalledApps.ps1 new file mode 100644 index 0000000..a67d721 --- /dev/null +++ b/InstalledAPPs/InstalledApps.ps1 @@ -0,0 +1,113 @@ +# This script will provide list of installed Teams applications for users in tenant using Graph API +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\InstalledAppslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + #getting users + write-host "Getting Tenant users" + $getusers = "https://graph.microsoft.com/v1.0/users" + try{ + $users = Invoke-RestMethod -Headers $Header -Uri $getusers -Method get -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $userdetails = $users.value + + $userdetails | Export-csv -path ".\Userdata.csv" -Append -NoTypeInformation + $userdisplayname = $userdetails.displayName + $useruserPrincipalName = $userdetails.userPrincipalName + $userid = $userdetails.id + + #getting installed apps + write-host "installed apps for Tenant users" + $results = foreach($id in $userid) + { + $userapps = "https://graph.microsoft.com/beta/users/"+ "$id" +"/teamwork/installedApps?expand=teamsAppDefinition" + try{ + $usersap = Invoke-RestMethod -Headers $Header -Uri $userapps -Method get -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $values = $usersap.value + $a = $values.teamsAppDefinition + $Apps = $a | select displayName + $InstalledApps = [string]::Join("; ",$Apps.displayName) + + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name id $id + $file | add-member -MemberType NoteProperty -Name InstalledApps $InstalledApps + $file | export-csv ".\UserApps.csv" -NoTypeInformation -Append + } + + $userdata = Import-CSV -Path ".\Userdata.csv" + $Appdata = import-csv -path ".\UserApps.csv" + + $matchcounter = 0 + + foreach ($order1 in $Appdata) + { + $matched = $false + foreach ($order2 in $userdata) + { + $obj = "" | select "ID","DisplayName","UserPrincipalName","InstalledApps" + if($order1.'id' -eq $order2.'id' ) + { + $matchCounter++ + $matched = $true + $obj.'ID' = $order1. 'id' + $obj.'DisplayName' = $order2.'displayName' + $obj.'UserPrincipalName' = $order2.'userPrincipalName' + $obj.'InstalledApps' = $order1.'InstalledApps' + + + Write-Host "Match Found Orders " "$matchCounter" + $obj | Export-Csv -Path ".\UserInstalledTeamsApps.csv" -Append -NoTypeInformation + } + } + } + +} +else +{ + write-host "You need to login admin consent in order to continue... " +} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/InstalledAPPs/README.md b/InstalledAPPs/README.md new file mode 100644 index 0000000..6343353 --- /dev/null +++ b/InstalledAPPs/README.md @@ -0,0 +1,78 @@ +# InstalledAPPs + +# Description + + Script retrieves the list of Teams apps installed for users in tenant + + # Prerequisites + + [Create new Azure App.](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + + [How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + + Please collect client id, client secret from created Azure App and tenant id from Azure portal + + ##### Required Permissions + +|Permission type |Permissions (from least to most privileged)| +|-------|----| +|Application |TeamsAppInstallation.ReadForUser.All, TeamsAppInstallation.ReadWriteForUser.All| + +# Parameters + +`-AppID` + + The app's ID generated by Teams (different from the external ID) + *** + Type: String[] + *** + Position: Named + *** + Default value: None + *** + Accept pipeline input: False + *** + Accept wildcard characters: False + +# Inputs + +Client_Id, Client_Secret, Tenantid + +# Procedure to run the script + +To execute `InstalledAPPs` download/copy and paste the script into PowerShell + +Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + +Now the script will redirect to the web page for login + +![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + +Provide the MicrosoftTeams Administrator credentials i.e user ID and password + +Press enter to continue + +Once you are login it will show the below image for grant permissions for the app to perform the operations + +![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + +![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + +**Click Accept** + +If you have provided the correct credentials it will give the success status `admin_consent = True` + +![Admin Consent](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/AdminConsent.png) + +Now press Y to proceed further in the script + +Script will create 3 files i.e Userdata.csv, UserApps.csv, UserInstalledTeamsApps.csv. Userdata.csv and UserApps.csv will be used as input files to get the final output UserInstalledTeamsApps.csv +`UserInstalledTeamsApps.csv` is the final output file having installed Teams applications for each user + +# Output + +##### Example + +| ID | Displayname |UserPrincipalName | InstalledApps | +|----|-------------|------------------|---------------| +|81701046-cb37-439b-90ce-2afd9630af7d|David Chew|davidchew@contoso.com|Activity; Calling; Teams; Saved; Files| diff --git a/MembershipChangeTeacher-Owner,Student-Member/MembershipChange(Teacher-Owner,student-member).ps1 b/MembershipChangeTeacher-Owner,Student-Member/MembershipChange(Teacher-Owner,student-member).ps1 new file mode 100644 index 0000000..79f2edf --- /dev/null +++ b/MembershipChangeTeacher-Owner,Student-Member/MembershipChange(Teacher-Owner,student-member).ps1 @@ -0,0 +1,179 @@ +#This script will change the Teams membership role(owner/member) based on the user license(Teacher/student) +#If users don't have a MicrosoftTeams license it will export the user's list +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\Membershiplog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +try{ +Connect-MicrosoftTeams +} +Catch { + $_.Exception | Out-File $logfile -Append + } +start-process $Grantadmin +write-host "login with your tenant login details to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + + #Get Team details + write-host "Getting Team details..." + $getTeams = "https://graph.microsoft.com/beta/groups?filter=resourceProvisioningOptions/Any(x:x eq 'Team')" + try{ + $Teams = Invoke-RestMethod -Headers $Header -Uri $getTeams -Method get -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + do + { + + foreach($Team in $Teams.value.id) + { + $Tmembers ="https://graph.microsoft.com/v1.0/groups/" + $Team + "/members" + try{ + $members = Invoke-RestMethod -Headers $Header -Uri $Tmembers -Method get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + #Get all team Owners + $Teamowneruri ="https://graph.microsoft.com/v1.0/groups/" + $Team + "/owners" + try{ + $ownerresult = Invoke-RestMethod -Headers $Header -Uri $Teamowneruri -Method get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $owners = $ownerresult.value.id + + foreach($value in $members.value) + { + $member = $value.id + $memberUPN = $value.userPrincipalName + $memberdisplayname = $value.displayName + + $licenseuri="https://graph.microsoft.com/v1.0/users/" + $member + "/licenseDetails" + try{ + $licenseresult=Invoke-RestMethod -Headers $Header -Uri $licenseuri -Method get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $licensevalue = $licenseresult.value + $license = $licensevalue.skuPartNumber + + + #case1:if user having faculty license and be part of ownerlist + if(($license -eq "M365EDU_A5_FACULTY") -and ($owners -contains $member)) + {write-host "This user having Faculty license and already owner of the team" $memberdisplayname } + + #case2:if user having faculty license and not part of ownerlist + elseif(($license -eq "M365EDU_A5_FACULTY") -and ($owners -notcontains $member)) + { + $facultybody='{ + "@odata.id": "https://graph.microsoft.com/beta/users/'+$member+'" + }' + $facultyuri ="https://graph.microsoft.com/beta/groups/" + "$Team" + "/owners/`$ref" + try{ + $output =Invoke-RestMethod -Headers $Header -Uri $facultyuri -Method Post -Body $facultybody -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host "Faculty Membership role has been changed to Owner for team" $memberdisplayname + + } + #case3:if user having STUDENT license and not part of ownerlist + elseif(($license -eq "M365EDU_A5_STUDENT") -and ($owners -notcontains $member)) + {write-host "This user having STUDENT license and already member of the team" $memberdisplayname} + + #case4:if user having STUDENT license and part of ownerlist + elseif(($license -eq "M365EDU_A5_STUDENT") -and ($owners -contains $member)) + { + #add student as member + try{ + Add-TeamUser -GroupId $Team -User $memberUPN -Role Member + } + Catch { + $_.Exception | Out-File $logfile -Append + } + #removing student as owner + $removestudenturi="https://graph.microsoft.com/v1.0/groups/" +$Team+ "/owners/" +$member+ "/`$ref" + try{ + $output2=Invoke-RestMethod -Headers $Header -Uri $removestudenturi -Method Delete -ContentType 'application/json' + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host "student Membership role has been changed to member " $memberdisplayname + + + } + #case5: if user dont have license + else + { + write-host "user have the different license" + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name UserName $memberUPN + $file | add-member -MemberType NoteProperty -Name Userid $member + $file | export-csv -path output.csv -NoTypeInformation -Append + } + } + } + + + + if ($group.'@odata.nextLink' -eq $null ) + { + break + } + else + { + try{ + $group = Invoke-RestMethod -Headers $Header -Uri $group.'@odata.nextLink' -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + } + }while($true); + } + + else +{ + write-host "You need to login admin consent in order to continue... " +} + $end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/MembershipChangeTeacher-Owner,Student-Member/README.md b/MembershipChangeTeacher-Owner,Student-Member/README.md new file mode 100644 index 0000000..ba9047b --- /dev/null +++ b/MembershipChangeTeacher-Owner,Student-Member/README.md @@ -0,0 +1,91 @@ +# MembershipChangeTeacher-Owner, Student-Member + +# Description + +This script will change the Teams membership role based on the user license. After the script execution, teacher license user will convert as owner and student license users will convert as members, if users don't have MicrosoftTeams license it will export the user's list + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure App and tenant id from Azure portal + +#### Requried Permissions + +|Permission type |Permissions (from least to most privileged)| +|---|----| +|Application |TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All| + +# Example + +##### Case1:(If a user having faculty license and be part of owner list) + + This user having Faculty license and already the owner of the team message will populate on the screen + +##### Case2: (If a user having faculty license and not part of owner list) + + Faculty Membership role has been changed to Owner of the team message will populate on the screen + +##### Case3:(If a user having STUDENT license and not part of owner list) + + This user having STUDENT license and already a member of the team message will populate on the screen + +##### Case4:(If a user having STUDENT license and part of owner list) + + Student Membership role has been changed to member message will populate on the screen + +##### Case5:(If user dont have license) + + User has the different license and exports the user list message will populate on the screen + +# Parameters + +`-IsLicensed` + + Whether or not the user has any licenses assigned + + Type: SkuPartNumber + +# Inputs + +Client_Id, Client_Secret, Tenantid + +# Procedure to run the script + + To execute `MembershipChangeTeacher-Owner, Student-Member` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + + Please provide the Teams admin credentials to connect to Microsoft Teams + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide admin credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform the operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in the script + +# Output + +List of users who has no license, output.csv will be generated + +##### Example + +|UserName | Userid | +|----------|---------| +|David Chew|81701046-cb37-439b-90ce-2afd9630af7d| diff --git a/PolicyPackageAssignment/PolicyPackageAssignment.ps1 b/PolicyPackageAssignment/PolicyPackageAssignment.ps1 new file mode 100644 index 0000000..7e17a35 --- /dev/null +++ b/PolicyPackageAssignment/PolicyPackageAssignment.ps1 @@ -0,0 +1,155 @@ +#This script will check the user license, based on the assigned license(Teacher/Student), a policy package(Education Teacher/Education_SecondaryStudent) will be assigned + +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\PolicyPackageAssignmentlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +#connect to teams +try{ +Connect-MicrosoftTeams +} +Catch { + $_.Exception | Out-File $logfile -Append + } +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + $uri = "https://graph.microsoft.com/v1.0/users" + try{ + $group = Invoke-RestMethod -Headers $Header -Uri $uri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + do + { + foreach($value in $group.value) + { + try{ + $Token1 = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header1 = @{ + Authorization = "$($token1.token_type) $($token1.access_token)" + } + + $id = $value.id + $UPN = $value.userPrincipalName + + #Check if user is assigned any license + $licenseuri = "https://graph.microsoft.com/v1.0/users/" + "$id" + "/licenseDetails" + try{ + $licenseresult = Invoke-RestMethod -Headers $Header1 -Uri $licenseuri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $licensevalue = $licenseresult.value + $skuids = $licensevalue.skuId + $licenses = $licensevalue.skuPartNumber + $serviceplan = $licensevalue.servicePlans + $TeamslicenseStatus = $serviceplan | where {($_.servicePlanName -eq 'Teams1')} + + $provisioningStatus = $TeamslicenseStatus.provisioningStatus + + $useruri = "https://graph.microsoft.com/v1.0/users/" + $id + try{ + $userresult = Invoke-RestMethod -Headers $Header1 -Uri $useruri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + if($licenses -contains "M365EDU_A5_FACULTY") + { + try{ + Grant-CsUserPolicyPackage -Identity $UPN -PackageName "Education_Teacher" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host " Education_Teacher policy has been assigned to user" $UPN + } + elseif($licenses -contains "M365EDU_A5_STUDENT") + { + try{ + Grant-CsUserPolicyPackage -Identity $UPN -PackageName "Education_SecondaryStudent" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host " Education_SecondaryStudent policy has been assigned to user" $UPN + } + + else{ + Write-Host "User have the diffrent license" $UPN + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name UserName $UPN + $file | add-member -MemberType NoteProperty -Name Userid $id + $file | export-csv -path ".\license.csv" -NoTypeInformation -Append + } + } + if ($group.'@odata.nextLink' -eq $null ) + { + break + } + else + { + try{ + $Token2 = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $Header2 = @{ + Authorization = "$($token2.token_type) $($token2.access_token)" + } + try{ + $group = Invoke-RestMethod -Headers $Header2 -Uri $group.'@odata.nextLink' -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + } + }while($true); + } + + else +{ + write-host "You need to login admin consent in order to continue... " +} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/PolicyPackageAssignment/README.md b/PolicyPackageAssignment/README.md new file mode 100644 index 0000000..9efb04c --- /dev/null +++ b/PolicyPackageAssignment/README.md @@ -0,0 +1,73 @@ +# PolicyPackageAssignment + +# Description + +This script will check the user license. After the script execution, teacher license users will be assigned to “Education Teacher”. Student license users will be assigned with “Education_SecondaryStudent” policy packages + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure App and tenant id from Azure portal + +##### Required Permissions + +|Permission type |Permissions (from least to most privileged)| +|----|----| +|Application |User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All| + +# Example + +If a user assigned with faculty license, script will assign Education_Teacher policy package to a user + +If the user assigned with a student license, script will assign Education_SecondaryStudent policy package to a user + +# Parameters + +`-isLicensed` + +Whether or not the user has any licenses assigned + +Type: SkuPartNumber + +# Inputs + +Client_Id, Client_Secret, Tenantid + +# Procedure to run the script + + To execute `PolicyPackageAssignment` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + + Please provide the global administrator credentials or Teams administrator credentials to `Connect-MicrosofTteams` + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide admin credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in the script + +# Sample Output + + Once the script executed, it generates the `license.csv` file contains no license or different license(other than Teams) users + +|UserName | Userid | +|----------|---------| +|David Chew|81701046-cb37-439b-90ce-2afd9630af7d| diff --git a/ResetPolicies-Education domain/README.md b/ResetPolicies-Education domain/README.md new file mode 100644 index 0000000..0c55dd4 --- /dev/null +++ b/ResetPolicies-Education domain/README.md @@ -0,0 +1,36 @@ +# ResetPolicies-Education domain + +# Description +Script is to create below custom policies to set all access to teachers and restrict to students in an organization + + Teams policies + + Meetings policies + + Meeting settings + + Messaging policies + + Assignment policy + + Org-Wide settings + + Apps + +# Prerequisite +1) Install [SFB online connector](https://www.microsoft.com/en-us/download/details.aspx?id=39366) + +# Inputs +Global Administrator or Skype for Business Online administrator account name and password, and then select OK + +# How to run the script + +1. As an Administrator, type PowerShell in the start menu. Right-click on Windows PowerShell, then select Run as Administrator. +Click Yes at the UAC prompt + +2) Run the **`ResetPolicies-Education domain.ps1`** + +# Expected output +Custom policies are created + +A log file will be generated with exceptions, errors along with script execution time diff --git a/ResetPolicies-Education domain/ResetPolicies.ps1 b/ResetPolicies-Education domain/ResetPolicies.ps1 new file mode 100644 index 0000000..37f0054 --- /dev/null +++ b/ResetPolicies-Education domain/ResetPolicies.ps1 @@ -0,0 +1,100 @@ +# This Script will create custom policies to set all access to teachers and restrict to students in an organization +$logfile = ".\ResetPolicieslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +If(Get-Module -ListAvailable -Name MicrosoftTeams) + { + Write-Host "MicrosoftTeams Already Installed" + } + else { + try { Install-Module -Name MicrosoftTeams + Write-Host "Installed MicrosoftTeams" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } } + try{ +Connect-MicrosoftTeams +} + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +PolicyChoice = Read-host = "'please provide Number to reset policies +1.Teams policies +2.Meetings Policies +3.Meeting Settings +4.Messaging policies +5.Assignment policy +6.OrgWide settings +7.Apps'" + +if(PolicyChoice -eq "1") +{try{ +#teams policies +Set-CsTeamsChannelsPolicy -Identity global -AllowPrivateChannelCreation $false +New-CsTeamsChannelsPolicy -Identity AllTeachers -AllowPrivateChannelCreation $true +} +catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} +if(PolicyChoice -eq "2"){ +try{ +#Meetings Policies +Set-CsTeamsMeetingPolicy -Identity global -AllowMeetNow $false -AllowOutlookAddIn $false -AllowChannelMeetingScheduling $false -AllowPrivateMeetingScheduling $false -AllowTranscription $true -AllowCloudRecording $false -AllowParticipantGiveRequestControl $false -AllowExternalParticipantGiveRequestControl $false -AllowPowerPointSharing $true -AllowWhiteboard $true -AllowSharedNotes $true -AllowAnonymousUsersToStartMeeting $false -AutoAdmittedUsers OrganizerOnly -LiveCaptionsEnabledType DisabledUserOverride -MeetingChatEnabledType enabled -AllowPrivateMeetNow $false +New-CsTeamsMeetingPolicy -Identity AllTeachers -AllowMeetNow $true -AllowOutlookAddIn $true -AllowChannelMeetingScheduling $true -AllowPrivateMeetingScheduling $true -AllowTranscription $true -AllowCloudRecording $false -AllowParticipantGiveRequestControl $true -AllowExternalParticipantGiveRequestControl $true -AllowPowerPointSharing $true -AllowWhiteboard $true -AllowSharedNotes $true -AllowAnonymousUsersToStartMeeting $false -AutoAdmittedUsers EveryoneInCompany -LiveCaptionsEnabledType DisabledUserOverride -MeetingChatEnabledType enabled -AllowPrivateMeetNow $true +}catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +if(PolicyChoice -eq "3"){ +try{ +#meeting Settings +set-CsTeamsMeetingConfiguration -DisableAnonymousJoin $true +}catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +if(PolicyChoice -eq "4"){ +try{ +#messaging policies +Set-CsTeamsMessagingPolicy -Identity global -AllowUserDeleteMessage $false -AllowUserEditMessage $false -ReadReceiptsEnabledType Everyone -AllowUserChat $false -AllowMemes $false -AllowPriorityMessages $false -AudioMessageEnabledType disabled -AllowRemoveUser $false -AllowSmartReply $false -ChannelsInChatListEnabledType EnabledUserOverride -AllowGiphy $false -AllowGiphyDisplay $false +new-CsTeamsMessagingPolicy -Identity AllTeachers -AllowUserDeleteMessage $true -AllowUserEditMessage $true -ReadReceiptsEnabledType Everyone -AllowUserChat $true -AllowMemes $false -AllowPriorityMessages $true -AudioMessageEnabledType ChatsAndChannels -AllowRemoveUser $true -AllowSmartReply $true -ChannelsInChatListEnabledType EnabledUserOverride -AllowGiphy $false -AllowGiphyDisplay $false -AllowOwnerDeleteMessage $true +}catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +if(PolicyChoice -eq "5"){ +try{ +#Assignment policy +Set-CsTeamsEducationAssignmentsAppPolicy -MakeCodeEnabledType disabled -TurnItInEnabledType enabled +} +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +if(PolicyChoice -eq "6"){ +try{ +#OrgWide settings +Set-CsTeamsClientConfiguration -AllowEmailIntoChannel $false -AllowDropBox $false -AllowBox $false -AllowGoogleDrive $false -AllowShareFile $false -AllowGuestUser $false -AllowEgnyte $false -AllowOrganizationTab $false -AllowScopedPeopleSearchandAccess $true +} +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +if(PolicyChoice -eq "7"){ +try{ +#apps +Set-CsTeamsAppPermissionPolicy -GlobalCatalogAppsType AllowedAppList +}catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} +else +{write-host "please run script again and choose option between 1-7" +} + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeachersGroupUpdate-Education domain/README.md b/TeachersGroupUpdate-Education domain/README.md new file mode 100644 index 0000000..01f0679 --- /dev/null +++ b/TeachersGroupUpdate-Education domain/README.md @@ -0,0 +1,33 @@ +# TeachersGroupUpdate-Education domain + +# Description +Script will update the **All teachers** distribution list members, it checks the users who have teacher license are added to the **All teachers** distribution list, users who haven't assigned with teacher license are not added to All Teachers DL + +System should have the AzureADPreview module [`Install-Module AzureADPreview`](https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0-preview#installing-the-azure-ad-module) to execute the script + +# Inputs +Global Administrator or Azure AD Administrator credentials + +# Prerequisites +As an Administrator, type PowerShell in the start menu + +Right-click on Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt. +1. Type the following within PowerShell and then press Enter: + + `Install-Module AzureAd` + +2. Type Y at the prompt.Press Enter + +3. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter.The module will now install + +# How to run the script +To run the script you will need to either download it or copy and paste the script into Powershell + +Provide the global administrator credentials or AzureAD admin credentials when it prompts + +Hit enter to continue + +# Output +Script will provide the count of teachers who has the teacher license and count of teachers in Distribution List + +A log file will be generated with exceptions, errors along with script execution time diff --git a/TeachersGroupUpdate-Education domain/TeachersGroupUpdate.ps1 b/TeachersGroupUpdate-Education domain/TeachersGroupUpdate.ps1 new file mode 100644 index 0000000..78e6f7a --- /dev/null +++ b/TeachersGroupUpdate-Education domain/TeachersGroupUpdate.ps1 @@ -0,0 +1,42 @@ +#This script will update All teachers distributation list based on teacher license +$logfile = ".\TeachersGroupUpdate-Education domainlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +if(Get-Module -ListAvailable -Name AzureAD) + { + Write-Host "AzureAD Already Installed" + } + else { + try { + Write-Host "AzureAD is installing" + Install-Module -Name AzureAD + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } +$credential = get-credential +Connect-AzureAD -Credential $credential +$group = Get-AzureADGroup -SearchString "all teachers" +$groupid = $group.objectid +$user = Get-AzureADUser -All $true | where {$_.AssignedLicenses -like "*94763226-9b3c-4e75-a931-5c89701abe66*"} +$userid = $user.objectid +$memeber = get-AzureADGroupMember -All $true -ObjectId $groupid +$memberid = $memeber.objectid +foreach ($userid in $userid) +{ + if ($userid -notin $memberid) + { + try{ + Add-AzureADGroupMember -ObjectId $groupid -RefObjectId $userid + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } +} +Get-AzureADSubscribedSku | ft *skupart*,*consu* +(Get-AzureADGroupMember -all $true -ObjectId $groupid).count +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamOwnerMemberandChannel details/Readme.md b/TeamOwnerMemberandChannel details/Readme.md new file mode 100644 index 0000000..6b46ffe --- /dev/null +++ b/TeamOwnerMemberandChannel details/Readme.md @@ -0,0 +1,47 @@ +# TeamOwnerMemberandChannel details + +# Description +The script returns owners, members of a Team and channels of a Team by providing the required input 1 or 2 + + 1- To get the TeamsOwnerandMember details of a team in tenant + 2- To get the available channels in each Team + +# Prerequisites + +1. As an Administrator, type PowerShell in the start menu. Right-click Windows PowerShell, then select Run as Administrator +Click Yes at the UAC prompt + +2. Type the following within PowerShell and then press Enter:\ +     **`Install-Module MicrosoftTeams`** + +3. Type Y at the prompt. Press Enter + +4. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +5. Run the script, please provide the Global Administrator credentials or Teams Administrator credentials + +# If Input=1 + +First, it will get the available Teams in the tenat\ +For each Team, it will fetch the owners and members of the team + +# Output + +Script will export **Teamoutput.csv** in the current folder contains fields + +| Team Name | Team Id | Team Owner | Team member | + +# If input=2 + +First, it will get the available Teams in the tenat\ +For each Team, it will fetch the TeamId, TeamDisplayname and ChannelName of the team + +# Output + +Script will export the **Channeloutput.csv** in the current folder + +Output contains + +| TeamId | TeamDisplayname | ChannelName | + +A log file will be generated with exceptions, errors along with script execution time diff --git a/TeamOwnerMemberandChannel details/TeamOwnerMemberandchanneldetails.ps1 b/TeamOwnerMemberandChannel details/TeamOwnerMemberandchanneldetails.ps1 new file mode 100644 index 0000000..639c1c0 --- /dev/null +++ b/TeamOwnerMemberandChannel details/TeamOwnerMemberandchanneldetails.ps1 @@ -0,0 +1,80 @@ +#This script returns owners, members of a Team, and channels of a Team by providing the required input 1 or 2 +$logfile = ".\TeamOwnerMemberandChanneldetailslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +connect-microsoftteams + function Get-Result(){ + Write-Host "1-To get the Team Owner and Member details + 2-To get the Channel details" + + $proceed = Read-host "Please provide input number 1 or 2" + + if ($proceed -eq '1') + { + try{ + $Teams = get-team + foreach ($team in $Teams) + { + $groupid = $team.Groupid + $displayname = $team.DisplayName + $Teammember = get-teamuser -GroupId "$groupid" -Role Member + $TeamOwner = get-teamuser -GroupId "$groupid" -Role Owner + + $Members = [string]::Join("; ",$Teammember.User) + $Owner = [string]::Join("; ",$TeamOwner.User) + #$groupid + #$Memebrs + #Owner + + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name Teamid $groupid + $file | add-member -MemberType NoteProperty -Name TeamDisplayname $displayname + $file | add-member -MemberType NoteProperty -Name Owner $Owner + $file | add-member -MemberType NoteProperty -Name Member $Members + $file | export-csv -path ".\Teamoutput.csv" -NoTypeInformation -Append + } + + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + elseif($proceed -eq '2') + { + try{ + $Teams = get-team + foreach ($team in $Teams) + { + $channel=Get-Teamchannel -GroupId $team.Groupid + $channels = [string]::Join("; ",$channel.DisplayName) + + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name Teamid $team.Groupid + $file | add-member -MemberType NoteProperty -Name TeamDisplayname $team.displayname + $file | add-member -MemberType NoteProperty -Name ChaneelName $channels + $file | export-csv -path ".\channeloutput.csv" -NoTypeInformation -Append + } + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + } + do + { + $ProceedNext = Read-host "To proceed enter Y to continue" + if ($ProceedNext -eq "Y" ) + { + Get-Result + } + else + { + break + } + } + while($true); + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +$resultTime.TotalSeconds +#end of script diff --git a/TeamOwnerMemberandChannel details/Teamoutput.csv b/TeamOwnerMemberandChannel details/Teamoutput.csv new file mode 100644 index 0000000..c237320 --- /dev/null +++ b/TeamOwnerMemberandChannel details/Teamoutput.csv @@ -0,0 +1,10 @@ +"Teamid","TeamDisplayname","Owner","Member" +"782e7c6e-9361-4ede-ba8a-9281b63f46b7","HR","admin@M365x726831.onmicrosoft.com; AllanD@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com", +"f81aec78-5108-4335-8ef7-53e1ee8fad02","IT team","admin@M365x726831.onmicrosoft.com; DebraB@M365x726831.OnMicrosoft.com","ChristieC@M365x726831.OnMicrosoft.com; PradeepG@M365x726831.OnMicrosoft.com; IsaiahL@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"bbf4f160-a141-4bc6-9902-088b44fe9ed1","UKG","admin@M365x726831.onmicrosoft.com; DebraB@M365x726831.OnMicrosoft.com; CameronW@M365x726831.OnMicrosoft.com; BrianJ@M365x726831.onmicrosoft.com","MeganB@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"4211b365-6663-40e3-b21d-f7c56a7d5374","Accounts","MeganB@M365x726831.OnMicrosoft.com","admin@M365x726831.onmicrosoft.com; PradeepG@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"6969a220-b5a8-485f-b78b-8f8828fbb266","ITPRO","rkk@M365x726831.onmicrosoft.com","admin@M365x726831.onmicrosoft.com; PradeepG@M365x726831.OnMicrosoft.com; MeganB@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"10e6f461-1fd4-419e-8fa8-f39fd3c7f82a","Operations group","admin@M365x726831.onmicrosoft.com","admin@M365x726831.onmicrosoft.com; PradeepG@M365x726831.OnMicrosoft.com; MeganB@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"62bb057a-7bc6-4835-9894-3dcdfe7a14e8","NewTeam","admin@M365x726831.onmicrosoft.com","admin@M365x726831.onmicrosoft.com; PradeepG@M365x726831.OnMicrosoft.com; MeganB@M365x726831.OnMicrosoft.com; kartheek@M365x726831.onmicrosoft.com" +"c614c9b5-2b82-4d55-b97a-1bb7bde2ffa4","Deployment team","admin@M365x726831.onmicrosoft.com","swathi@M365x726831.onmicrosoft.com" +"d848e7aa-fffe-446b-a11c-0f356d21fc51","TestTeam","admin@M365x726831.onmicrosoft.com","swathi@M365x726831.onmicrosoft.com" diff --git a/TeamsAppSetupPolicy/README.md b/TeamsAppSetupPolicy/README.md new file mode 100644 index 0000000..3b37e28 --- /dev/null +++ b/TeamsAppSetupPolicy/README.md @@ -0,0 +1,98 @@ +# TeamsAppSetupPolicy + +# Description + +Creating a new custom Teams app setup policy and assigning a custom Teams app setup policy to user/users + +# Prerequisites + +Follow the below steps to create new Teams App Setup Policy: + +[Login into the Teams Admin centre](https://admin.teams.microsoft.com) + +Click on Teams apps **→** Setup policies + +![SetupPolicy](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-setuppoliocy.png) + +Click Add + +![Add](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-Add.png) + +Choose options for policy + +![Chooseoption](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-choose%20option.png) + +Choose Pinned apps by clicking Add apps + +![ChoosePinnedApps](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-PinnedApps.png) + + Search apps + + ![AddPinnedApps](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-AddPinnedApps.png) + + Click save + +Now we can apply Teams app setup policy using the script + +As an Administrator, type PowerShell in the start menu + +Right-click on Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt + +1. Type the following within PowerShell and then press Enter: + + [`Install-Module MicrosoftTeams`](https://docs.microsoft.com/en-us/microsoftteams/teams-powershell-install) + +2. Type Y at the prompt. Press enter + +3. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +Run the script, provide the Global Administrator credentials or Teams Administrator credentials + ....................... + +For single user use `TeamsAppsetuppolicy-SingleUser` + +Run the script, provide the inputs + + # Input + + PolicyName + + Example:apptest236 + + User + + Example:davidchew@contoso.com + +# Example + +![DetailsScreenshot](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-Deatilsscreenshot.png) + +Supply credentials + +![Credentials](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-Credentialspage.png) + +It will assign the policy to the user + ................... + +For bulk users use `TeamsAppsetuppolicy - Bulk users`, +Provide the input in `AssignTeamsAppsetupPolicy.csv file` + +# Input + + | User | PolicyName | + |----------|------------ | + | User1 | Policy1 | + | User2 | Policy2 | + + +Run the `TeamsAppsetuppolicy - Bulk users` script + +Provide the Administrator credentials + +![Credentials](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/TeamsAppSetupPolicy-Credentialspage.png) + +# Output + +The policy will assign to respective users + +A log file will be generated with exceptions, errors along with script execution time diff --git a/TeamsAppSetupPolicy/TeamsAppSetupPolicy-SingleUser.ps1 b/TeamsAppSetupPolicy/TeamsAppSetupPolicy-SingleUser.ps1 new file mode 100644 index 0000000..1661c87 --- /dev/null +++ b/TeamsAppSetupPolicy/TeamsAppSetupPolicy-SingleUser.ps1 @@ -0,0 +1,35 @@ +#This script will assign custom Teams app setup policy to the user using PowerShell cmdlets +param( +[Parameter(Mandatory=$true)][System.String]$Policyname, +[Parameter(Mandatory=$true)][System.String]$user +) +$logfile = ".\TeamsAppSetupPolicySingleUserlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +If(Get-Module -ListAvailable -Name SkypeOnlineConnector) + { + Write-Host "SkypeOnlineConnector Already Installed" + } + else { + try { + Write-Host "Installing SkypeOnlineConnector" + Install-Module -Name SkypeOnlineConnector + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } +Import-Module SkypeOnlineConnector +$sfbSession = New-CsOnlineSession +Import-PSSession $sfbSession -AllowClobber +try{ +Grant-CsTeamsAppsetupPolicy -policyname "$Policyname" -Identity $user +get-csonlineuser -Identity "$user" |ft TeamsappsetupPolicy,UserPrincipalName +} +catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsAppSetupPolicy/TeamsAppsSetupPolicy - Bulk users.ps1 b/TeamsAppSetupPolicy/TeamsAppsSetupPolicy - Bulk users.ps1 new file mode 100644 index 0000000..f43bb59 --- /dev/null +++ b/TeamsAppSetupPolicy/TeamsAppsSetupPolicy - Bulk users.ps1 @@ -0,0 +1,46 @@ +#This script will assign custom Teams app setup policy to the users using PowerShell cmdlets, declare the file path and sheet name + +$logfile = ".\TeamsAppSetupPolicyBulkUserlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + + $file = ".\AssignTeamsAppsetupPolicy.xlsx" + $sheetName = "Sheet1" + +#Create an instance of Excel.Application and Open Excel file + $objExcel = New-Object -ComObject Excel.Application + $workbook = $objExcel.Workbooks.Open($file) + $sheet = $workbook.Worksheets.Item($sheetName) + $objExcel.Visible = $false +#Count max row + $rowMax = ($sheet.UsedRange.Rows).count + +#Declare the starting positions + $rowUser, $colUser = 1, 1 + $rowPolicyname, $colPolicyname = 1, 2 +$credential = Get-credential +Import-Module SkypeOnlineConnector +$sfbSession = New-CsOnlineSession +Import-PSSession $sfbSession +#loop to get values and store it + for ($i = 1; $i -le $rowMax - 1; $i++) { + + $User = $sheet.Cells.Item($rowUser + $i, $colUser).text + $Policyname = $sheet.Cells.Item($rowPolicyname + $i, $colPolicyname).text + try{ + Grant-CsTeamsAppsetupPolicy -policyname "$Policyname" -Identity $user + } +Catch { + $_.Exception | Out-File $logfile -Append + } + try{ +get-csonlineuser -Identity "$user" |ft DisplayName,TeamsappsetupPolicy +} +Catch { + $_.Exception | Out-File $logfile -Append + } +} +$objExcel.quit() +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsCreationAlongwithChannelandRole/README.md b/TeamsCreationAlongwithChannelandRole/README.md new file mode 100644 index 0000000..8be73ff --- /dev/null +++ b/TeamsCreationAlongwithChannelandRole/README.md @@ -0,0 +1,98 @@ +# TeamsCreationAlongwithChannelandRole + +# Description + +The script is to create Teams along with channel and role + +Provide the input data `TeamName` `ChannelName` `Owner` `Member` and `Visibility` in .csv format and provide the path location in script + +The script will generate the `output.csv` file which holds the details of created TeamName, TeamOwner, Member, ChannelName, ChannelId + +# Prerequisites + +1. As an Administrator, type PowerShell in the start menu. Right-click on Windows PowerShell, then select Run as Administrator. Click Yes at the UAC prompt + +2. Type the following within PowerShell and then press Enter:\ +     **`Install-Module MicrosoftTeams`** + +3. Type Y at the prompt. Click enter + +4. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +# Inputs + + DisplayName, ChannelName, Owner, Member, Visibility + +# Parameters + +**`-DisplayName`** + +Team display name. Characters Limit - 256 +* * * +Type: String +* * * +Position: Named +* * * +Default value: None +* * * +Accept pipeline input: True +* * * +Accept wildcard characters: False + +**`-ChannelName`** + +Channel display name. Names must be 50 characters or less, and can't contain the characters # % & * { } / \ : < > ? + | ' " +- - - +Type: String +- - - +Position: Named +- - - +Default value: None +- - - +Accept pipeline input: True + - - - +Accept wildcard characters: False + + +**`-Visibility`** + +Set to Public to allow all users in your organization to join the group by default. Set to Private to require that an owner approve the join request + +Type: String +* * * +Position: Named +* * * +Default value: Private +* * * +Accept pipeline input: True +* * * +Accept wildcard characters: False + +**`-Owner`** + +An admin who is allowed to create on behalf of another user should use this flag to specify the desired owner of the group. This user will be added as both a member and an owner of the group. If not specified, the user who creates the team will be added as both a member and an owner +* * * +Type: String +* * * +Position: Named +* * * +Default value: None +* * * +Accept pipeline input: True +* * * +Accept wildcard characters: False + +# How to run the script + +To run the script you will need to either download it or copy and paste the script into PowerShell + +Provide the Global Administrator credentials or Teams Administrator credentials when it prompts + +After execution script will export the created Teams details of MicrosoftTeams in your tenant with following details to an `output.csv` file + +# Output + +| TeamName |TeamId | ChannelName |ChannelId |TeamOwner | Team Member | +|----------|-------|-------------|----------|----------|-------------| + +A log file will be generated with exceptions, errors along with script execution time diff --git a/TeamsCreationAlongwithChannelandRole/Teams creation along with channel and role.Ps1 b/TeamsCreationAlongwithChannelandRole/Teams creation along with channel and role.Ps1 new file mode 100644 index 0000000..fa2ad74 --- /dev/null +++ b/TeamsCreationAlongwithChannelandRole/Teams creation along with channel and role.Ps1 @@ -0,0 +1,35 @@ +# This script is to create Teams along with channel and role by providing input data TeamName, ChannelName, Owner, Member and Visibility in TeamsCreationAlongWithChannelRole.csv file + +$logfile = ".\TeamsCreationAlongWithChannelRolelog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +Connect-MicrosoftTeams +$Groups= Import-Csv -path ".\TeamsCreationAlongWithChannelRole.csv" +foreach($Group in $Groups) +{ +try{ +$Teams = New-team -DisplayName $Group.TeamName -Owner $group.Owner -Visibility $Group.Visibility +$groupid = $teams.GroupId +$teamchannel = New-TeamChannel -DisplayName $group.ChannelName -GroupId $groupid +$teamuser = Add-TeamUser -GroupId $groupid -User $group.Member -Role Member + +if($Teams -ne $null) +{ + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name TeamName $Teams.DisplayName + $file | add-member -MemberType NoteProperty -Name Teamid $Teams.groupid + $file | add-member -MemberType NoteProperty -Name channelName $teamchannel.DisplayName + $file | add-member -MemberType NoteProperty -Name channelId $teamchannel.ID + $file | add-member -MemberType NoteProperty -Name TeamOwner $group.Owner + $file | add-member -MemberType NoteProperty -Name TeamMember $group.Member + $file | export-csv -path ".\Output.csv" -NoTypeInformation -Append + } + } +catch{ +$_.Exception.Message | out-file -Filepath $logfile -append +} +} + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsLicenseStatusForEachTenantUser/README.md b/TeamsLicenseStatusForEachTenantUser/README.md new file mode 100644 index 0000000..d92df7c --- /dev/null +++ b/TeamsLicenseStatusForEachTenantUser/README.md @@ -0,0 +1,75 @@ +# TeamsLicenseStatusForEachTenantUser + +# Description + +This script will check each tenant user license and MicrosotTeams subscription. If the assigned license is in disabled mode, script will enable it. If the user doesn’t have any of Teams license it will print the user name in the output file + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure App and tenant id from Azure portal + +#### Required Permissions + +|Permission type |Permissions (from least to most privileged)| +|---|----| +|Application |User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All| + +# Example + +If user don't have Teams license it will export users list + +If user assigned with Teams license but it is in disable status - script will enable the status + +# Parameters + +`-isLicensed` + +Whether or not the user has any licenses assigned + +Type: SkuPartNumber + +# Inputs + +Client_Id, Client_Secret, Tenantid + +# Procedure to run the script + + To excute `TeamsLicenseStatusForEachTenantUser` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + + Please provide active directory admin credentials to connect `connect-msolservice` + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide Administrator credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in the script + +# Output + + Once the script executed, it generates the `Nolicense.csv` file contains no license users + +##### Example + +|UserName | Userid | Status | +|----------|---------|--------| +|David Chew|81701046-cb37-439b-90ce-2afd9630af7d|No| diff --git a/TeamsLicenseStatusForEachTenantUser/TeamsLicensestatusforEachTenantUser.ps1 b/TeamsLicenseStatusForEachTenantUser/TeamsLicensestatusforEachTenantUser.ps1 new file mode 100644 index 0000000..e439917 --- /dev/null +++ b/TeamsLicenseStatusForEachTenantUser/TeamsLicensestatusforEachTenantUser.ps1 @@ -0,0 +1,134 @@ +#This script will check the user Teams license status and enables it, if it is in disable mode + #If the user doesn’t have any of Teams license it will print the user name in the output(Nolicense.csv) file + +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) + +$logfile = ".\TeamsLicenseStatusForEachTenantUserlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin +Connect-MsolService + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + Catch { + $_.Exception | Out-File $logfile -Append + } + + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + $uri = "https://graph.microsoft.com/v1.0/users" + try{ + $group = Invoke-RestMethod -Headers $Header -Uri $uri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + do + { + foreach($value in $group.value) + { + $id = $value.id + $UPN = $value.userPrincipalName + + #Check if user is assigned any license + $licenseuri = "https://graph.microsoft.com/v1.0/users/" + "$id" + "/licenseDetails" + try{ + $licenseresult = Invoke-RestMethod -Headers $Header -Uri $licenseuri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + $licensevalue = $licenseresult.value + $skuids = $licensevalue.skuId + $licenses = $licensevalue.skuPartNumber + $serviceplan = $licensevalue.servicePlans + $TeamslicenseStatus = $serviceplan | where {($_.servicePlanName -eq 'Teams1')} + + $provisioningStatus = $TeamslicenseStatus.provisioningStatus + #$fulllicense = [string]::Join(", ",$license) + + $useruri = "https://graph.microsoft.com/v1.0/users/" + $id + try{ + $userresult = Invoke-RestMethod -Headers $Header -Uri $useruri -Method Get + } + Catch { + $_.Exception | Out-File $logfile -Append + } + if((!$licensevalue) -or (!$TeamslicenseStatus)){ + write-host "user dont have license" + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name userid $id + $file | add-member -MemberType NoteProperty -Name UserName $userresult.displayname + $file | add-member -MemberType NoteProperty -Name Status "No" + $file | export-csv -path ".\Nolicense.csv" -NoTypeInformation -Append + + } + + elseif($provisioningStatus -eq 'Success') + { + write-host "This user having valid Teams license-" $value.userPrincipalName + $MSlicense = "Enable" + } + else{ + + $a = Get-MsolUser -UserPrincipalName $UPN | select -ExpandProperty licenses + $b = $a.AccountSkuId + foreach($x in $b){ + #$license_service_plans = New-MsolLicenseOptions -AccountSkuId "M365EDU032767:M365EDU_A5_FACULTY" + $license_service_plans = New-MsolLicenseOptions -AccountSkuId "$x" + try{ + Set-MsolUserLicense -UserPrincipalName "$UPN" -LicenseOptions $license_service_plans + } + Catch { + $_.Exception | Out-File $logfile -Append + } + write-host "MicrosoftTeams licence has been enabled for user" $UPN + } + } + } + +if ($group.'@odata.nextLink' -eq $null ) + { + break + } + else + { + $group = Invoke-RestMethod -Headers $Header -Uri $group.'@odata.nextLink' -Method Get + } + }while($true); + } + + else +{ + write-host "You need to login admin consent in order to continue... " +} +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsLoginLogs/README.md b/TeamsLoginLogs/README.md new file mode 100644 index 0000000..73c1398 --- /dev/null +++ b/TeamsLoginLogs/README.md @@ -0,0 +1,67 @@ +# TeamsLoginLogs + +# Description + +Retrieve the MicrosoftTeams user log-ins for your tenant, script will check audit logs and export the file, contains Teams login username along with device name + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure app and tenant id from Azure portal + +#### Required Permissions + + | Permission type | Permissions (from least to most privileged)| + |------------------------------------|---------------------------------------------| + | Application | AuditLog.Read.All and Directory.Read.All | + +# Parameters + +`-Auditlogs` + + Records of system activities + + Type: Logs + +# Inputs + +Client_Id, Client_Secret, Tenantid + + # Procedure to run the script + + To execute `TeamsLoginLogs` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide Administrator credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in the script + +# Output + + Script will generate the _loginstatusoutput. csv_ output file + + #### Example + + | UserUPN | CreatedDateTime | AppDisplayName | IsInteractive | DeviceDetail | + |----------|-------------------|-------------------|---------------|----------------| + |davidchew@contoso.com|2020-03-23T15:10:59.2906713Z |Microsoft Teams Web Client| FALSE| @{deviceId=; displayName=; operatingSystem=Windows 10; browser=Chrome 80.0.3987; isCompliant=; isManaged=; trustType=}| diff --git a/TeamsLoginLogs/TeamsLoginLogs.ps1 b/TeamsLoginLogs/TeamsLoginLogs.ps1 new file mode 100644 index 0000000..312f980 --- /dev/null +++ b/TeamsLoginLogs/TeamsLoginLogs.ps1 @@ -0,0 +1,91 @@ +# This script will filter microsoft teams login logs. +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\Teamsloginlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + $Audits="https://graph.microsoft.com/v1.0/auditLogs/signIns" + try{ + $AuditResults = Invoke-RestMethod -Headers $Header -Uri $Audits -Method get -ContentType 'application/json' + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + try{ + foreach($AuditResult in $AuditResults.value) + { + $AppDisplayName =$AuditResult.appDisplayName + $createdDateTime =$AuditResult.createdDateTime + $resourceDisplayName = $AuditResult.resourceDisplayName + $status = $AuditResult.status + $errorCode = $status.errorCode + $userPrincipalName =$AuditResult.userPrincipalName + $deviceDetail = $AuditResult.deviceDetail + $isInteractive = $AuditResult.isInteractive + $deviceDetails = [string]::Join("* ",$deviceDetail) + + +if((($AppDisplayName -eq "Microsoft Teams Web Client") -or ($AppDisplayName -eq "Microsoft Teams")) -and ($errorCode -eq "0") -and ($isInteractive -eq $True) -and ("Microsoft Teams Chat Aggregator", "Office 365 Exchange Online", "Skype Presence Service", "Microsoft Stream Service", "Call Recorder" -notcontains $resourceDisplayName)) + +{ + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name UserUPN $userPrincipalName + $file | add-member -MemberType NoteProperty -Name CreatedDateTime $createdDateTime + $file | add-member -MemberType NoteProperty -Name AppDisplayName $AppDisplayName + $file | add-member -MemberType NoteProperty -Name isInteractive $isInteractive + $file | add-member -MemberType NoteProperty -Name deviceDetail $deviceDetails + $file | export-csv -path ".\loginstatusoutput.csv" -NoTypeInformation -Append + } + + else{ + write-host ".." + }} + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + else + { + write-host "re run the script and choose Y to proceed" + } + + + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsOwnerMembers details/Readme.md b/TeamsOwnerMembers details/Readme.md new file mode 100644 index 0000000..6dddb35 --- /dev/null +++ b/TeamsOwnerMembers details/Readme.md @@ -0,0 +1,41 @@ +# Teams Owner Members details + +# Description +The script will fetch the Teams owner and members details + +# Prerequisite + [Install-Module MicrosoftTeams](https://www.powershellgallery.com/packages/MicrosoftTeams/1.0.6) + +# Procedure + +1. As an Administrator, type PowerShell in the start menu. Right-click Windows PowerShell, then select Run as Administrator. +Click Yes at the UAC prompt + +2. Type the following within PowerShell command prompt and then press enter + + **`Install-Module MicrosoftTeams`** + +3. Type Y at the prompt, press enter + +4. If you are prompted for an untrusted repository, then type A (Yes to All) and press Enter. The module will now install + +- Get the script from `Teams_Owner and Members details.ps1` and paste it in Windows PowerShell command prompt +- Run the script, it will process the below steps + + 1. Provide the Teams Administrator credentials to connect to MicrosoftTeams + 2. It will get the available Teams in the tenant + 3. After getting the available Teams in tenant, script will fetch the owner and members of each Team\ + Then exports the details of Teams in your tenant to a .csv file,**Output.csv** will store in the current folder +# Example + ```bash + Get-Teamuser -GroupId 5e4aac3a-2547-4645-bb56-dafdb8733ccd -Role Member + ``` +```bash + Get-Teamuser -GroupId 5e4aac3a-2547-4645-bb56-dafdb8733ccd -Role Owner + ``` +# Output + The details of each Team will stores in a .csv file with below details + + |Team Name| Team id|Team Owner|Team member| + + A log file will be generated with exceptions, errors along with script execution time diff --git a/TeamsOwnerMembers details/TeamsOwnerMembersDetails.ps1 b/TeamsOwnerMembers details/TeamsOwnerMembersDetails.ps1 new file mode 100644 index 0000000..31beca9 --- /dev/null +++ b/TeamsOwnerMembers details/TeamsOwnerMembersDetails.ps1 @@ -0,0 +1,43 @@ +# This script will provide Teams Owner and member details using teams module cmdlets +$logfile = ".\TeamsOwnerMembersdetailslog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now +If(Get-Module -ListAvailable -Name MicrosoftTeams) + { + Write-Host "MicrosoftTeams Already Installed" + } + else { + try { Install-Module -Name MicrosoftTeams + Write-Host "Installed MicrosoftTeams" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } +connect-microsoftteams +try{ +$Teams = get-team +foreach ($team in $Teams) + { + $groupid = $team.Groupid + $displayname = $team.DisplayName + $Teammember = get-teamuser -GroupId "$groupid" -Role Member + $TeamOwner = get-teamuser -GroupId "$groupid" -Role Owner + $Members = [string]::Join("; ",$Teammember.User) + $Owner = [string]::Join("; ",$TeamOwner.User) + + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name Teamid $groupid + $file | add-member -MemberType NoteProperty -Name TeamDisplayname $displayname + $file | add-member -MemberType NoteProperty -Name Owner $Owner + $file | add-member -MemberType NoteProperty -Name Member $Members + $file | export-csv -path ".\Teamoutput.csv" -NoTypeInformation -Append + } + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsSigninLogs/README.md b/TeamsSigninLogs/README.md new file mode 100644 index 0000000..19e0f25 --- /dev/null +++ b/TeamsSigninLogs/README.md @@ -0,0 +1,65 @@ +# TeamsSigninLogs + +# Description + +Retrieve the MicrosoftTeams user sign-ins for your tenant, script will check audit logs and export the file, it contains the Teams sign-in username along with device name + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure App and tenant id from Azure portal + +#### Required Permissions + + | Permission type | Permissions (from least to most privileged)| + |------------------------------------|---------------------------------------------| + | Application | AuditLog.Read.All and Directory.Read.All | + +# Parameters + +`-Auditlogs` + + records of system activities + + Type: Logs + +# Inputs + +Client_Id, Client_Secret, Tenantid + + # Procedure to run the script + + To execute `TeamsSigninLogs` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId and hit enter to proceed further on the script + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide Administrator credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in script + +# Output + +_Signinoutput. csv_ is the final output file having sign-in details + + | UserUPN | CreatedDateTime | resourceDisplayName | AppDisplayName | IsInteractive | DeviceDetail | + |----------|-------------------|---------------------|------------------|--------------|----------------| + |davidchew@contoso.com|2020-03-23T15:10:59.2906713Z|Microsoft Teams Web Client |FALSE |@{deviceId=; displayName=; operatingSystem=Windows 10; browser=Chrome 80.0.3987; isCompliant=; isManaged=; trustType=}| diff --git a/TeamsSigninLogs/TeamsSigninLogs.ps1 b/TeamsSigninLogs/TeamsSigninLogs.ps1 new file mode 100644 index 0000000..de4ec40 --- /dev/null +++ b/TeamsSigninLogs/TeamsSigninLogs.ps1 @@ -0,0 +1,97 @@ +# This script will filter microsoft teams signin logs. +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid + ) +$logfile = ".\Teamssigninlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + + + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + + $Audits="https://graph.microsoft.com/v1.0/auditLogs/signIns" + try{ + $AuditResults = Invoke-RestMethod -Headers $Header -Uri $Audits -Method get -ContentType 'application/json' + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + + try{ + foreach($AuditResult in $AuditResults.value) + { + $AppDisplayName =$AuditResult.appDisplayName + $createdDateTime =$AuditResult.createdDateTime + $resourceDisplayName = $AuditResult.resourceDisplayName + $status = $AuditResult.status + $errorCode = $status.errorCode + $userPrincipalName =$AuditResult.userPrincipalName + $deviceDetail = $AuditResult.deviceDetail + $isInteractive = $AuditResult.isInteractive + $deviceDetails = [string]::Join("* ",$deviceDetail) + + +if((($AppDisplayName -eq "Microsoft Teams Web Client") -or ($AppDisplayName -eq "Microsoft Teams")) -and ($errorCode -eq "0") -and ("Microsoft Teams Chat Aggregator", "Office 365 Exchange Online", "Skype Presence Service", "Microsoft Stream Service", "Call Recorder" -notcontains $resourceDisplayName)) + +{ + $file = New-Object psobject + $file | add-member -MemberType NoteProperty -Name UserUPN $userPrincipalName + $file | add-member -MemberType NoteProperty -Name CreatedDateTime $createdDateTime + $file | add-member -MemberType NoteProperty -Name resourceDisplayName $resourceDisplayName + $file | add-member -MemberType NoteProperty -Name AppDisplayName $AppDisplayName + $file | add-member -MemberType NoteProperty -Name isInteractive $isInteractive + $file | add-member -MemberType NoteProperty -Name deviceDetail $deviceDetails + $file | export-csv -path ".\Signinoutput.csv" -NoTypeInformation -Append + } + + else{ + write-host ".." + } + + } + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + else + { + write-host "re run the script and choose Y to proceed" + } + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/TeamsUserActivity/README.md b/TeamsUserActivity/README.md new file mode 100644 index 0000000..68af76a --- /dev/null +++ b/TeamsUserActivity/README.md @@ -0,0 +1,79 @@ +# TeamsUserActivity + +# Description + +Use the MicrosoftTeams activity reports to get insights into the Microsoft Teams user activity in your organization. The period specifies the length of time over which the report is aggregated. The supported values for {period_value} are: D7, D30, D90, and D180 + +Provide the number(1,2,3) to get the MicrosoftTeams user activity reports + +Reference [Microsoft Teams user activity reports](https://docs.microsoft.com/en-us/graph/api/resources/microsoft-teams-user-activity-reports?view=graph-rest-1.0) + +# Prerequisites + +[Create a new Azure App](https://docs.microsoft.com/en-us/graph/auth-register-app-v2) + +[How to apply permissions](https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration) to your newly created App + +Please collect client id, client secret from created Azure App and tenant id from Azure portal + +#### Required Permissions + +|Permission type |Permissions (from least to most privileged)| +|----|---| +|Application |Reports.Read.All| + +# Example + +For input 1 + +|Report Refresh Date |User Principal Name |Last Activity Date |Is Deleted| Deleted Date |Assigned Products |Team Chat Message Count| Private Chat Message Count |Call Count |Meeting Count|Has Other Action |Report Period| +|---|---|---|---|---|---|---|---|---|---|---|---| +|25-02-2020|IrvinS@M365x726831.OnMicrosoft.com |FALSE |ENTERPRISE MOBILITY + SECURITY E5+OFFICE 365 E5 |0 |0| 0 |0| No |30| + +# Parameters + +`-Days` + +Total number of days + +Type: String + +# Inputs + +Client_Id, Client_Secret, Tenantid, Period + +1-GetTeamsUserActivityUserDetail + +2-GetTeamsUserActivityCounts + +3-GetTeamsUserActivityUserCounts + + # Procedure to run the script + + To execute `TeamsUserActivity` download/copy and paste the script into PowerShell + + Provide the input parameters Client_Id, Client_Secret, TenantId, Period and hit enter to proceed further on the script + + Now the script will redirect to the web page for login + + ![Signin](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Siginin.png) + + Provide Administrator credentials i.e user ID and password + + Press enter to continue + + Once you are login it will show the below image for grant permissions for the app to perform operations + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions.png) + + ![GrantPermission](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/GrantPermissions2.png) + + **Click Accept** + + If you have provided the correct credentials it will give success status `admin_consent = True` + + Now press Y to proceed further in script + +# Expected Output + +Script will generate the TeamsUserActivity reports for provided input diff --git a/TeamsUserActivity/TeamsUserActivity.ps1 b/TeamsUserActivity/TeamsUserActivity.ps1 new file mode 100644 index 0000000..8e619cf --- /dev/null +++ b/TeamsUserActivity/TeamsUserActivity.ps1 @@ -0,0 +1,94 @@ +# This script will filter microsoft teams user activity for period value: D7, D30, D90, and D180 +param( + [Parameter(Mandatory=$true)][System.String]$client_Id, + [Parameter(Mandatory=$true)][System.String]$Client_Secret, + [Parameter(Mandatory=$true)][System.String]$Tenantid, + [Parameter(Mandatory=$true)][System.String]$period + ) +$logfile = ".\Teamsuseractivitylog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +#Grant Adminconsent +$Grant= 'https://login.microsoftonline.com/common/adminconsent?client_id=' +$admin = '&state=12345&redirect_uri=https://localhost:1234' +$Grantadmin = $Grant + $client_Id + $admin + +Start-Process $Grantadmin +write-host "login with your tenant login detials to proceed further" + +$proceed = Read-host " Press Y to continue " +if ($proceed -eq 'Y') +{ + write-host "Creating Access_Token" + $ReqTokenBody = @{ + Grant_Type = "client_credentials" + client_Id = "$client_Id" + Client_Secret = "$Client_Secret" + Scope = "https://graph.microsoft.com/.default" + } + + $loginurl = "https://login.microsoftonline.com/" + "$Tenantid" + "/oauth2/v2.0/token" + try{ + $Token = Invoke-RestMethod -Uri "$loginurl" -Method POST -Body $ReqTokenBody -ContentType "application/x-www-form-urlencoded" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + + $Header = @{ + Authorization = "$($token.token_type) $($token.access_token)" + } + function Get-Result() { + write-host "1-getTeamsUserActivityUserDetail + 2-getTeamsUserActivityCounts + 3-getTeamsUserActivityUserCounts" + + $proceed = Read-host "Please provide number which Microsoft Teams user activity reports you want to proceed further" + + if ($proceed -eq '1') + { + $UserActivity="https://graph.microsoft.com/v1.0/reports/getTeamsUserActivityUserDetail(period='$period')" + $UserActivityResults = Invoke-RestMethod -Headers $Header -Uri $UserActivity -Method get -ContentType 'application/json' + $resultarray = ConvertFrom-Csv -InputObject $UserActivityResults + $resultarray | Export-Csv "getTeamsUserActivityUserDetail1.csv" -NoTypeInformation + } + + +elseif ($proceed -eq '2') +{ + $UserActivity="https://graph.microsoft.com/v1.0/reports/getTeamsUserActivityCounts(period='$period')" + $UserActivityResults = Invoke-RestMethod -Headers $Header -Uri $UserActivity -Method get -ContentType 'application/json' + $resultarray = ConvertFrom-Csv -InputObject $UserActivityResults + $resultarray | Export-Csv "getTeamsUserActivityCounts2.csv" -NoTypeInformation + + } + +elseif($proceed -eq '3') + { + $UserActivity="https://graph.microsoft.com/v1.0/reports/getTeamsUserActivityUserCounts(period='$period')" + $UserActivityResults = Invoke-RestMethod -Headers $Header -Uri $UserActivity -Method get -ContentType 'application/json' + $resultarray = ConvertFrom-Csv -InputObject $UserActivityResults + $resultarray | Export-Csv "getTeamsUserActivityUserCounts3.csv" -NoTypeInformation + + } + } + + do +{ + +$ProceedNext = Read-host "To Generate TeamUserActivity report, enter Y to continue" +if ($ProceedNext -eq "Y" ) + { + Get-Result + } + else + { + break + } + } + while($true); + } +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +#end of script diff --git a/UserPolicyAssignment/README.md b/UserPolicyAssignment/README.md new file mode 100644 index 0000000..a440fbc --- /dev/null +++ b/UserPolicyAssignment/README.md @@ -0,0 +1,33 @@ +# User Policy Assignment +# Description: +UserPolicyAssignment script will work for assigning custom user policies for N no. of users\ +To run the script please install [SFB online connector](https://www.microsoft.com/en-us/download/details.aspx?id=39366) +- Import the Module into Windows PowerShell +- Get the script from the `UserPolicyAssignment.ps1` file and paste it into Windows PowerShell, then run the script +- Script has all the available policies to the user listed below, please provide the required input from 1 to 12 to apply the policy + + 1- TeamsAppSetupPolicy + 2- TeamsMeetingPolicy + 3- TeamsCallingPolicy + 4- TeamsMessagingPolicy + 5- BroadcastMeetingPolicy + 6- TeamsCallParkPolicy + 7- CallerIdPolicy + 8- TeamsEmergencyCallingPolicy + 9- TeamsEmergencyCallRoutingPolicy + 10-VoiceRoutingPolicy + 11-TeamsAppPermissionPolicy + 12-TeamsDailPlan + +# Example +![User Policy](https://github.com/SwathiGugulot/Sample/blob/master/userpolisyAssignimage.PNG) \ +In the list of policies, provided input number 2 to apply TeamsMeetingPolicy to user/users +# Input + Keep the UserPricipleName in Input.Csv file + + ![Example](https://github.com/Geetha63/MS-Teams-Scripts/blob/master/Images/Userpolicyassignment.PNG) + +# Output +Custom policy assigned to the user + +A log file will be generated with exceptions, errors along with script execution time diff --git a/UserPolicyAssignment/UserPolicyAssignment.ps1 b/UserPolicyAssignment/UserPolicyAssignment.ps1 new file mode 100644 index 0000000..910d668 --- /dev/null +++ b/UserPolicyAssignment/UserPolicyAssignment.ps1 @@ -0,0 +1,224 @@ +# This script will assign policy to user using teams module cmdlets + +$logfile = ".\UserPolicyAssignmentlog_$(get-date -format `"yyyyMMdd_hhmmsstt`").txt" +$start = [system.datetime]::Now + +If(Get-Module -ListAvailable -Name MicrosoftTeams) + { + Write-Host "MicrosoftTeams Already Installed" + } + else { + try { Install-Module -Name MicrosoftTeams + Write-Host "Installed MicrosoftTeams" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } } + try{ +Connect-MicrosoftTeams +} + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + +$UserPrincipalNames = import-csv -path ".\PolicyAssignment.csv" +$UserPricipleNames = $PolicyAssignment.UserPricipleName +$count = $PolicyAssignment.Count +write-host "Running the script for users:" $count + +foreach($UserPrincipalName in $UserPrincipalNames.UserPrincipalName) +{ +Write-Host "To change the Applied Policy to user" $UserPrincipalName + + + function Get-Result() { + write-host "1- TeamsAppSetupPolicy + 2- TeamsMeetingPolicy + 3- TeamsCallingPolicy + 4- TeamsMessagingPolicy + 5- BroadcastMeetingPolicy + 6- TeamsCallParkPolicy + 7- CallerIdPolicy + 8- TeamsEmergencyCallingPolicy + 9- TeamsEmergencyCallRoutingPolicy + 10-VoiceRoutingPolicy + 11-TeamsAppPermissionPolicy + 12-TeamsDailPlan" +$proceed = Read-host "Please provide the policy number to Grant and proceed further" + + +if ($proceed -eq '1') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsAppSetupPolicy + Get-CSTeamsAppsetuppolicy |fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsAppSetupPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + + +elseif ($proceed -eq '2') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsMeetingPolicy + Get-CsTeamsMeetingPolicy |fl Identity + Grant-CsTeamsMeetingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + +elseif ($proceed -eq '3') +{ +try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsCallingPolicy + Get-CsTeamsCallingPolicy |fl Identity + $PolicyName= Read-Host "Please provide the Policy Name" + Grant-CsTeamsCallingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + +elseif ($proceed -eq '4') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsMessagingPolicy + Get-CsTeamsMessagingPolicy |fl Identity + $PolicyName = Read-Host "Please provide the Policy Name" + Grant-CsTeamsMessagingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + + +elseif ($proceed -eq '5') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl BroadcastMeetingPolicy + Get-CsBroadcastMeetingPolicy |fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsBroadcastMeetingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" +} +catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + +elseif ($proceed -eq '6') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsCallParkPolicy + Get-CsTeamsCallParkPolicy|fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsCallParkPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} + +elseif ($proceed -eq '7') +{ +try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl CallerIdPolicy + Get-CsTeamsCallerIdPolicy|fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsCallerIdPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} +elseif ($proceed -eq '8') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsEmergencyCallingPolicy + Get-CsTeamsEmergencyCallingPolicy |fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsEmergencyCallingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} +elseif ($proceed -eq '9') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsEmergencyCallRoutingPolicy + Get-CsTeamsEmergencyCallRoutingPolicy |fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsEmergencyCallRoutingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} +elseif ($proceed -eq '10') +{ + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl VoiceRoutingPolicy + Get-CsVoiceRoutingPolicy | fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsVoiceRoutingPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } +} +elseif ($proceed -eq '11') + { + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | fl TeamsAppPermissionPolicy + Get-CsTeamsAppPermissionPolicy |fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsTeamsAppPermissionPolicy -identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } + +elseif($proceed -eq '12') + { + try{ + Get-CsOnlineUser -Identity "$UserPrincipalName" | FL DialPlan + Get-CsDialPlan|fl Identity + $PolicyName=Read-Host "Please provide the Policy Name" + Grant-CsDialPlan -Identity "$UserPrincipalName" -PolicyName "$PolicyName" + } + catch{ + $_.Exception.Message | out-file -Filepath $logfile -append + } + } +} + +do +{ + +$ProceedNext = Read-host "Do you want to apply policy,press Y to continue" +if ($ProceedNext -eq "Y" ) + { + Get-Result + } + else + { + break + } + } + while($true); + } + +$end = [system.datetime]::Now +$resultTime = $end - $start +Write-Host "Execution took : $($resultTime.TotalSeconds) seconds." -ForegroundColor Cyan +$resultTime.TotalSeconds +#end of script