Are you new to Office 365? Maybe you are an early adopter like myself from the days back when it was called Business Productivity Online Suite; better known as BPOS. In BPOS there wasn’t a lot that you could do in the portal compared to today with Office 365. The feature set was smaller and you could only make certain configurations and many could only be done by using PowerShell. Having gone through the pain points of BPOS, compared to where we are today, there has been a huge evolution of the Office 365 platform. The feature set and capabilities are expanding at a rapid pace of what seems to be about every month now. Microsoft has a program called “First Release” that you can opt-in for in order to receive new product updates and features as they become available. In addition, Microsoft has realized that in a fast-pace services world that they need to communicate better with their customers in regards to updates. The Office 365 for business public roadmap allows customers to see what updates are planned and at what stage they are in.
So for the new users of Office 365, as well as those who have been resisting the use of PowerShell, I wanted to get you started with the ability to manage Office 365 using PowerShell. You may ask why should I use PowerShell? A quick and simple answer is to perform repeatable tasks in a faster/more efficient manner. In addition, some tasks can only be done using PowerShell. Once you see just how beneficial PowerShell is you will thank me. However, no thanks are needed. I do this for the fun of it and in hopes that I might help someone along the way.
Installation and Administration
Windows Azure Active Directory Module for Windows PowerShell is what we will use to run PowerShell commands against our O365 service. The module is supported in Windows 7 and higher and Server 2008 and higher. Assumption is that you have some basic PowerShell knowledge. If not, check out Pluralsight.
1. First, you need to install the Microsoft Online Services Sign-In Assistant which is a prerequisite for the WAAD module.
2. Once the MOS SIA has been installed you need to install the Windows Azure Active Directory Module for PowerShell.
3. Once installed you can search for the term “Azure” and you should find the WAAD Module for PowerShell. Be sure to Run as administrator. You may want to pin to start/taskbar or create a shortcut on the desktop for easy access.
4. With the module now open we need to connect to the service using the cmdlet below. Upon entering you will get a popup where you need to enter your O365 global admin credentials in the format username@domain. The absence of an error and the return to a prompt indicates a successful connection.
# Initiate connection to Office 365 Connect-MsolService
5. Lets look and see what cmdlets we have available to us. Piping this cmdlet to Measure-Object tells us that we have 84 cmdlets available to us at the time of this writing. Notice that all the nouns in the verb-noun format are prefixed with Msol.
# List available cmdlets for MSOnline module Get-Command -Module MSOnline # Measure how many cmdlets are available in MSOnline module Get-Command -Module MSOnline | Measure-Object
6. How about some help? You can use Get-Help followed by the <cmdlet> and -Full parameter. This will give you the most comprehensive help available including examples. Wildcards can be used as shown below.
# Get help on a cmdlet Get-Help Connect-MsolService -Full # Get help using wildcards Get-Help *-MsolUser
7. Now lets get down to a little bit of discovery. Let’s see the company info, domain info, and the product/licensing info.
# Get the company information Get-MsolCompanyInformation # Get domain information Get-MsolDomain # Get product or license plan information Get-MsolAccountSku
In the screenshot below you can see a review of the license plan and services included. Here we have an E3 plan with 5 licenses total and 4 are being consumed. The ServiceStatus property is where the services can be found. Here you can see that we have the following services available to us as part of this plan (InTune, Yammer, Azure AD, Office Pro, Skype for Business Online, Office Online, SharePoint Online, and Exchange Online). The status will be listed as either success, pending, or disabled.
8. What about my users? This cmdlet will display a listing of all users showing their UPN, DisplayName, and if they are licensed or not.
# Display all users showing UPN, Display Name, and License status Get-MsolUser
9. Here you can see that a user called ‘dtest’ is not licensed. We know from the previous screenshot that we have one available license to assign. Let’s assign a license to this user. Note: If the user does not have a UsageLocation assigned the command will error out.
10. Here is where the benefit of PowerShell really comes to light. What if we wanted to assign a license to all users that are not licensed? Keep in mind that you must have enough licenses available. Simply replace ‘gwpcdemo’ with your domain.
# Bulk add licenses to all unlicensed users Get-MsolUser -UnlicensedUsersOnly | Set-MsolUserLicense -AddLicenses "gwpcdemo:ENTERPRISEPACK"
11. To remove a user license just replace the -AddLicenses parameter with the -RemoveLicenses parameter. Insert your users UPN and your domain.
# Remove license from user Set-MsolUserLicense -UserPrincipalName "firstname.lastname@example.org" -RemoveLicenses "gwpcdemo:ENTERPRISEPACK"
12. What if you wanted to view/edit the password policy settings. The notification period is between 1-30 days and the validity period is between 14-730 days. Note: Password policy can only be set using these commands for accounts that aren’t synchronized through Active Directory synchronization.
# Get Password Policy Settings Get-MsolPasswordPolicy -Domain "gwpcdemo.com" # Change the password policy Set-MsolPasswordPolicy -Domain "gwpcdemo.com" -NotificationDays 14 -ValidityPeriod 90
13. Perhaps you may want to set the users passwords to never expire. Let’s verify the current setting for a single user or for all users.
# Verify if password is set to never expire for a single user Get-MSOLUser -UserPrincipalName "email@example.com" | Select PasswordNeverExpires # Verify if password is set to never expire for all users Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
14. So now let’s set the password to never expire for a single user or for all users at once. (Make sure that this is inline with your corporate password policy)
# Set the password to never expire for a single user Set-MsolUser -UserPrincipalName "firstname.lastname@example.org" -PasswordNeverExpires $true # Set the password to never expire for all users Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
Hopefully this post has given you a taste of what managing Office 365 with PowerShell is like. As you can see there will be some tasks that are just simple enough to do in the portal and there are others that will be much easier to do in Powershell. When that task that can only be done in PowerShell comes up, you will be ready to perform it. I will leave you to explore other cmdlets and feel free to share your experiences.
Stay tuned for follow-up posts where we will get into managing other services like Exchange Online, SharePoint Online, and Skype for Business Online.