Managing Office 365 with PowerShell

Are you new to Office 365? Maybe you are an early adopter like myself from the days back when it was called Business Productivity Online Suite; better known as BPOS. In BPOS there wasn’t a lot that you could do in the portal compared to today with Office 365. The feature set was smaller and you could only make certain configurations and many could only be done by using PowerShell. Having gone through the pain points of BPOS, compared to where we are today, there has been a huge evolution of the Office 365 platform. The feature set and capabilities are expanding at a rapid pace of what seems to be about every month now. Microsoft has a program called “First Release” that you can opt-in for in order to receive new product updates and features as they become available. In addition, Microsoft has realized that in a fast-pace services world that they need to communicate better with their customers in regards to updates. The Office 365 for business public roadmap allows customers to see what updates are planned and at what stage they are in.

So for the new users of Office 365, as well as those who have been resisting the use of PowerShell, I wanted to get you started with the ability to manage Office 365 using PowerShell. You may ask why should I use PowerShell? A quick and simple answer is to perform repeatable tasks in a faster/more efficient manner. In addition, some tasks can only be done using PowerShell. Once you see just how beneficial PowerShell is you will thank me. However, no thanks are needed. I do this for the fun of it and in hopes that I might help someone along the way.

Installation and Administration

Windows Azure Active Directory Module for Windows PowerShell is what we will use to run PowerShell commands against our O365 service. The module is supported in Windows 7 and higher and Server 2008 and higher. Assumption is that you have some basic PowerShell knowledge. If not, check out Pluralsight.

1. First, you need to install the Microsoft Online Services Sign-In Assistant which is a prerequisite for the  WAAD module.

2. Once the MOS SIA has been installed you need to install the Windows Azure Active Directory Module for PowerShell.

3. Once installed you can search for the term “Azure” and you should find the WAAD Module for PowerShell. Be sure to Run as administrator. You may want to pin to start/taskbar or create a shortcut on the desktop for easy access.

4. With the module now open we need to connect to the service using the cmdlet below. Upon entering you will get a popup where you need to enter your O365 global admin credentials in the format username@domain. The absence of an error and the return to a prompt indicates a successful connection.

# Initiate connection to Office 365

5. Lets look and see what cmdlets we have available to us. Piping this cmdlet to Measure-Object tells us that we have 84 cmdlets available to us at the time of this writing. Notice that all the nouns in the verb-noun format are prefixed with Msol.

# List available cmdlets for MSOnline module
Get-Command -Module MSOnline

# Measure how many cmdlets are available in MSOnline module
Get-Command -Module MSOnline | Measure-Object

6. How about some help? You can use Get-Help followed by the <cmdlet> and -Full parameter. This will give you the most comprehensive help available including examples. Wildcards can be used as shown below.

# Get help on a cmdlet
Get-Help Connect-MsolService -Full

# Get help using wildcards
Get-Help *-MsolUser

7. Now lets get down to a little bit of discovery. Let’s see the company info, domain info, and the product/licensing info.

# Get the company information

# Get domain information

# Get product or license plan information

In the screenshot below you can see a review of the license plan and services included. Here we have an E3 plan with 5 licenses total and 4 are being consumed. The ServiceStatus property is where the services can be found. Here you can see that we have the following services available to us as part of this plan (InTune, Yammer, Azure AD, Office Pro, Skype for Business Online, Office Online, SharePoint Online, and Exchange Online). The status will be listed as either success, pending, or disabled.

8. What about my users? This cmdlet will display a listing of all users showing their UPN, DisplayName, and if they are licensed or not.

# Display all users showing UPN, Display Name, and License status

9. Here you can see that a user called ‘dtest’ is not licensed. We know from the previous screenshot that we have one available license to assign. Let’s assign a license to this user. Note: If the user does not have a UsageLocation assigned the command will error out.

10. Here is where the benefit of PowerShell really comes to light. What if we wanted to assign a license to all users that are not licensed? Keep in mind that you must have enough licenses available. Simply replace ‘gwpcdemo’ with your domain.

# Bulk add licenses to all unlicensed users
Get-MsolUser -UnlicensedUsersOnly | Set-MsolUserLicense -AddLicenses "gwpcdemo:ENTERPRISEPACK"

11. To remove a user license just replace the -AddLicenses parameter with the -RemoveLicenses parameter. Insert your users UPN and your domain.

# Remove license from user
Set-MsolUserLicense -UserPrincipalName "" -RemoveLicenses "gwpcdemo:ENTERPRISEPACK"

12. What if you wanted to view/edit the password policy settings. The notification period is between 1-30 days and the validity period is between 14-730 days. Note: Password policy can only be set using these commands for accounts that aren’t synchronized through Active Directory synchronization.

# Get Password Policy Settings
Get-MsolPasswordPolicy -Domain ""

# Change the password policy
Set-MsolPasswordPolicy -Domain "" -NotificationDays 14 -ValidityPeriod 90

13. Perhaps you may want to set the users passwords to never expire. Let’s verify the current setting for a single user or for all users.

# Verify if password is set to never expire for a single user
Get-MSOLUser -UserPrincipalName "" | Select PasswordNeverExpires

# Verify if password is set to never expire for all users
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

14. So now let’s set the password to never expire for a single user or for all users at once. (Make sure that this is inline with your corporate password policy)

# Set the password to never expire for a single user
Set-MsolUser -UserPrincipalName "" -PasswordNeverExpires $true

# Set the password to never expire for all users
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

Hopefully this post has given you a taste of what managing Office 365 with PowerShell is like. As you can see there will be some tasks that are just simple enough to do in the portal and there are others that will be much easier to do in Powershell. When that task that can only be done in PowerShell comes up, you will be ready to perform it. I will leave you to explore other cmdlets and feel free to share your experiences.

Stay tuned for follow-up posts where we will get into managing other services like Exchange Online, SharePoint Online, and Skype for Business Online.


Clutter In Office 365

Microsoft recently announced a new feature for Office 365 called “Clutter”. So, what is Clutter? When will it be available and how do I enable it?

What is Clutter

Clutter is a productivity feature that will be available to Office 365 Business customers. It uses Office Graph, which is a machine learning concept being used in Yammer, that helps to de-clutter Inboxes. It does this buy creating a new folder in Outlook called “Clutter” and filters less important emails from your Inbox to the Clutter folder. Great, but how does it actually work? Well, it learns preferences based on user habits like documents read and shared by the user as well as messages the user is likely to ignore. According to Microsoft, Clutter gets smarter over time.

Clutter comes disabled by default but once activated, less important messages will be filtered to the Clutter folder. This will aid those users who do not use mailbox rules to sort messages. Microsoft states that Clutter will not interfere with existing mailbox rules as they will continue to work. Users can help train Clutter by moving messages to/from the Clutter folder. The default retention policy for newly created folders will be applied to the Clutter folder but can be changed if desired.

You can take advantage of Clutter across many email clients including Outlook, OWA, OWA for devices, or EAS connected devices.

When is it available

Clutter is being rolled out as we speak to those English language customers who have opted-in to Microsoft’s First Release program followed by standard deployments later this month. As I have opted-in the program in my test lab, Clutter was available on the day of announcement. For additional information on the program and how to enable it, click here.

How do I enable Clutter

Each person controls whether to enable Clutter. Log into your OWA account, click on the cog wheel and select Options.

O365 Options











In the options menu select Clutter, click the radio button for Separate items identified as Clutter and SAVE.











Back in Outlook you will notice a new folder called “Clutter”.












Microsoft warns that some users may notice no changes in the Inbox at first. This is due to Clutter still searching for strong predictions. This will improve over time as user habits are learned. You can disable the Clutter feature at anytime. The folder will remain in place with the messages.

If you want to help train Clutter you can move messages from the Inbox by right-clicking on a message and select “Mark as clutter”. If messages get filtered into Clutter by accident, you can move them back to the Inbox by right-clicking the message in the Clutter folder and selecting “Mark as not clutter”.

So what do you think? Is this a feature you find useful?