Most of the points in Azure and Office 365 you can administrate with their management portals, but for some stuff and details you must and should use PowerShell.

In the following post I want to put some basic cmdlets together you could really need for your daily work.


I will update and add further cmdlets to this post consistently, so far I will start with the basics and a few user cmdlets.



PowerShell Modules/APIs to manage Azure and Office 365

To manage Azure AD and Office 365 you can choose currently between three PowerShell modules/APIs MSOnline, Azure AD and Microsoft Graph.


Microsoft Graph PowerShell is the new one and should be used now!


The first PowerShell module to manage Azure AD was the MSOnline V1 PowerShell module with the -Msol cmdlets like Get-MSolUser

Till September 2020, Azure Active Directory PowerShell for Graph (AzureAD) was the recommended PowerShell module from Microsoft to manage Azure AD.


https://docs.microsoft.com/en-us/powershell/module/azuread

The Azure Active Directory PowerShell for Graph module can be downloaded and installed from the PowerShell Gallery, www.powershellgallery.com. The gallery uses the PowerShellGet module. The PowerShellGet module requires PowerShell 3.0 or newer and requires one of the following operating systems:

Windows 10 Windows 8.1 Pro Windows 8.1 Enterprise Windows 7 SP1 Windows Server 2016 TP5 Windows Server 2012 R2 Windows Server 2008 R2 SP1

PowerShellGet also requires .NET Framework 4.5 or above. You can install .NET Framework 4.5 or above from here.

Install-Module -Name AzureAD
Connect-AzureAD


Azure Active Directory PowerShell for Graph: Version release history
https://docs.microsoft.com/en-us/powershell/azure/active-directory/ad-pshell-v2-version-history



You will also find a reference to all cmdlets for the Azure Active Directory PowerShell for Graph module under https://docs.microsoft.com/en-us/powershell/module/azuread



Now as mentioned above since September 2020 the Azure AD Graph API is also deprecated.

https://docs.microsoft.com/en-us/graph/migrate-azure-ad-graph-planning-checklist
Azure AD Graph API is now deprecated. We will continue to provide technical support and security updates but will no longer provide feature updates. Starting June 30th, 2022, we will end support for Azure AD Graph and will no longer provide technical support or security updates. Apps using Azure AD Graph after this time will no longer receive responses from the Azure AD Graph endpoint.

So therefore you should now use the new Microsoft Graph and Microsoft Graph PowerShell Module.


Install the new Microsoft Graph PowerShell Module

The modules are also available on the PowerShell Gallery.

Install-Module -Name Microsoft.Graph
Connect-MgGraph -Scopes “User.Read.All”,”Group.ReadWrite.All”


Get started with the Microsoft Graph PowerShell SDK
https://docs.microsoft.com/en-us/graph/powershell/get-started




Overview of Microsoft Graph

https://docs.microsoft.com/en-us/graph/overview

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. Use the wealth of data in Microsoft Graph to build apps for organizations and consumers that interact with millions of users.


What’s in Microsoft Graph?

Microsoft Graph exposes REST APIs and client libraries to access data on the following Microsoft cloud services:

  • Microsoft 365 services: Delve, Excel, Microsoft Bookings, Microsoft Teams, OneDrive, OneNote, Outlook/Exchange, Planner, SharePoint, Workplace Analytics.
  • Enterprise Mobility and Security services: Advanced Threat Analytics, Advanced Threat Protection, Azure Active Directory, Identity Manager, and Intune.
  • Windows 10 services: activities, devices, notifications, Universal Print (preview).
  • Dynamics 365 Business Central.


To find out more, see Major services and features in Microsoft Graph.



Conclusion about the different PowerShell Modules to manage Azure and Office 365

So as now Microsoft Graph PowerShell is the up to date module to manage Azure AD and Office 365, I will focus on these cmdlets but also list some old ones.


The Microsoft Graph module has introduced a prefix to all the Microsoft Graph cmdlets to reduce the chance of conflicts with existing modules.

So for example instead calling Get-User, you will now need to use with the Microsoft Graph module Get-MgUser.

Get started with the Microsoft Graph PowerShell SDK
https://docs.microsoft.com/en-us/graph/powershell/get-started


Microsoft Graph REST API v1.0 reference
https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0



Login/Logout Azure AD with PowerShell


MSOnline (Microsoft Azure Active Directory Module for Windows PowerShell module)

Connect-MsolService


Azure Active Directory PowerShell for Graph module

Connect-AzureAD

Disconnect-AzureAD


Microsoft Graph PowerShell

Connect-MgGraph -Scopes “User.Read.All”,”Group.ReadWrite.All”

Disconnect-MgGraph

https://docs.microsoft.com/en-us/graph/powershell/get-started#determine-required-permission-scopes
Each API in the Microsoft Graph is protected by one or more permission scopes. The user logging in must consent to one of the required scopes for the APIs you plan to use

Use the Connect-MgGraph command to sign in with the required scopes

You can add additional permissions by repeating the Connect-MgGraph command with the new permission scopes.


Microsoft Graph permissions reference
https://docs.microsoft.com/en-us/graph/permissions-reference






Connect to all Microsoft 365 services in a single PowerShell window

When you use PowerShell to manage Microsoft 365, you can have multiple PowerShell sessions open at the same time. You might have different PowerShell windows to manage user accounts, SharePoint Online, Exchange Online, Skype for Business Online, Microsoft Teams, and the Security & Compliance center.

This scenario isn’t optimal for managing Microsoft 365, because you can’t exchange data among those windows for cross-service management. This article describes how to use a single instance of PowerShell to manage Microsoft 365 accounts, Skype for Business Online, Exchange Online, SharePoint Online, Microsoft Teams, and the Security & Compliance Center.

https://docs.microsoft.com/en-us/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window

This article currently only contains the commands to connect to the Worldwide (+GCC) cloud. Notes provide links to articles about connecting to the other Microsoft 365 clouds.


Set-ExecutionPolicy RemoteSigned


Follow these steps to connect to all the services in a single PowerShell window when you’re using just a password for sign-in.

Login Azure AD

$credential = Get-Credential

Run this command to connect to Azure AD by using the Azure Active Directory PowerShell for Graph module.

Connect-AzureAD -Credential $credential

Or if you’re using the Microsoft Azure Active Directory Module for Windows PowerShell module, run this command.

Connect-MsolService -Credential $credential

PowerShell Core doesn’t support the Microsoft Azure Active Directory Module for Windows PowerShell module and cmdlets with Msol in their name. You must run these cmdlets from PowerShell.


Run these commands to connect to SharePoint Online. Specify the organization name for your domain. For example, for “litwareinc.onmicrosoft.com”, the organization name value is “litwareinc”.

Connect to SharePoint Online

$orgName=”<for example, litwareinc for litwareinc.onmicrosoft.com>”
$credential = Get-Credential
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $Credential


Run these commands to connect to Skype for Business Online. A warning about increasing the WSMan NetworkDelayms value will appear the first time that you connect. Ignore it.

Skype for Business Online Connector is currently part of the latest Teams PowerShell module. If you’re using the latest Teams PowerShell public release, you don’t need to install the Skype for Business Online Connector.

Connect to Skype for Business Online

Import-Module MicrosoftTeams
$credential = Get-Credential
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession $sfboSession



Run this command to connect to Exchange Online.

To connect to Exchange Online for Microsoft 365 clouds other than Worldwide, see Connect to Exchange Online PowerShell.

Connect to Exchange Online

Import-Module ExchangeOnlineManagement
$credential = Get-Credential
Connect-ExchangeOnline -Credential $credential -ShowProgress $true

Alternatively, run these commands to connect to the Security & Compliance Center.

$acctName=”<UPN of the account, such as belindan@litwareinc.onmicrosoft.com>”
Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName $acctName




Run these commands to connect to Teams PowerShell.

Connect to Teams

Import-Module MicrosoftTeams
$credential = Get-Credential
Connect-MicrosoftTeams -Credential $credential

To connect to Microsoft Teams clouds other than Worldwide, see Connect-MicrosoftTeams.




Here are the commands for all the services except Security & Compliance Center in a single block when you use the Azure Active Directory PowerShell for Graph module. Specify the name of your domain host and run them all at the same time.

Connect to All services

$orgName="<for example, litwareinc for litwareinc.onmicrosoft.com>"
$credential = Get-Credential
Connect-AzureAD -Credential $credential
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -credential $credential
Import-Module MicrosoftTeams
$sfboSession = New-CsOnlineSession -Credential $credential
Import-PSSession $sfboSession
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -Credential $credential -ShowProgress $true
Import-Module MicrosoftTeams
Connect-MicrosoftTeams -Credential $credential




User management with PowerShell


So as now Microsoft Graph PowerShell is the up to date module to manage Azure AD and Office 365, I will focus on this cmdlets but also list some old ones.

MSOnline

List specific user

Get-MsolUser -UserPrincipalName mrath@braintesting.de | fl UserPrincipalName,ObjectId


Azure Active Directory PowerShell for Graph module

https://docs.microsoft.com/en-us/powershell/module/azuread/set-azureaduser

List specific user

Get-AzureADUser -SearchString mrath@braintesting.de | fl UserPrincipalName,OnPremisesSecurityIdentifier,ObjectId

Change UPN
Get-AzureADUser -ObjectId <ObjectID of the User> | fl
Set-AzureADUser -ObjectId <ObjectID of the User> -UserPrincipalName John.Nokes@domain.tld

Change Displayname
Get-AzureADUser -ObjectId <ObjectID of the User> | fl
Set-AzureADUser -ObjectId <ObjectID of the User> -Displayname ‘John Nokes’

alternative instead of each time copying the ObjectID you can use a variable:

$user = Get-AzureADUser -ObjectId John.Nokes@domain.tld
$user.DisplayName = ‘John Nokes’
Set-AzureADUser -ObjectId John.Nokes@domain.tld -Displayname $user.Displayname


Check which Recipient Object (User, Group, all mail enabled objects) have assigned a specific Email Alias (Proxy)
Get-Recipient | where {$_.EmailAddresses -match “user@domain.tld”} | fL Name, RecipientType,emailaddresses


Microsoft Graph PowerShell

List all users in Tenant

Get-MgUser


List specific user

Get-MgUser -Filter “displayName eq ‘Marcus Rath'”
Get-MgUser -Filter “UserPrincipalName eq ‘mrath@braintesting.de'”


List the user’s joined Teams

$user = Get-MgUser -Filter “UserPrincipalName eq ‘mrath@braintesting.de'”
$team = Get-MgUserJoinedTeam -UserId $user.ID

or limit the output of Teams with
$team = Get-MgUserJoinedTeam -UserId $user.ID -Filter “displayName eq ‘Sales and Marketing’


List Team channels

Get-MgTeamChannel -TeamId $team.Id
$channel = Get-MgTeamChannel -TeamId $team.Id -Filter “displayName eq ‘General'”

or with the comparison operator -like

Get-MgUserJoinedTeam -UserId $user.ID | Where-Object {$_.DisplayName -like “Team*”}



Changing the primary email address / Alias of an Microsoft 365 Group (Unified Group)

Get-UnifiedGroup -Identity <groupname> | fl

Set-UnifiedGroup -Identity <groupname> -PrimarySmtpAddress “teams-group@domain.tld”

Set-UnifiedGroup -Identity <groupname> -alias “teams2-group@domain.tld”

# Remove proxy/alias
Set-UnifiedGroup -Identity <groupname> -emailaddresses @{remove=”teams2-group@domain.tld”}


Overview of Microsoft 365 Groups (Unified Groups) for administrators
https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/office-365-groups?view=o365-worldwide




Company Settings


MSOnline

self-service sign-up enable/disable
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup

The following command will allow users to perform self-service sign-up, but only if those users already have an account in Azure AD (in other words, users who would need an email-verified account to be created first cannot perform self-service sign-up)

Set-MsolCompanySettings -AllowEmailVerifiedUsers $false -AllowAdHocSubscriptions $true



Manage Teams

New-CsOnlinePSTNGateway
https://docs.microsoft.com/en-us/powershell/module/skype/new-csonlinepstngateway

New-CsOnlinePSTNGateway -Fqdn sbc-ms365.braintesting.de -SipSignalingPort 5061 -MaxConcurrentSessions 100 -ForwardCallHistory $true -MediaBypass $true -Enabled $true



Manage Exchange Online

Get-Mailbox
https://docs.microsoft.com/en-us/powershell/module/exchange/get-mailbox

Get-Mailbox -Identity <UserPrincipalName> | fl

Get-Mailbox -Identity jdoe@braintesting.de | fl ExchangeGUID,Name,Alias,UserPrincipalName,DisplayName,EmailAddresses,PrimarySmtpAddress,Identity







Management Exchange Online Hybrid Relationship

Get-OrganizationRelationship
https://docs.microsoft.com/en-us/powershell/module/exchange/get-organizationrelationship

This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Get-OrganizationRelationship cmdlet to retrieve settings for an organization relationship that has been created for federated sharing with other federated Exchange organizations or for hybrid deployments with Exchange Online.

Get-IntraOrganizationConnector
https://docs.microsoft.com/en-us/powershell/module/exchange/get-intraorganizationconnector

This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Get-IntraOrganizationConnector cmdlet to view the settings of Intra-Organization connectors.


$cred=Get-Credential
Connect-MsolService -Credential $cred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic –AllowRedirection
Import-PSSession $session

Get-OrganizationRelationship -Identity "O365 to On-premises"

#delete with
Remove-OrganizationRelationship -Identity "O365 to On-premises"


# Gracefully disconnect from Azure Active Directory
Remove-PSSession $Session



PowerShell Comparison Operators


About Comparison Operators
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_comparison_operators?view=powershell-7