In this article I would like to return to an old series.
It’s about PowerShell commands that we should all know. The commands we are looking at today are all for Microsoft 365 and its services.
1. Connect with SDK (and the needed permissions)
As already known, Microsoft will soon withdraw the Azure AD PowerShell module. Therefore, scripts and commands will be written with the Graph SDK PowerShell module. In order to be able to use the functions of the SDK module, we must first set the permissions, as we know it from Microsoft Graph. Then we can log in to the tenant with the appropriate credentials.
Here is an application example:
$RequiredScopes = @("Group.ReadWrite.All", "GroupMember.ReadWrite.All", "User.ReadWrite.All")
Connect-MgGraph -Scopes $RequiredScopes
2. Check whether the required PowerShell module is installed.
Depending on the area of application, scripts require different PowerShell modules. It can be assumed that these are already installed on the computer, or we can include a switch in our scripts that checks whether a module is already installed. The principle can also be used for other elements, for example: Does a directory exist? If yes, good, if no, create it.
if (Get-Module -ListAvailable -Name Microsoft.Graph)
{
Write-Host "PowerShell Module: Microsoft Graph exists" -ForegroundColor black -BackgroundColor green
Start-Sleep -s 1
}
else
{
Write-Host "PowerShell Module: Microsoft Graph does not exist!" -ForegroundColor black -BackgroundColor yellow
Write-Host "Installing PowerShell Module..." -ForegroundColor black -BackgroundColor yellow
Install-Module Microsoft.Graph -Scope AllUsers
Write-Host "PowerShell Module: Microsoft Graph installed!" -ForegroundColor Green
Start-Sleep -s 1
}
3. Assigning Microsoft Teams PSTN numbers
We can do a lot of things in the Teams Admin Center, including assigning PSTN numbers.
However, I personally prefer the option of doing this via PowerShell.
After logging in to the tenant via PowerShell, we can assign the numbers with the following command.
It is important to note which phone number type we are using.
Example with DirectRouting as Phone Number Type:
Set-CsPhoneNumberAssignment -Identity $user.UserPrincipalName -PhoneNumber $user.TelephoneNumber -PhoneNumberType DirectRouting
Example with OperatorConnect as Phone Number Type:
Set-CsPhoneNumberAssignment -Identity $user.UserPrincipalName -PhoneNumber $user.TelephoneNumber -PhoneNumberType OperatorConnect
4. Make sure that the script is executed with elevated permissions.
In point 2 we learned that there can be scripts that have the option to install missing modules during execution. However, this only works if the PowerShell Console has been started as administrator. This command can help us to ensure that this is the case:
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Write-Host "Administrator priviliges are required. Please restart this script with elevated rights." -ForegroundColor Red
Pause
Throw "Administrator priviliges are required. Please restart this script with elevated rights."
}
5. Creating and assigning GPO’s
With PowerShell we also have the possibility to create and assign GPOs. However, we must bear in mind that this is primarily only possible with registry settings, in the following example we create several GPOs including the corresponding assignment:
New-GPO -Name $GPOName Set-GPPrefRegistryValue -Name "Intune_SCP_Tenant_Information" -Context Computer -Key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CDJ\AAD" -ValueName "TenantID" -Value $TenantID -Type String
ALTERNATIVE:
New-GPO -Name $GPOName Set-GPPrefRegistryValue -Name "Intune_Automatic_MDM_enrollment" -Action Update -Context Computer -Key "HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM" -Type DWord -ValueName "AutoEnrollMDM" -Value 1 New-GPLink -Name $gpolinkname -Target $gpolink.Key
Remember: The variables must be prepared or replaced accordingly.
