List all users and their manager

Sometime we need to gain a list of all users and their managers so the managers can get a review of “their” staff!

An easy oneliner within PowerShell using AzureAD ps module is this one. this takes the first 4000 users and export them to CSV

Get-AzureADUser -Top 4000 | select UserPrincipalName,@{n="Manager";e={(Get-AzureADUser -ObjectId (Get-AzureADUserManager -ObjectId $_.ObjectId).ObjectId).UserPrincipalName}} | Export-Csv C:\Temp\YOURUSERS_usr_with_manager.csv -Encoding UTF8

How do I know all my users are enabled for and using MFA?

More and more organizations is taking advantage of using MFA for their users and there is no reason for them not to since it`s free for all Office 365 users and also for all Azure AD users if you are not using the Office 365 services. But after you enable it for your users, are you sure everyone is enabled?

You may have seen at the Secure Score that not all users are registred for MFA, and if you do so you have users with no MFA! So these users may be victims for bruteforce attacks so it`s super important to remediate all users to see how everything is configured! Some of the users with no MFA maybe legit and should not have it.

So let`s dig into the materials for a second or two.

First thing is that there is a “Secure Score” check for MFA registered users that will show you how many of your users which are not registered (if any)

If you have any users in that list it would not show who the users are so we need to go deeper in the material to retreive this status.

So to get the list of users who don`t have setup MFA you need to run this PowerShell command with the AzureAD PowerShell module loaded.


Get-MSOLUser -all | where {$_.StrongAuthenticationMethods.methodtype -eq $null} | Select Displayname,UserPrincipalName,BlockCredential,LastPasswordChangeTimestamp,UserType |Out-GridView

And now that we have found all users we can check them out why they don`t use MFA and make sure that they use it 🙂

Further on we can check what method users are using when authenticating with MFA. For this I use this script located in Technet PowerShell archives HERE

If you have deployed MFA the Conditional Access way (recommended) you will see that the MFA status on all user are set to “Disabled” but the method is set to what the user are using.

Have checking status on your users! 🙂

SharePoint Online PowerShell module

To install, update og uninstall the SharePoint Online PowerShell module there are some few simple PowerShell commands you can use.

First of all, set your Execution policy to restricted

Get-ExecutionPolicy #for checking the current ExecutionPolicy setting
Set-ExecutionPolicy -ExecutionPolicy  Unrestricted


 Install-Module -Name Microsoft.Online.SharePoint.PowerShell

Check current version

Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version


Update-Module -Name Microsoft.Online.SharePoint.PowerShell


Uninstall-Module -Name Microsoft.Online.SharePoint.PowerShell

Block AdHoc subscriptions in Office 365

To block users from creating trial and adhoc subscriptions for Office 365 services or even PowerPlatform services you can turn a switch and block it.

Set-MsolCompanySettings -AllowAdhocSubscriptions $false

To check if this is set to “False” for your tenant you can run this

Get-MsolCompanyInformation |fl AllowAdhocSubscriptions 

Change language – Office 365 Mailbox

To change the Language for a Office 365 mailbox (Exchange Online), run the following commands:

$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection

Import-PSSession $O365Session

Set-MailboxRegionalConfiguration -Identity “USER” -Language nb-no -LocalizeDefaultFolderName

For full list of cultureinfo classes (Languages) see:

Convert from user mailbox to shared mailbox

From time to time i run into a little problem with the Office 365 Admin Center when trying to convert user mailboxes into shared mailboxes.
when this occours i usualy just use Powershell to convert the mailbox into shared mailbox.

To do this you have to connect your Powershell to the Office 365 tenant and run a oneliner for converting the mailbox.

Here is how to connect to Office 365:
Import-Module MSOnline
$O365Cred = Get-Credential “adminuser@YOURTENANT.onmicrosoft.com”
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService -Credential $O365Cred

When connected then use this single line to convert the mailbox:
Set-Mailbox “Your@mailbox.no” -Type shared


Detect and uninstall hotfixes

There seem to be a broken patch KB3159398 which was released this Tuesday, it breaks GPO processing which can cause a lot of headache!

Source: https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398

I’ve made a script which lets you check if this hotfix is installed and also let’s you uninstall it. Replace the KBxxxxxxx with the KB number and run from elevated Powershell to see if it is installed. If you want the script to uninstall the hotfix silently, set $uninstall to $true.

$uninstall = $false # change to $true to uninstall hotfix
$hotfixID = ‘KBxxxxxxx’ #Hotfix KB-number to check, use ‘ quotation marks
Get-HotFix $hotfixID
if ($uninstall -eq $true)
Invoke-Command -ScriptBlock {wusa.exe /uninstall /KB:($hotfixID -replace ‘KB’,”) /quiet /norestart} #Uninstall quietly and does not prompt for reboot


Enable/disable Office 365 serviceplans

I was asked today how you can disable and enable individual features included in an Office 365 license (like Exchange Online, Yammer.. etc) from Powershell

Launch Powershell and log on to your tenant (connect-msolservice)

To see which features which is included in a license use the following code:

$lic = Get-MsolAccountSku | Out-GridView -OutputMode Single -Title “Select SKU to look up”

This will show a list of features and their status

Next, if you want to disable Exchange online for one specific user:

$skuid = Get-MsolAccountSku | Out-GridView -OutputMode Single -Title “Select SKU to edit”
$user = Get-MsolUser | ? {$_.isLicensed -EQ $true} | Out-GridView -title “Select user to modify” -OutputMode Single
$Disable_ExchangeOnine = New-MsolLicenseOptions -AccountSkuId $skuid.AccountSkuId -DisabledPlans “EXCHANGE_S_ENTERPRISE”
$Enable_ExchangeOnline = New-MsolLicenseOptions -AccountSkuId $skuid.AccountSkuId -DisabledPlans $null
Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $Disable_ExchangeOnine

The sku must match the sku assigned to the user you want to change.


Then run this line in the same script to re-enable Exchange Online

Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $Enable_ExchangeOnline

Azure VPN – Change Local Site Public IP

If a Clients Local site public IP changes the VPN tunel betwen Azure and the Local Site will disconnect. To fix this do the following:

Connect to Azure using powershell and run the following command:

New-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName [ClientRG] -Location ‘northeurope’ -GatewayIpAddress ‘[Public wan IP]’ -AddressPrefix ‘[LAN IP Net’


(Change the RG and Public wan IP and the LAN IP Net to the correct settings)

Office 365 Add calendar permissions with powershell

To add permissions on a Exchange Object in Office 365 using PowerShell the cmdlet set-MailboxFolderPermission or add-MailboxFolderPermission can be used.

In this example we add editor permissions for user2 to user1’s calendar. This will enable user2 to edit, add or delete content of user1’s calendar.

set-MailboxFolderPermission -Identity user1@domain.no:\calendar -user user2@domain.no -AccessRights Editor

Note: kalender is the Norwegian Word for Calendar

To bulk add all users in a Tennant as Reviewer to user1@domain.no’s calendar run the following cmdlet.

$Users = Get-Mailbox | Select-Object -ExpandProperty userprincipalname
ForEach ($user in $Users )
Add-MailboxFolderPermission -Identity “user1@domain.no:\calendar” -User $User -AccessRights Reviewer

For full details of this cmdlet:

And for my original Source:

Add Calendar Permissions in Office 365 via PowerShell

© 2021 IdefixWiki

Theme by Anders NorénUp ↑