Written by

Vignesh Ganesan

Share

  

Category

see all categories
Request Demo

Useful PowerShell cmdlets to administer Office 365 Groups – Part 2

Hey folks, hope you enjoyed my First blog on PowerShell cmdlets and as promised here is the sequel to the previous blog. Today we shall discuss some more PowerShell cmdlets that help managing your Office 365 groups even better. So, without much ado lets dive straight into that.

Scenario 3:  Setting Usage Guidelines URL

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$setting["UsageGuidelinesUrl"] = "<https://o365techy.sharepoint.com/sites/office365groupsgovernance/usageguidelines/SitePages/Home.aspx>"

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

In this scenario, I’ve created a SharePoint subsite named “Usage Guidelines” which speaks about all the guidelines a user must follow while using Office 365 groups in my organization and the user can refer that while creating / using Office 365 groups. Once this has been enabled this what the end user view would be like. Please check the screenshot below.

Setting Office 365 groups classification

In this scenario, I’ve created a SharePoint subsite named “Usage Guidelines” which speaks about all the guidelines a user must follow while using Office 365 groups in my organization and the user can refer that while creating / using Office 365 groups. Once this has been enabled this what the end user view would be like. Please check the screenshot below.

Group Creation

Scenario 4: Restrict all access for guest users to Groups including the ones that were already granted access

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings["AllowGuestsToAccessGroups"] = "False"

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

Restrict access-1

Scenario 5: Restrict the ability to add any new guest users but do not restrict existing guest users

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

$settings["AllowToAddGuests"] = "False"

$settings["AllowGuestsToAccessGroups"] = "True"

Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings

Restrict access-1

Finally, if you want to review all the updated settings then please run the below mentioned PowerShell cmdlet as already described above and it will return the updated settings.

Get-AzureADDirectorySetting | ForEach Values

Get-AzureADDirectorySetting-1

If you want to remove the group settings that we configured in all the scenarios above then please run the below PowerShell command.

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq “Group.Unified”}

Remove-AzureADDirectorySetting -Id$settings.Id

AzureADDirectorySetting-1

12. To update the classifications for all office365 groups:

## Set classifications for all groups

$Groups = Get-UnifiedGroup | Where-Object {$_.Classification -Eq $Null}  | Select DisplayName, Classification

ForEach ($G in $Groups) {

    If ($G.Classification -Eq $Null)

    {

        Write-Host $G.DisplayName

        Set-UnifiedGroup -Identity $G.DisplayName -Classification "Internal"

    }

 }

#...................................

# Variables:

#   Cut off date in days

#   Classification

#...................................

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = "High"

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

    $_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq 'Public' -and $_.Classification -eq $classification } `

     | Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

    Set-UnifiedGroup -Identity $G.DisplayName -AccessType 'Private'

    Write-Host "The following Group privacy setting was updated:" $G.DisplayName

}

code-1

This will run and update the classification for all the Office 365 groups as shown in the image below

classification for all the Office 365 groups

13. To update the privacy of an Office 365 group based on its classification:

#...................................

# Variables:

#   Cutoff date in days

#   Classification

#...................................

$cutoffdate = ((Get-Date).AddDays(-10))

$classification = "High"

# Retrieve recently created groups with accesstype set to PUBLIC

$Groups = Get-UnifiedGroup | Where-Object {

    $_.WhenCreated -ge $cutoffdate -and $_.AccessType -eq 'Public' -and $_.Classification -eq $classification } `

     | Sort-Object whencreated | Select DisplayName, WhenCreated, AccessType, Classification, ManagedBy

 

# For each new group update set accesstype to PRIVATE

ForEach ($G in $Groups) {

    Set-UnifiedGroup -Identity $G.DisplayName -AccessType 'Private'

    Write-Host "The following Group privacy setting was updated:" $G.DisplayName

}

Update

system code

13. To  determine where a group was provisioned (Planner, Yammer, Teams etc.):

To get the list of Yammer integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq 'YammerProvisioning'} |select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

To get the list of Teams integrated Office 365 group list:

Get-UnifiedGroup |Where-Object {$_.ProvisioningOption -eq 'ExchangeProvisioningFlags:481'}|select DisplayName,Alias,ProvisioningOption,GroupSKU,SharePointSiteUrl,SharePointDocumentsUrl,AccessType

Similarly, we expect MSFT to work on for Planner and other services which create an Office 365 on the backend.

14. To determine where a group was provisioned (Planner, Yammer, Teams etc.):

This is a PowerShell script from Office 365 fame Tony Redmond and the explanation for the script can be found below.

Note : You need to be connected to Exchange Online PowerShell module as well as the SharePoint Online PowerShell module to run this script

Like any object, an Office 365 Group might become unused over time. No current method exists to detect what groups are underused, so here's a script that does the job for you by checking audit records to establish whether any SharePoint file activity has occurred in the group document library in the last 90 days and whether any conversations have happened in the group mailbox in the last year. Seeing that it's all done in simple PowerShell, you can tailor the code to your heart's content. A HTML report file is generated at the end, which contains some statistics like:

15. To get the list of Obsolete Office 365 groups in your tenant:

This is a PowerShell script from Office 365 fame Tony Redmond and the explanation for the script can be found below.

Note: You need to be connected to Exchange Online PowerShell module as well as the SharePoint Online PowerShell module to run this script

Like any object, an Office 365 Group might become unused over time. No current method exists to detect what groups are underused, so here's a script that does the job for you by checking audit records to establish whether any SharePoint file activity has occurred in the group document library in the last 90 days and whether any conversations have happened in the group mailbox in the last year. Seeing that it's all done in simple PowerShell, you can tailor the code to your heart's content. A HTML report file is generated at the end, which contains some statistics like:

Number of groups scanned: 155

Number of potentially obsolete groups (based on document library activity): 132

Number of potentially obsolete groups (based on conversation activity): 60

Number of Teams-enabled groups: 41

Percentage of Teams-enabled groups: 26.45%

channel

Script:

CheckForObsoleteGroups.ps1

Thanks for reading this post …. Good luck with Office 365 groups!!!!

Vignesh Ganesan

Written by Vignesh Ganesan

A Microsoft/ITIL Certified SharePoint & Office 365 Technical Specialist specializing in the implementation, management and support of SharePoint On-premises servers /SQL Server, Office 365 tenants, SharePoint migrations, Microsoft Intune & Azure. He shares his insights via his blog vigneshsharepointthoughts.com, and occasionally contributes to Hubfly too.