As stated in my previous blog article ‘What can the Office 365 “Service Administrator” / “Service Support Administrator” role do?‘, Office 365 tenant owners often use this role to delegate common administrator tasks in Office 365. The Microsoft documentation for the Office 365 Admin Roles is here: https://support.office.com/en-ie/article/about-office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d. So what exactly
Many Office 365 deployments struggle with delegating permissions to specific actions or areas of administration inside the tenant. Many simple administrative activities such as reading licensing and service plan information at the tenant and user level, require administrative access to the tenant. What Office 365 Administrator Role should be used
Microsoft Office 365 Administrators are often easily confused when they do an administrative task is PowerShell that involves retrieving, or changing the RBAC administrative roles for users in the tenant. The Administrative Role names used in the Office 365 Portal do not always match the equivalent role used in PowerShell.
Here is a good reference on detecting whether a PowerShell script is currently running with Administrator rights, and relaunching with elevated permissions if not. Courtesy of Bruno Saille’s JEA Helper Tool 2.0: https://gallery.technet.microsoft.com/JEA-Helper-Tool-20-6f9c49dd ######################################################################################## #Make sure we run elevated, or relaunch as admin ######################################################################################## $CurrentScriptDirectory = $PSCommandPath.Substring(0,$PSCommandPath.LastIndexOf(“\”)) Set-Location $CurrentScriptDirectory
If you are using the Azure Service Manager Module you will notice that the cmdlet’s such as Add-AzureAccount and Login-AzureAsAccount cache the subscriptions that the user has access to (the user which is specified in the credentials used to authenticate). Where is this cache maintained locally on the client? For
If you often use both the Microsoft Office 365 and Azure Management Portals, and use them with several different tenants, credentials, and subscriptions, it helps to quickly launch a web browser in private mode to those two portals. The private mode segregates the credentials across tenants and subscriptions. I nifty
Here are a few key references and a few tips and tricks. Key Resources Name Description Link AzureRM PowerShell Documentation The documentation root for AzureRM. Note the Version selector to get documentation on previous versions. https://docs.microsoft.com/en-us/powershell/azure/overview?view=azurermps-4.0.0 AzureRM.Profile Documentation Authenticating is the first step. This is the reference to the AzureRM.Profile
There have been several Windows Azure Active Directory Modules. Here is a quick reference. What Versions Exist? Microsoft’s evolution and naming of the modules has caused some confusion: V1. The initial PowerShell module for Azure AD is named “MSOnline” and was also known as the Office 365 PowerShell module https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0
Many times while authoring PowerShell scripts, the expected output will be incorrect because PowerShell ISE does not automatically cleanup it’s variable between manual runs of a script. In my experience this poses two practical issue which lead to incorrect script results: 1) If the variable is not explicitly re-initialized in
In hybrid Office 365 deployments (either Exchange Online, Skype for Business Online, or SharePoint Online), often you need to know whether a particular user account is sourced (e.g. created) from on-premises AD, or in the cloud (created in Azure AD). This can be see in the Office 365 Portal (under