Forum Widgets
Latest Discussions
Connecting to multiple Microsoft services with the same session
Hi guys. Working on a script that needs to connect to ExchangeOnlineManagement, TeamsOnlineManagement, SharePointOnlineManagement.... The script will be used across many different tenants, and I also plan to make it publicly available, so 1) I don't really want to pre-configure some complicated key setup and 2) I don't really want to have login pop-ups over and over again... For ExchangeOnline, I learned (accidentally), if I do this: $upn = Read-Host -Prompt "input yer wahawha" Connect-ExchangeOnline -userprimaryname $upn Connect-IPPSsession -userprimaryname $upn And login to MY tenant, I don't get prompted for login. I think likely because my device is Entra-joined, and it's using my Microsoft account. But even if I use a different account, it will only prompt me once - reusing it for the other. This is great, and exactly how I wanted things to flow - but now I'm trying to do Connect-SPOService (sharepoint) and Connect-MicrosoftTeams... and while both of these are part of the tenant, they don't take the -userprimaryname param - so I can specify to use the account I'm logged into my PC with.. The end-goal is to have this script run with minimal user input. I've SORT OF found a workaround for SharePoint, where I can get the SharePointSite from ExchangeOnline, then modify it a bit and use it as input for Connect-SPOService... but Teams, while it doesn't have the URL param requirement, DOES prompt me to login again. Is there a way to use the existing session for either of these, like I've done with ExchangeOnline / IPPSSession? We have MFA enabled, though not required from within our company network - but when I try to use Get-Credential, it errors me out because it wants MFA.122Views1like5CommentsPowershell - Change Intune Application Assignments
Hello, I'd like to bulk-edit a number of my Intune Win32 assignments. I've got ~30 applications to go through, but I've noted their AppIDs so it would be worth the time investment to find a working Powershell script to run this without having to manually edit each one. Below runs through Elevated Powershell without error, so I'd thought it was successful. Unfortunately nothing changes and assignments remain the same. I've cut down the number in this script and edited tenant-based ID's but practically-speaking this runs through fine. Can anyone advise? I'm new to powershell and basically relying on AI to help make them, or the occasional forum post I can find. # Install the Microsoft Graph PowerShell SDK if not already installed Install-Module Microsoft.Graph -Scope CurrentUser -Force # Import the Device Management module Import-Module Microsoft.Graph.DeviceManagement # Connect to Microsoft Graph Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" # Retrieve all mobile apps $allApps = Get-MgDeviceAppManagementMobileApp # Filter for Win32 apps $win32Apps = $allApps | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.win32LobApp' } # List of specific app IDs to target $specificAppIds = @( "ba5988e8-4hhe-4e99-9181-ff85ce589113", "d49dk602-5e02-4af3-b09c-d98d8edac8fb" ) # Filter the Win32 apps to only include the specific apps $targetApps = $win32Apps | Where-Object { $specificAppIds -contains $_.Id } # Define group IDs $requiredGroupId = "57ce1fb3-5f94-4287-8f0b-e2ed595ac900" # Replace with your actual required group ID $uninstallGroupId = "aq7a3571-7f71-4deb-8f81-289dfe38a2e6" # Replace with your actual uninstall group ID # Loop through each target app and update the assignment foreach ($app in $targetApps) { # Get the current assignments $assignments = Get-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id # Define the new assignments $requiredGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $requiredGroupId } intent = "required" } $uninstallGroupAssignment = @{ "@odata.type" = "#microsoft.graph.mobileAppAssignment" target = @{ "@odata.type" = "#microsoft.graph.groupAssignmentTarget" groupId = $uninstallGroupId } intent = "uninstall" } # Add the new assignments to the existing assignments $updatedAssignments = $assignments + $requiredGroupAssignment + $uninstallGroupAssignment # Update the app assignments Update-MgDeviceAppManagementMobileAppAssignment -MobileAppId $app.Id -BodyParameter $updatedAssignmentsenergy_0Apr 23, 2025Copper Contributor453Views0likes1CommentGetting Teams meeting transcripts using Powershell with Graph API
I have set up an Enterprise App in Entra with the following API permissions: Microsoft.Graph OnlineMeetings.Read (Delegated) OnlineMeetings.Read.All (Application) User.Read.All (Application) Admin consent has been granted for the Application types. Below is the code snippet for getting the meetings: $tenantId = "xxxxxx" $clientId = "xxxxxx" $clientSecret = "xxxxxx" $secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force $psCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secureSecret) Connect-MgGraph -TenantId $tenantId -ClientSecretCredential $psCredential -NoWelcome $meetings = Get-MgUserOnlineMeeting -UserId "email address removed for privacy reasons" -All Connect-MgGraph is invoked without errors. I had verified this with Get-MgContext command. At line 10 I get this error: Status: 404 (NotFound) ErrorCode: UnknownError I don't know if this is means there was an error in the API call, or there were no records found (I do have Teams calls with transcripts though). I have tried changing the last line to (without -All): $meetings = Get-MgUserOnlineMeeting -UserId "my guid user id here" And I get this error: Status: 403 (Forbidden) ErrorCode: Forbidden Adding -All parameter results in this error: Filter expression expected - /onlineMeetings?$filter={ParameterName} eq '{id}'. I've done some searching but I haven't found any more information nor solution for this. I hope someone can point me in the right direction. Thanks in advance!paulnerieApr 23, 2025Copper Contributor22Views0likes0CommentsGui to deploy folder contents to multiple VMs
I am trying to improve imaging computers where I work. I need to create a gui for new hires since the imaging process is so complicated. I need the GUI to request necessary computer names that are being imaged and then copy files from a local workstation to the machines that are being imaged on the network that our technicians do not have physical access to. I have turned to Powershell for the solution in an attempt to improve on my knowledge which is basic really. Below is the code I have come up with so far. In this code I am getting the location of the file. I would rather copy the entire folder instead of the file but I couldnt find the code to do that. So, if that is possible please show me how. If not I figure I would have to save these imaging files to a ZIP file. Then I could maybe use this GUI I am working on to move the zip file to the remote computers. Add-Type -AssemblyName System.Windows.Forms # Create the form $form = New-Object System.Windows.Forms.Form $form.Text = "File and Network Location Collector" $form.Size = New-Object System.Drawing.Size(400, 200) # Create the label for file name $fileLabel = New-Object System.Windows.Forms.Label $fileLabel.Text = "File Name:" $fileLabel.Location = New-Object System.Drawing.Point(10, 20) $form.Controls.Add($fileLabel) # Create the text box for file name $fileTextBox = New-Object System.Windows.Forms.TextBox $fileTextBox.Location = New-Object System.Drawing.Point(100, 20) $fileTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($fileTextBox) # Create the label for network location $networkLabel = New-Object System.Windows.Forms.Label $networkLabel.Text = "Network Location:" $networkLabel.Location = New-Object System.Drawing.Point(10, 60) $form.Controls.Add($networkLabel) # Create the text box for network location $networkTextBox = New-Object System.Windows.Forms.TextBox $networkTextBox.Location = New-Object System.Drawing.Point(100, 60) $networkTextBox.Size = New-Object System.Drawing.Size(250, 20) $form.Controls.Add($networkTextBox) # Create the button to submit $submitButton = New-Object System.Windows.Forms.Button $submitButton.Text = "Submit" $submitButton.Location = New-Object System.Drawing.Point(150, 100) $form.Controls.Add($submitButton) # Add event handler for the button click $submitButton.Add_Click({ $fileName = $fileTextBox.Text $networkLocation = $networkTextBox.Text [System.Windows.Forms.MessageBox]::Show("File Name: $fileName`nNetwork Location: $networkLocation") }) # Show the form $form.ShowDialog() In this portion of the code it is copying from one source to many locations. Thank you for any assistance as this would help my organization a lot. We are getting several new hires who are very new to the industry. This would be a huge blessing. Pardon the change in font size. It did that for no reason, its my first time using the blog, and there appears to be no way to change the sizes lol. Forgive me. #Define the source folder and the list of target computers $sourceFolder = "C:\Path\To\SourceFolder" $destinationFolder = "C:\Path\To\DestinationFolder" $computers = @("Computer1", "Computer2", "Computer3") # Replace with actual computer names # Function to copy the folder function Copy-Folder { param ( [string]$source, [string]$destination ) Copy-Item -Path $source -Destination $destination -Recurse -Force } # Execute the copy operation on each computer foreach ($computer in $computers) { Invoke-Command -ComputerName $computer -ScriptBlock { param ($source, $destination) Copy-Folder -source $source -destination $destination } -ArgumentList $sourceFolder, $destinationFolder } Write-Host "Folder copied to all specified computers."techhondoApr 21, 2025Copper Contributor16Views0likes0CommentsActivating a users multiple PIM groups using PowerShell
Hi All, Following on from the implementation of PIM by one of my clients. Due to the large numbers of groups for some staff, i.e. developers etc, we have looked into activating them programmatically. However, this always appears to fall over due to the syntax etc. Whether using Get-MgPrivilegedAccessGroupEligibilityScheduleInstance or Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/identityGovernance/privilegedAccess/group/assignments" or New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest. In various scripts, it either falls over intermittently saying '..is not recognised as the name of a cmdlet..etc etc etc. To check whether anyone else has achieved this. I am trying to avoid reworking what they have put in place over the past 3 months or so. Many Thanks MoZZaSolved_MoZZaApr 18, 2025Brass Contributor24Views0likes1CommentGet-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyID. How to get the ID?
Hello! I am trying to copy an Intune App Protection Policy so I can edit it and apply it to a different group of users. I've cobbled together the below script from other examples but it doesn't work because I am not able to find the -ManagedAppPolicyID that it wants. I've not been able to find it anywhere in Intune. I've not been able to find a PowerShell cmdlet that will list it either. Does anyone know how I can make this work? Or another way to do it? Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "DeviceManagementApps.ReadWrite.All" $policyId = "<Insert App Policy ID>" $appProtectionPolicy = Get-MgDeviceAppManagementManagedAppPolicy -ManagedAppPolicyId $policyId $newPolicy = $appProtectionPolicy | Select-Object * -ExcludeProperty Id, CreatedDateTime, Version, LastModifiedDateTime $newPolicy.DisplayName = "Copy of $($newPolicy.DisplayName)" New-MgDeviceAppManagementMobileAppConfiguration -Data $newPolicy Get-MgDeviceAppManagementManagedAppPolicy -Filter "displayName eq '$($newPolicy.DisplayName)'"kcelmerApr 15, 2025Copper Contributor36Views0likes2CommentsRemove computers from multiple domains from one AD group
Hello! I've tried a couple of scripts I found and still cannot remove these computers from this one AD group. The script I'm currently using is: # Import the Active Directory module Import-Module ActiveDirectory # List of device names to be removed $computers = @( "machine1.domain1", "machine2.domain2" ) # Loop through each device name in the list foreach ($computer in $computers) { # Get the device object from Active Directory $computer = Get-ADComputer -Identity $computer -ErrorAction SilentlyContinue # Check if the device exists if ($computer) { # Remove the device from Active Directory get-adcomputer $computer | remove-adobject -recursive -Confirm:$false Write-Host "Removed device $computer from Active Directory." } else { Write-Host "Device $computer not found in Active Directory." } } The errors I get is the object cannot be found and it always lists Domain1. I'm pretty new to PS so would appreciate any guidance!jmaravigliaApr 15, 2025Copper Contributor82Views0likes7CommentsSecure Way to store lots of credentials using powershell
Dear Community I wanted to ask if there is any way I can store lots of creedentials while still being able to use them in Powershell? I dont want to enter anything in a popup window, because there are way to many credentials to to that by hand. Is it possible that I can just put them in some kind of file and then get the wanted informations (while the file or its contents are somehow encrypted)? Thanks in advance MartinSolved__Martin__Apr 14, 2025Copper Contributor21KViews0likes6CommentsMGraph suddenly stops working
PS C:\Windows> Get-MGUser -All Get-MGUser : InteractiveBrowserCredential authentication failed: In Zeile:1 Zeichen:1 + Get-MGUser -All + ~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List], AuthenticationFailedException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgUser_List Prior to this I did a "connect-mgraph -Scopes "User.Read.All" " and authenticated myself with MFA. Did not get an error doing so. Logged in as a global administrator. Any ideas what i going wrong? I know, the error indicates Authentication Failure, but Authentication looks correctheinzelrumpelApr 11, 2025Brass Contributor54Views0likes2Comments.Net mail message, PowerShell and Microsoft Purview Infrmation Protection
I have a PowerShell script that using the .net mail message to send emails. We want to restrict some of those emails to a certain sensitivity (we call it classification) and restrict it to only internal users (which this label does when sending via Outlook). I have looked at a number of ways to do this but haven't come up with anything that works. Here are the issues: The smtp server is NOT in Office 365. The PowerShell window is opened as an admin account so using an Outlook interface might not work. Currently, I have it set to send remotly (A session is created with the server that is whitelisted and it actually sends the message). Any information would be of great assistance.DFOTAApr 10, 2025Copper Contributor14Views0likes0Comments
Resources
Tags
- Windows PowerShell1,160 Topics
- powershell336 Topics
- office 365274 Topics
- azure active directory140 Topics
- sharepoint128 Topics
- Windows Server127 Topics
- azure96 Topics
- exchange92 Topics
- community54 Topics
- Azure Automation48 Topics