Shared Mailbox of Separated User Management
When we have a user separation, we covert them to a shared mailbox and remove the license. Here is the dilemma, Due HIPAA we must retain these unlicensed users for 7+ years. As you can imaging soon, we will have more unlicensed users in our AAD, making it difficult to manage. Is there a way to move or hide AAD Unlicensed users without losing the shared mailbox? Thank YouAzure B2B SharePoint Integration
I've followed the steps outlined here for enabling Azure B2B integration with SharePoint & OneDrive: Azure AD B2B integration for SharePoint & OneDrive - SharePoint in Microsoft 365 | Microsoft Docs It has enabled successfully however there appears to be no difference when sharing from SharePoint and users aren't being added as Guests in Azure AD. Other steps I've tried: 1. Enable OTP in External Identities 2. Create User flow in External Identities to allow Azure sign up and OTP. Has anyone else had luck configuring this that can provide any futher guidance? Thanks.Sharepoint 2019 Login Azure AD
Hello, we are looking into to integrating our Azure AD to work with our on-premise 2019 SharePoint farm. I have found the guides on how to incorporate the feature, but have specific questions. 1) Can we use both local and Azure for authentication? 2) Can we granularly set the Azure authentication method to certain sites? 3) Will the Azure MFA, conditional access, and InTune features work? 4) Can we use external user accounts to provide access? Thanks!
How do I remove blocked O365 users from being displayed in SharePoint Online' search
When people leave our company we block them in our O365 admin center. The issue that we're having is that when we use sharepoint search' to look for people, the blocked users are still displayed. We want to prohibit the blocked users from being displayed in the search results. We don't want to remove the blocked users. We're using an modern SharePoint experience and we're not having an on-prem AD only an Azure AD. I've found a couple of possible solutions but it seems they only are suitable to companies with a synced on-prem AD. Kind regards
Access Requests impacting permissions granted to Azure AD group?
We have a site where we're managing permissions via Azure AD groups (well, local AD groups that sync to Azure). This has been working fine, but recently a couple of users who were going to be added to the AAD group jumped the gun and submitted "access requests" for the site. One was declined, the other is still sitting there. When I go to the Site Permissions and run Check Permissions for their usernames, both come up as "None", despite the fact that they are now in that AAD group; others who were added to that group at the same time DO have access to the site. So, it seems like the "access request" process has some kind of impact on the users' access to the site when it is granted via an AAD group. In other words if a user requests access and it's declined, does that put some kind of block in place that interferes with permissions being "inherited" from the AAD group? If this is the case, how can I fix this (since it seems access requests can't be deleted, which I kind of understand from an audit trail standpoint)? Can I delete them from the Site Collection Users? Well, I know I can, but will that fix this problem?
What is the difference between Remove-msoluser and Remove-SPOExternalUser
Hi all I doing some clean up of external users in my tenant and deleting stale guest users. There are 2 cmdlets that can be used to delete Guest users: remove-spoexternaluser and remove-msoluser. I understand remove-msoluser can be used to delete both tenant users and external users also. But when it comes to guest users, are they both same? It looks like both can be used to delete external user from Azure AD. And both cmdlets don't delete the external user id from user info list in SharePoint. Is there a preference of one over other?Office 365: How to export all the Active Directory licensed users via PowerShell
In many case, it could be useful to export in CSV all the licensed users existing into the Azure ActiveDirectory. I create that script to run this kind of request adding the following properties (you can easily adapt it if you need more): UserPrincipalName: Tenant login DisplayName: User Display Name AADCountryName: Countryname defined in Azure AD UserLocationCountryName: Country name of the AAD property UsageLocation UsageLocationCountryCode: ISO Format of the AAD property UsageLocation [string]$username = "YourAdminAccount@YourTenant.onmicrosoft.com" [string]$PwdTXTPath = "D:\SECUREDPWD\ExportedPWD-$($username).txt" $isoCountries = @{ "AF" = "Afghanistan"; "AX" = "Aland Islands"; "AL" = "Albania"; "DZ" = "Algeria"; "AS" = "American Samoa"; "AD" = "Andorra"; "AO" = "Angola"; "AI" = "Anguilla"; "AQ" = "Antarctica"; "AG" = "Antigua And Barbuda"; "AR" = "Argentina"; "AM" = "Armenia"; "AW" = "Aruba"; "AU" = "Australia"; "AT" = "Austria"; "AZ" = "Azerbaijan"; "BS" = "Bahamas"; "BH" = "Bahrain"; "BD" = "Bangladesh"; "BB" = "Barbados"; "BY" = "Belarus"; "BE" = "Belgium"; "BZ" = "Belize"; "BJ" = "Benin"; "BM" = "Bermuda"; "BT" = "Bhutan"; "BO" = "Bolivia"; "BA" = "Bosnia And Herzegovina"; "BW" = "Botswana"; "BV" = "Bouvet Island"; "BR" = "Brazil"; "IO" = "British Indian Ocean Territory"; "BN" = "Brunei Darussalam"; "BG" = "Bulgaria"; "BF" = "Burkina Faso"; "BI" = "Burundi"; "KH" = "Cambodia"; "CM" = "Cameroon"; "CA" = "Canada"; "CV" = "Cape Verde"; "KY" = "Cayman Islands"; "CF" = "Central African Republic"; "TD" = "Chad"; "CL" = "Chile"; "CN" = "China"; "CX" = "Christmas Island"; "CC" = "Cocos (Keeling) Islands"; "CO" = "Colombia"; "KM" = "Comoros"; "CG" = "Congo"; "CD" = "Congo, Democratic Republic"; "CK" = "Cook Islands"; "CR" = "Costa Rica"; "CI" = "Cote D'Ivoire"; "HR" = "Croatia"; "CU" = "Cuba"; "CY" = "Cyprus"; "CZ" = "Czech Republic"; "DK" = "Denmark"; "DJ" = "Djibouti"; "DM" = "Dominica"; "DO" = "Dominican Republic"; "EC" = "Ecuador"; "EG" = "Egypt"; "SV" = "El Salvador"; "GQ" = "Equatorial Guinea"; "ER" = "Eritrea"; "EE" = "Estonia"; "ET" = "Ethiopia"; "FK" = "Falkland Islands (Malvinas)"; "FO" = "Faroe Islands"; "FJ" = "Fiji"; "FI" = "Finland"; "FR" = "France"; "GF" = "French Guiana"; "PF" = "French Polynesia"; "TF" = "French Southern Territories"; "GA" = "Gabon"; "GM" = "Gambia"; "GE" = "Georgia"; "DE" = "Germany"; "GH" = "Ghana"; "GI" = "Gibraltar"; "GR" = "Greece"; "GL" = "Greenland"; "GD" = "Grenada"; "GP" = "Guadeloupe"; "GU" = "Guam"; "GT" = "Guatemala"; "GG" = "Guernsey"; "GN" = "Guinea"; "GW" = "Guinea-Bissau"; "GY" = "Guyana"; "HT" = "Haiti"; "HM" = "Heard Island & Mcdonald Islands"; "VA" = "Holy See (Vatican City State)"; "HN" = "Honduras"; "HK" = "Hong Kong"; "HU" = "Hungary"; "IS" = "Iceland"; "IN" = "India"; "ID" = "Indonesia"; "IR" = "Iran, Islamic Republic Of"; "IQ" = "Iraq"; "IE" = "Ireland"; "IM" = "Isle Of Man"; "IL" = "Israel"; "IT" = "Italy"; "JM" = "Jamaica"; "JP" = "Japan"; "JE" = "Jersey"; "JO" = "Jordan"; "KZ" = "Kazakhstan"; "KE" = "Kenya"; "KI" = "Kiribati"; "KR" = "Korea"; "KW" = "Kuwait"; "KG" = "Kyrgyzstan"; "LA" = "Lao People's Democratic Republic"; "LV" = "Latvia"; "LB" = "Lebanon"; "LS" = "Lesotho"; "LR" = "Liberia"; "LY" = "Libyan Arab Jamahiriya"; "LI" = "Liechtenstein"; "LT" = "Lithuania"; "LU" = "Luxembourg"; "MO" = "Macao"; "MK" = "Macedonia"; "MG" = "Madagascar"; "MW" = "Malawi"; "MY" = "Malaysia"; "MV" = "Maldives"; "ML" = "Mali"; "MT" = "Malta"; "MH" = "Marshall Islands"; "MQ" = "Martinique"; "MR" = "Mauritania"; "MU" = "Mauritius"; "YT" = "Mayotte"; "MX" = "Mexico"; "FM" = "Micronesia, Federated States Of"; "MD" = "Moldova"; "MC" = "Monaco"; "MN" = "Mongolia"; "ME" = "Montenegro"; "MS" = "Montserrat"; "MA" = "Morocco"; "MZ" = "Mozambique"; "MM" = "Myanmar"; "NA" = "Namibia"; "NR" = "Nauru"; "NP" = "Nepal"; "NL" = "Netherlands"; "AN" = "Netherlands Antilles"; "NC" = "New Caledonia"; "NZ" = "New Zealand"; "NI" = "Nicaragua"; "NE" = "Niger"; "NG" = "Nigeria"; "NU" = "Niue"; "NF" = "Norfolk Island"; "MP" = "Northern Mariana Islands"; "NO" = "Norway"; "OM" = "Oman"; "PK" = "Pakistan"; "PW" = "Palau"; "PS" = "Palestinian Territory, Occupied"; "PA" = "Panama"; "PG" = "Papua New Guinea"; "PY" = "Paraguay"; "PE" = "Peru"; "PH" = "Philippines"; "PN" = "Pitcairn"; "PL" = "Poland"; "PT" = "Portugal"; "PR" = "Puerto Rico"; "QA" = "Qatar"; "RE" = "Reunion"; "RO" = "Romania"; "RU" = "Russian Federation"; "RW" = "Rwanda"; "BL" = "Saint Barthelemy"; "SH" = "Saint Helena"; "KN" = "Saint Kitts And Nevis"; "LC" = "Saint Lucia"; "MF" = "Saint Martin"; "PM" = "Saint Pierre And Miquelon"; "VC" = "Saint Vincent And Grenadines"; "WS" = "Samoa"; "SM" = "San Marino"; "ST" = "Sao Tome And Principe"; "SA" = "Saudi Arabia"; "SN" = "Senegal"; "RS" = "Serbia"; "SC" = "Seychelles"; "SL" = "Sierra Leone"; "SG" = "Singapore"; "SK" = "Slovakia"; "SI" = "Slovenia"; "SB" = "Solomon Islands"; "SO" = "Somalia"; "ZA" = "South Africa"; "GS" = "South Georgia And Sandwich Isl."; "ES" = "Spain"; "LK" = "Sri Lanka"; "SD" = "Sudan"; "SR" = "Suriname"; "SJ" = "Svalbard And Jan Mayen"; "SZ" = "Swaziland"; "SE" = "Sweden"; "CH" = "Switzerland"; "SY" = "Syrian Arab Republic"; "TW" = "Taiwan"; "TJ" = "Tajikistan"; "TZ" = "Tanzania"; "TH" = "Thailand"; "TL" = "Timor-Leste"; "TG" = "Togo"; "TK" = "Tokelau"; "TO" = "Tonga"; "TT" = "Trinidad And Tobago"; "TN" = "Tunisia"; "TR" = "Turkey"; "TM" = "Turkmenistan"; "TC" = "Turks And Caicos Islands"; "TV" = "Tuvalu"; "UG" = "Uganda"; "UA" = "Ukraine"; "AE" = "United Arab Emirates"; "GB" = "United Kingdom"; "US" = "United States"; "UM" = "United States Outlying Islands"; "UY" = "Uruguay"; "UZ" = "Uzbekistan"; "VU" = "Vanuatu"; "VE" = "Venezuela"; "VN" = "Viet Nam"; "VG" = "Virgin Islands, British"; "VI" = "Virgin Islands, U.S."; "WF" = "Wallis And Futuna"; "EH" = "Western Sahara"; "YE" = "Yemen"; "ZM" = "Zambia"; "ZW" = "Zimbabwe" }; function GetCountryName ([string] $countryCode) { if ($isoCountries.Contains($countryCode)) { return $isoCountries[$countryCode].ToLower(); } else { return $countryCode.ToLower(); } } #GetCountryName "FR" import-module MSOnline $secureStringPwd = ConvertTo-SecureString -string (Get-Content $PwdTXTPath) $creds = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $secureStringPwd connect-msolservice -credential $creds Get-MsolUser -All | Where-Object {$_.isLicensed -eq "True"} |Select-Object -Property UserPrincipalName, DisplayName, @{name='AADCountryName';Expression={$_.Country.ToLower()}}, @{name='UserLocationCountryName';Expression={GetCountryName($_.UsageLocation)}}, @{name='UsageLocationCountryCode';Expression={$_.UsageLocation}} | Export-Csv -Path "Office365AzureADLicensedAccounts.csv" You will have the CSV file to use as you need into your favorite Excel tool. Fabrice Romelard [MVP]
Where to create an Office 365 group?
Right now there are LOTS of places you can create a new 365 Group from. Just to name a few I know of: Azure AD - Directly create a group SharePoint Team Site - Creates a group along with the site Microsoft Teams - Creates a group along with the team (can also make team from existing group) There are quite a few more ways that groups can get instanced, but the real issue here is the lack of symmetry. When a group is created, it gets a SharePoint Team Site regardless of where you make it, but if you make the group as a part of the process of making a new team site you can also select a site design to apply to that site. I have read that site designs can be applied to existing modern sites, but have yet to find out how to do that. If you create a group in Teams, a team is added and linked to the group, but if you create a group anywhere else no team is added! I am trying to build a system where a new Office 365 Group for a new project is created, a specific SharePoint site design/template is provisioned, and a Team is provisioned. Some other configurations are done using the site design script -> launch a flow feature. Can anyone help me understand where the "proper" place to first create a group is? Especially so that there are no lingering loose connections between services? This all seems like a bit of a mess right now.
Unable to call graph API from SharePoint page
I am trying to call the graph API for fetching user profile information. The blog post I followed is this My AAD app config is like: URL: https://tenant.sharepoint.com Reply-url: https://tenant.sharepoint.com Permissions: Graph API :: Read all users' full profiles However, I am getting an error of invalid reply url. Not sure what reply url is it trying to send the response to.How to create an Azure AD security group for use in SharePoint
Hi all, Everywhere I read, I'm being given great advice to setup security groups in Azure AD to then use in SharePoint groups. I understand the pros and cons of this approach and it's perfect for us in theory. However, when I go to Azure AD > Users & Groups > All Groups > New Group, I don't see an option to create a security group (it just creates a new O365 Group in its entirety). When I go to Group Settings in the same place, everything is greyed out. This page appears to include the "Users can create security groups" setting (currently set to No). I thought I was a Global Admin so why is this greyed out? Any help gratefully appreciated. Thanks, Oz
