api management
21 TopicsPowerShell 7.4 SharePoint Question
Hi everyone, I’m seeking assistance with constructing a PowerShell script to manage document versions and space on multiple SharePoint sites. My goal is to: Connect to various SharePoint sites. Delete older copies of documents to free up space. Update version history settings to ensure future document control. Pull the list of SharePoint sites from a CSV file to handle multiple sites at once. Produce a log at the end of the script execution. I’ve encountered challenges with consistent authentication methods, having tried PnP PowerShell and SharePoint REST API. I would appreciate guidance on the best approach for handling credentials and login within the script. Any advice or examples would be greatly appreciated! Thank you in advance for your help.12Views0likes1CommentFabric API: Update user scopes
Context: The token I generated was retrieved by logging in with 'Login-PowerBI', followed by "Get-PowerBiAccessToken -asstring" inside of Powershell. This token was then copied and used inside of postman for the authorization. I didn't use any extra parameters. Since the current usage of a Service Principal is quite limited for the Fabric API, we're opting to use the personal bearer token. Scenario: At our company we're trying to experiment a bit with the MS Fabric API (https://api.fabric.microsoft.com). With the service principal token, we've been able to use the API to list the workspaces, items, ... basically most standard get calls you could imagine. But, it doesn't support creating items yet via the service principal. So, we had to switch to the usage of a personal user token. We are able to create workspaces via my individual token, but I'm unable to create individual items inside of a workspace. This is due to the fact that I don't have any individual item level scopes assigned to me for now. My current scopes are: "App.Read.All Capacity.Read.All Capacity.ReadWrite.All Content.Create Dashboard.Read.All Dashboard.ReadWrite.All Dataflow.Read.All Dataflow.ReadWrite.All Dataset.Read.All Dataset.ReadWrite.All Gateway.Read.All Gateway.ReadWrite.All Pipeline.Deploy Pipeline.Read.All Pipeline.ReadWrite.All Report.Read.All Report.ReadWrite.All StorageAccount.Read.All StorageAccount.ReadWrite.All Tenant.Read.All Tenant.ReadWrite.All UserState.ReadWrite.All Workspace.Read.All Workspace.ReadWrite.All" As you can see, it's quite normal that I'm only able to create a Workspace. But I want to be able to assign e.g. "Notebook.ReadWrite.All" to my user. How do I do this for an individual user? I'm trying to automate as much as possible using Powershell scripts, but the current scopes are quite limited. Goal: Using a personal bearer token (not generated through a service principal) to create a notebook item. Endpoint: https://learn.microsoft.com/en-us/rest/api/fabric/core/items/create-item?tabs=HTTP Question: Is it possible to do this without the usage of a service principal? I know you can use the copy(PowerBIAccessToken) inside of the dev-tools in your browser, but I want to do it more automatically. Hopefully this is the right section to ask such things, and thank you in advance for your help!324Views0likes0CommentsDefault meeting template for all users in the organization
I have a problem with configuring the default meeting template for every user in the company without their interactions. We have a public folder, I published there a template and I can use it as well as users inside the public folder, if they go to Outlook - Calendar - right click on calendar - properties - in the filed "When posting to this folder use..." - and choose a form from "Organizational forms library". The goal is to set the template up as a default automatically for every user in the company. I know there is probably a way to do that via EMS or Powershell script, but as far as I search in the Internet, there is only Add-ins solutions for that, we want to avoid any add-ins for that. Also, every related articles are more about how to set default meeting template up for the user from the Outlook, but not for the users from Admin perspective. Related articles: Default Meeting Template for all users in the organisation. - Microsoft Community Hub Edit the default body for a meeting for the whole org. - Microsoft Community How to deploy outlook meeting template for all user in the organization - Microsoft Q&A How can we do that ?1.8KViews0likes4CommentsPowershell v7 connect to SQL Always Encrypted Keys
HI I have a PS 7 console, and i need to connect to a SQL database that has implemented Always Encrypted Keys. The code to connect to the sql database is the following $conn="Server=sv1;User=user; Password=pwd; Initial Catalog=BD; Column Encryption Setting=enabled;" $sqlConn = New-Object System.Data.SqlClient.SqlConnection $sqlConn.ConnectionString = $conn The error that i get is below Exception setting "ConnectionString": "Keyword not supported: 'column encryption setting'." This code run on PS v5 but not on 7 that is where I must run it. Can anyone help?Solved639Views0likes1CommentAPI to change the name of a dataflow
Hello, I would like to be able to change the name of a dataflow using this API: https://learn.microsoft.com/en-us/rest/api/power-bi/dataflows/update-dataflow Here is my code: $body=@{ name = "DTF TEST Pipeline 1.0.1" } Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/groups/8569358a-549c-466a-894c-de113f5c4fb1/dataflows/8774dad3-3f17-4444-b73b-b82cea0812b6" -Method Patch -Body $body However when I run the command I get this error message: Invoke-PowerBIRestMethod : Une ou plusieurs erreurs se sont produites. Au caractère Ligne:12 : 1 + Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/gro ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (Microsoft.Power...werBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], AggregateException + FullyQualifiedErrorId : Une ou plusieurs erreurs se sont produites.,Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod Invoke-PowerBIRestMethod : Encountered errors when invoking the command: { "code": "BadRequest", "message": "Bad Request", "details": [ { "message": "Unexpected character encountered while parsing value: S. Path '', line 0, position 0.", "target": "dataflowUpdateInformation" } ] } Au caractère Ligne:12 : 1 + Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/gro ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : WriteError: (Microsoft.Power...werBIRestMethod:InvokePowerBIRestMethod) [Invoke-PowerBIRestMethod], Exception + FullyQualifiedErrorId : Encountered errors when invoking the command: { "code": "BadRequest", "message": "Bad Request", "details": [ { "message": "Unexpected character encountered while parsing value: S. Path '', line 0, position 0.", "target": "dataflowUpdateInformation" } ] },Microsoft.PowerBI.Commands.Profile.InvokePowerBIRestMethod797Views0likes1CommentHelp with Power BI REST API output
I have the following script that is using Invoke-PowerBIRestMethod. I have a couple of issues I need to help solving. 1. You can see I'm trying to convert the output of the API to a table or some kind of useable/readable format. Getting it to a csv would be fine but none of the output is useful or formatted. 2. The output does not include the Original GUIDs that I am looping through. Is there a way to get those added to the final output. Somerhing like GUID - (The actual report id uses in the API url parameter) emailaddress owner displayname identifier userType Login-PowerBIServiceAccount $ReportIDs = $(Get-PowerBIReport -Scope Organization).ID $ReportIDs $endreport = @() ForEach ($id in $ReportIDs){ $endreport += --Invoke-PowerBIRestMethod -Url "https://api.powerbi.com/v1.0/myorg/admin/reports/$id/users" ----Method Get|ConvertFrom-String|Format-List #the convert and format-tables don't really help when I try to export them. } $endreport1.8KViews0likes1CommentPart 5 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 to 4 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3339696 https://techcommunity.microsoft.com/t5/windows-powershell/part-4-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3409310 This article is about connecting to Exchange Online. Remember: Connections to the Microsoft Graph are protected by one or more permission scopes. Service Scopes: Exchange Online (Focus in this article) Mail and Calendar SharePoint Online Files and Sites Microsoft Teams Teams, Channels, Chats and Members Mail Delegated Permissions: Mail.Read Allows reading mail in in user mailboxes Mail.ReadBasic Allows reading mail in the signed-in user's mailbox, except for body, bodyPreview, uniqueBody, attachments, extensions, and any extended properties Mail.ReadWrite Allows creating, reading, updating, and deleting mail in user mailboxes Mail.Read.Shared Allows reading mail that the user can access, including the user's own and shared mail Mail.ReadWrite.Shared Allows creating, reading, updating, and deleting mail that the user has permission to access, including the user's own and shared mail Mail.Send Allows sending mail as users in the organization Mail.Send.Shared Allows sending mail as the signed-in user, including sending on-behalf of others MailboxSettings.Read Allows reading user's mailbox settings MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings IMAP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes POP.AccessAsUser.All Allows reading, updating, creating and deleting mail in user mailboxes SMTP.Send Allows sending mail as users in the organization Mail Application Permissions: Mail.Read Allows reading mail in all mailboxes without a signed-in user Mail.ReadBasic.All Allows reading all users mailboxes except Body, BodyPreview, UniqueBody, Attachments, ExtendedProperties, and Extensions Mail.ReadWrite Allows creating, reading, updating, and deleting mail in all mailboxes without a signed-in user Mail.Send Allows sending mail as any user without a signed-in user MailboxSettings.Read Allows reading user's mailbox settings without a signed-in user MailboxSettings.ReadWrite Allows creating, reading, updating, and deleting user's mailbox settings without a signed-in user Calendar Delegated Permissions: Calendars.Read Allows reading events in user calendars Calendars.Read.Shared Allows reading events in all calendars that the user can access, including delegate and shared calendars Calendars.ReadWrite Allows creating, reading, updating, and deleting events in user calendars Calendars.ReadWrite.Shared Allows creating, reading, updating, and deleting events in all calendars the user has permissions to access Calendar Application Permissions: Calendars.Read Allows reading events of all calendars without a signed-in user Calendars.ReadWrite Allows creating, reading, updating, and deleting events of all calendars without a signed-in user Connecting to Exchange Online: Set-Location C:\ Clear-Host #If needed Import-Module Microsoft.Graph #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #We check the profile Get-MgProfile #Connection for Creating, Reading, Updating, and Deleting Mail $scopes = @("Mail.ReadWrite") Connect-MgGraph -Scopes $scopes #We search for my a UserID Get-MgUser #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $mailfolders = Get-MgUserMailFolder -UserId $User.Id -All $mailfolders #Connection for Sending Mail as Users in the Organization $scopes = @("SMTP.Send") Connect-MgGraph -Scopes $scopes #Connection for Creating, Reading, Updating, and Deleting Events in User Calendars $scopes = @("Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes #An example $User = Get-MgUser -UserId "ab8637c3-39ba-47f3-ad53-7fcd9a3f49a6" $calendar = Get-MgUserCalendar -UserId $User.Id -All $calendar #Core Connection for Managing Mail and Calendar $scopes = @("Mail.ReadWrite","Calendars.ReadWrite") Connect-MgGraph -Scopes $scopes So that's it again for part 5, we'll see you again in the next part! A little preview, in the next part we'll talk about SharePoint Online and Microsoft Teams in the Microsoft Graph. See you soon. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler2.3KViews1like2CommentsPart 4 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1, 2 and 3 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 https://techcommunity.microsoft.com/t5/windows-powershell/part-3-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3339696 This article is about managing users and groups. How to Connect to Microsoft 365 for User Management? Remember: Connections to the Microsoft Graph are protected by one or more permission scopes. Delegated User Permissions: 1. User.ReadBasic.All Allows reading a basic set of profile properties of other users in the organization on behalf of the signed-in user 2. User.Read.All Allows reading the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user 3. User.ReadWrite.All Allows reading and writing the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user. Allows creation and deletion of users as well as reset passwords 4. Directory.Read.All Allows reading of data in the organization's directory, such as users, groups and apps 5. Directory.ReadWrite.All Allows reading and writing data in the organization's directory, such as users, and groups 6. Directory.AccessAsUser.All Allows the app or code to have the same access to data in the directory as the signed-in user Connect for User Management: #If needed Import-Module Microsoft.Graph #Set the API to the 'beta' endpoint Select-MgProfile -Name "beta" #Read Only Connection $scopes = @( "User.ReadBasic.All" "User.Read.All" "Directory.Read.All" ) Connect-MgGraph -Scopes $scopes #Read and Write Connection $scopes = @( "User.ReadWrite.All" "Directory.ReadWrite.All" ) Connect-MgGraph -Scopes $scopes #Check the permissions Get-MgContext | select -ExpandProperty scopes Creating, Updating, and Deleting Users - Basic User Management Commands: - Get-MgUser - Remove-MgUser - New-MgUser - Update-MgUser Retrieving User Accounts: #Retrieve All Users Get-MgUser | Format-List ID, DisplayName, Mail, UserPrincipalName #Retrieve Specific User by ID Get-MgUser -UserId 'f9c720a4-c7f1-4b00-b419-ff2c806e0ddf' | Format-List ID, DisplayName, Mail, UserPrincipalName #Create a New User Account $password = @{ Password= 'P@ssw0rd4625???' } New-MgUser -DisplayName 'Timo Jones' -PasswordProfile $password -AccountEnabled -MailNickName 'timojones' -UserPrincipalName 'timo.jones@tomrocks.ch' Updating User Accounts: #Update User Using ID Update-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' -DisplayName 'Timo R Jones' #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' #Retrieve User Using Filtering, Then Update $user = Get-MgUser -ConsistencyLevel eventual -Filter "startsWith(UserPrincipalName, 'timo.jones@tomrocks.ch')" Update-MgUser -UserId $user.Id -DisplayName 'Timo Jones' #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' Deleting User Accounts: #Remove User by ID Remove-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' #Remove User by ID with Confirmation Remove-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' -Confirm #Retrieve User Using Filtering, Then Delete $user = Get-MgUser -ConsistencyLevel eventual -Filter "startsWith(UserPrincipalName, 'timo.jones@tomrocks.ch')" Remove-MgUser -UserId $user.Id -Confirm #Did it work Get-MgUser -UserId 'e0004b8a-b13f-4355-a291-4a7fef7d96df' How to Connect to Microsoft 365 for Group Management? Delegated Group Permissions: 1. Group.Read.All Allows listing groups, and reading properties and all group memberships on behalf of the signed-in user 2. Group.ReadWrite.All Allows creation of groups and reading of all group properties and memberships on behalf of the signed-in user 3. GroupMember.Read.All Allows listing of groups, reading basic group properties and reading memberships of all groups the signed-in user has access to 4. GroupMember.ReadWrite.All Allows listing of groups, reading basic properties, reading and updating the membership of the groups the signed-in user has access to Connect for Group Management: #Read Only Connection $scopes = @("Group.Read.All") Connect-MgGraph -Scopes $scopes #Read and Write Connection $scopes = @("Group.ReadWrite.All") Connect-MgGraph -Scopes $scopes #Read and Write Connection Including Group Memberships $scopes = @( "Group.ReadWrite.All" "GroupMember.ReadWrite.All") Connect-MgGraph -Scopes $scopes #Check the permissions Get-MgContext | select -ExpandProperty scopes Creating, Updating, and Deleting Groups - Basic Group Management Commands: - Get-MgGroup - Remove-MgGroup - New-MgGroup - Update-MgGroup Retrieving Groups: #Retrieve All Groups Get-MgGroup| Format-List ID, DisplayName, Description, GroupTypes #Retrieve Specific Group by ID Get-MgGroup -GroupId '12eda8b0-695b-4f57-a7b3-245b2a6552c9' | Format-List ID, DisplayName, Description, GroupTypes #Retrieve Groups by Filtering Get-MgGroup -ConsistencyLevel eventual -Filter "startsWith(DisplayName, 'Technik')" Creating Groups: #Create a New Group New-MgGroup -DisplayName 'MSGraph' -MailEnabled: $False -MailNickName 'MSGraph' -SecurityEnabled Updating Groups: #Update Group Using ID $properties = @{ "Description" = "New MS Graph Group" "DisplayName" = "New MS Graph Group Description" } Update-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' -BodyParameter $properties #Did it work? Get-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' Deleting Groups: #Remove Group by ID Remove-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' #Remove Group by ID with Confirmation Remove-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' -Confirm #Retrieve Group Using Filtering, Then Delete $group = Get-MgGroup -ConsistencyLevel eventual -Filter "startsWith(DisplayName, 'New MS Graph Group Description')" Remove-MgGroup -GroupId $group.Id -Confirm #Did it work? Get-MgGroup -GroupId 'b2af405b-1c46-46c2-be8e-5288bc9c7dc6' Modify Group Membership: #Add a Group Member $user = Get-MgUser -ConsistencyLevel eventual -Search '"DisplayName:Timo Meyer"' $group = Get-MgGroup -GroupId 'be278623-1c0b-4c18-bb97-c617463ca920' New-MgGroupMember -GroupId $group.Id -DirectoryObjectId $user.Id #Did work? Get-MgGroupMember -GroupId $group.Id So that's it again for part 4, we'll see you again in the next part! A little preview, in the next part we'll talk about Exchange Online in the Microsoft Graph. See you soon. I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler3.6KViews0likes0CommentsPart 3 - Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!
Dear Microsoft Azure and Microsoft 365 Friends, This article continues with the topic Microsoft Graph PowerShell SDK. Part 1 and 2 can be found here: https://techcommunity.microsoft.com/t5/windows-powershell/part-1-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3300352 https://techcommunity.microsoft.com/t5/windows-powershell/part-2-manage-azure-and-microsoft-365-with-the-microsoft-graph/m-p/3302366 How to Connect to Microsoft 365? 1. With direct Command or 2. Azure App Registration Modifying an Existing Connection: - Scopes are required for each connection - Scope permissions are for the current session (unless using an Azure App Registration) - Extra needed permissions require re-connecting with the specified scopes Viewing Existing Connection Details: #If needed Import-Module Microsoft.Graph #Connect to Microsoft 365 to Access Users and Groups Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All" #View Current Connection Details Get-MgContext (Get-MgContext).AuthType (Get-MgContext).Scopes Reconnect Connection with Updated Scopes: #Original Connection Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All" #Update Connection to Allow "Group Members" Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All","GroupMember.ReadWrite.All" Don't forget, when updating the connection, you need to confirm the consent again. #View the new Current Connection Details Get-MgContext (Get-MgContext).AuthType (Get-MgContext).Scopes Connecting Using an Azure App Registration (Advantages of Azure App Registrations): - App-only Access Grants Permissions to an Application - Requires Administration Consent - Predefined Permissions Control Access Prerequisites to Using App-only Authentication: - Require a Certificate - Self-signed or from an Authority - Register an Azure Active Directory App - Assign Required Permissions Scopes - Share the Public Key of the Certificate Creating a Self-signed Certificate: #Create the Certificate $cert = New-SelfSignedCertificate -Subject "CN={GraphCertificate}" -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyExportPolicy Exportable -KeySpec Signature ` -KeyLength 4096 -KeyAlgorithm RSA -HashAlgorithm SHA256 #Export the Created Certificate Export-Certificate -Cert $cert -FilePath "C:\Certs\{GraphCertificate}.cer" #Set the Password and Export as "PFX" $pwd = ConvertTo-SecureString -String "{Password}" -Force –AsPlainTextExport -PfxCertificate ` -Cert $cert -FilePath "C:\Certs\{GraphCertificate}.pfx" -Password $pwd Create the Azure App Registration: 1. Navigate to the Azure Active Directory Admin Center 2. Register a New Application using Accounts in the Organizational Directory Only 3. Copy the Application and Directory ID 4. Assign API Permissions 5. Upload the Certificate Connect Using Azure App Registration: #Connect Using an Azure App Registration Connect-MgGraph ` -ClientId "YOUR CLIENT ID" ` -TenantId "YOUR TENANT ID" ` -CertificateThumbprint "YOUR CERT THUMBPRINT" #Check the Current Context Get-MgContext That's it for the third part. In the next part, we will continue with managing Users and Groups. See you soon! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler2.2KViews0likes0Comments