Entra PIM Role Activation
# Ensure necessary modules are installed $modules = @("DCToolbox", "Microsoft.Entra") foreach ($module in $modules) { if (-not (Get-Module -ListAvailable -Name $module)) { Install-Module -Name $module -Repository PSGallery -Scope CurrentUser -Force -AllowClobber } } # Check if msal.ps package is installed if (-not (Get-Package -Name msal.ps -ErrorAction SilentlyContinue)) { Install-Package msal.ps -Force -Confirm:$false } # Ensure Entra Authentication module is properly imported Remove-Module Microsoft.Entra.Authentication -ErrorAction SilentlyContinue Import-Module Microsoft.Entra.Authentication -Force # Connect to Entra ID with proper authentication Connect-Entra Add-Type -AssemblyName System.Windows.Forms # Create GUI Form $form = New-Object System.Windows.Forms.Form $form.Text = "EntraPIMRole Activation" $form.Size = New-Object System.Drawing.Size(350, 350) # Create Checkboxes $checkboxes = @() $labels = @("Global Administrator", "Teams Administrator", "SharePoint Administrator", "Exchange Administrator", "Billing Administrator") for ($i = 0; $i -lt $labels.Count; $i++) { $checkbox = New-Object System.Windows.Forms.CheckBox $checkbox.Text = $labels[$i] $checkbox.AutoSize = $true $checkbox.Width = 250 $checkbox.Location = New-Object System.Drawing.Point(20, (20 + ($i * 30))) $checkboxes += $checkbox $form.Controls.Add($checkbox) } # Create TextBox $textBox = New-Object System.Windows.Forms.TextBox $textBox.Location = New-Object System.Drawing.Point(20, 180) $textBox.Size = New-Object System.Drawing.Size(300, 20) $form.Controls.Add($textBox) # Create Button $button = New-Object System.Windows.Forms.Button $button.Text = "Run" $button.Location = New-Object System.Drawing.Point(20, 220) $button.Size = New-Object System.Drawing.Size(80, 30) $button.Add_Click({ $selectedOptions = $checkboxes | Where-Object { $_.Checked } | ForEach-Object { $_.Text } $inputText = $textBox.Text # Verify if the required function exists before executing if (Get-Command -Name Enable-DCEntraIDPIMRole -ErrorAction SilentlyContinue) { Enable-DCEntraIDPIMRole -RolesToActivate $selectedOptions -UseMaximumTimeAllowed -Reason $inputText [System.Windows.Forms.MessageBox]::Show("Activated Roles: $($selectedOptions -join ', ')`nReason: $inputText") } else { [System.Windows.Forms.MessageBox]::Show("Error: Enable-DCEntraIDPIMRole function not found. Ensure the correct module is installed.") } }) $form.Controls.Add($button) # Show Form $form.ShowDialog() Im trying to create a script so i can activate PIM with logon to the azure portal. But for some reason i cant get it to work. Can you all please help me out.
Assigning a Manager with PowerShell Graph – Manager Not Found
Hi everyone, We are currently refactoring our PowerShell scripts to align with Microsoft's recommended standards. In our script that creates new users in Azure Active Directory (AAD) via Microsoft Graph, we’re having trouble assigning a manager to a new user. Whether we try using the manager’s object ID or email address, the manager is not found, and the assignment fails. Has anyone encountered this issue before? Is there something we might be doing wrong in how we’re referencing or assigning the manager? Thanks in advance for your help.
A little help please with Get-AzADObject
I am trying to write a PowerShell script that will list the users who hold specified Azure roles into a .csv file for security reviews. I'm new to PowerShell and I'm struggling with this for far too long on my own. Here's what I've got: I keep getting the error: Get-AzADObject: The term 'Get-AzADObject' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. I've already used: Get-Module AzureAD Install-Module AzureAD Import-Module AzureAD With no errors on any of those. What am I missing, please?
Ad-Hoc Entra MFA using SMS
Error : Get MFA Client Access TokenDone. Send MFA challenge to the user Done. OTP sent to your phone. Please enter the OTP: Enter the OTP sent via SMS: 696632 Invoke-RestMethod: C:\Git_Repo\MFA_Test\MFATestWIthKyle\sms.ps1:54:28 Line | 54 | … ionResult = Invoke-RestMethod -Uri 'https://strongauthenticationservi … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Service BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; | } #content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; } A:link { color: #336699; font-weight: bold; | text-decoration: underline; } A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; } A:active { color: | #336699; font-weight: bold; text-decoration: underline; } .heading1 { background-color: #003366; border-bottom: #336699 6px | solid; color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal;margin: 0em 0em 10px -20px; padding-bottom: | 8px; padding-left: 30px;padding-top: 16px;} pre { font-size:small; background-color: #e5e5cc; padding: 5px; font-family: | Courier New; margin-top: 0px; border: 1px #f0f0e0 solid; white-space: pre-wrap; white-space: -pre-wrap; word-wrap: break-word; | } table { border-collapse: collapse; border-spacing: 0px; font-family: Verdana;} table th { border-right: 2px white solid; | border-bottom: 2px white solid; font-weight: bold; background-color: #cecf9c;} table td { border-right: 2px white solid; | border-bottom: 2px white solid; background-color: #e5e5cc;} Service Endpoint not found. WARNING: Invalid OTP or validation failed. Below line causing the error $mfaValidationResult = Invoke-RestMethod -Uri 'https://strongauthenticationservice.auth.microsoft.com/StrongAuthenticationService.svc/Connector//ValidatePin' -Method POST -Headers $Headers -Body $XML -ContentType 'application/xml'
Adding External Users in-bulk to: Microsoft Teams & Private Channel(s) within the Team
We have a customer who requires over 350 external users (their customers) to be added / invited into a Team which has been created. "Half" of the users need to be added into "private channel a", and the other "Half" need to be added into "private channel b". We have attempted to add the users via various PowerShell scripts, however none of these scripts that we have been provided with have worked for various reasons. I have been unable to locate any native methods for this within the MS 365 admin centre, therefore believe that the only way to achieve this is by PowerShell scripting. Example of the most recent script we have is as follows, omitting the creation of the private channel(s) as they have already been created - see below: We require assistance with the actual script itself to: Add users into the team from a CSV of their email addresses. Assign the users to the correct private channel. Note - users will be added in 2 batches - 1 per private channel, so we just require scripting that can be modified to achieve this. # Install the Microsoft Teams PowerShell Module Install-Module -Name PowerShellGet -Force -AllowClobber Install-Module -Name MicrosoftTeams -Force -AllowClobber # Connect to Microsoft Teams Connect-MicrosoftTeams # Define the team name and path to the CSV file $teamName = "Your Team Name" $csvPath = "C:\path\to\your\users.csv" # Get the GroupId of the team $team = Get-Team -DisplayName $teamName $groupId = $team.GroupId # Import users from the CSV file $users = Import-Csv $csvPath # Add external users to the team foreach ($user in $users) { Add-TeamUser -GroupId $groupId -User $user.Email } # Define the private channel name $privateChannelName = "Private Channel Name" # Create the private channel New-TeamChannel -GroupId $groupId -DisplayName $privateChannelName -MembershipType Private # Get the ChannelId of the private channel $channel = Get-TeamChannel -GroupId $groupId -DisplayName $privateChannelName $channelId = $channel.Id # Add users to the private channel foreach ($user in $users) { Add-TeamChannelUser -GroupId $groupId -User $user.Email -ChannelId $channelId }
Microsoft Graph Sign in Log Script
Hi all, I'm trying to create a script that will check sign ins based on the location. How ever the location always appears as 'Microsoft.Graph.PowerShell.Models.MicrosoftGraphSignInLocation'. I am able to see the location if I select the property 'location' by itself and expand the property, but then that only show's a list of the locations. If I add other properties, it either doesn't work or it displays like this: I tried exporting as a csv and the location column values showed up as 'Microsoft.Graph.PowerShell.Models.MicrosoftGraphSignInLocation'. This is what I have currently: Get-MgAuditLogSignIn -Filter "location/countryOrRegion eq 'AU'" -Top 10 | format-list And if I try selecting properties (I would add more properties later, this is just an example: $properties = 'location, userprincipalname' Get-MgAuditLogSignIn -All -Filter "location/countryOrRegion eq 'AU'" -Top 10 -Property $properties | Select -ExpandProperty $properties Has anyone tried something similar?
Assistance Needed with OneDrive and Office 365 Activity PowerShell Scripts
Dear All, I am using the scripts below to retrieve OneDrive and Office 365 activity details for my tenant. However, in the "User Principal Name" field, I am getting an ID instead of the email address. This issue started after September 18; prior to that, it was working fine and showing the email addresses as expected. I run these scripts daily and generate a Power BI report based on the output. Scripts Used Get User OneDrive Activity: Invoke-GraphApiRequest -uri "https://graph.microsoft.com/v1.0/reports/getOneDriveActivityUserDetail(date=$yesterdaydate)" -FileName "OneDrive\ODUserDailyActivity\OneDriveUserDailyActivity" -Verbose:$VerbosePreference Invoke-GraphApiRequest -uri "https://graph.microsoft.com/v1.0/reports/getOneDriveUsageAccountDetail(date=$yesterdaydate)" -FileName "OneDrive\ODUsageDailyReport\OneDriveUsageDailyReport" -Verbose:$VerbosePreference Here is an example of the output I’m receiving: Report Refresh Date,User Principal Name,Is Deleted,Deleted Date,Last Activity Date,Viewed Or Edited File Count,Synced File Count,Shared Internally File Count,Shared Externally File Count,Assigned Products,Report Period 2024-11-22,830E1CDE8B16F21C80B207D213852737,False,,2024-11-22,1,0,0,0,MICROSOFT COPILOT STUDIO VIRAL TRIAL+MICROSOFT 365 E5+MICROSOFT COPILOT STUDIO USER LICENSE+MICROSOFT POWER AUTOMATE FREE+MICROSOFT INTUNE SUITE+MICROSOFT FABRIC (FREE)+MICROSOFT DEFENDER VULNERABILITY MANAGEMENT ADD-ON+DYNAMICS 365 CUSTOMER VOICE TRIAL+PLANNER AND PROJECT PLAN 3+POWER APPS PREMIUM+MICROSOFT POWER APPS FOR DEVELOPER,1 This is just one example, but I am seeing similar results for most of these scripts. Could you please help me resolve this issue? Thank you in advance!
