Azure AD – Exchange KB

Restrict Users From Creating New Teams in Microsoft Teams

June 8, 2022Godwin DanielLeave a comment

If you have recently adopted the usage for Microsoft Teams, managing Teams within Teams becomes a toungue twister in itself, If you’re concerned about users creating teams or groups that don’t comply with your business standards, perhaps you want this to be delegated to set of mindful power users group.

Create a Group – This could be a Active Directory Synced group or M365 group
Install AzureAD Public Preview – AzureAD PowerShell Module.
Run the below script, replace the value of “<GroupName>” with the name of the group you have created, enter the administrator credentials when prompted

$GroupName = "<GroupName>"
$AllowGroupCreation = $False

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
    $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
  $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -SearchString $GroupName).objectid
} else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values

reference: https://docs.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups?view=o365-worldwide

Microsoft Admin Portals

November 9, 2020January 8, 2021Godwin DanielLeave a comment

Microsoft 365 Admin Portals

Portal Name	URL
Microsoft 365 Admin Portal	https://admin.microsoft.com/
Microsoft 365 Compliance	https://compliance.microsoft.com/
Microsoft Endpoint Manager Admin Console	https://endpoint.microsoft.com/
Microsoft Endpoint Manager Admin Console (old)	https://devicemanagement.portal.azure.com/
Exchange Admin Center (new)	https://admin.exchange.microsoft.com/
Exchange Admin Center (old)	https://outlook.office365.com/ecp/
Microsoft Teams Admin Center	https://admin.teams.microsoft.com/
SharePoint Admin Center	https://admin.microsoft.com/sharepoint
OneDrive Admin Center	https://admin.onedrive.com/
Apps Admin Center	https://config.office.com/officeSettings#
Power BI Admin Portal	https://app.powerbi.com/admin-portal/usageMetrics?noSignUpCheck=1
Power Platform admin center	https://admin.powerplatform.microsoft.com/
Microsoft Stream Admin Center	https://web.microsoftstream.com/admin
Skype for Business admin center (deprecated)	https://webdir2a.online.lync.com/LSCP
Kaizala Management Portal	https://manage.kaiza.la/
Yammer Admin	https://www.yammer.com/office365/admin
Microsoft Store for Business	https://businessstore.microsoft.com/
Microsoft Store for Education	https://educationstore.microsoft.com/
Microsoft Partner Center	https://partner.microsoft.com/dashboard
Microsoft Remote Connectivity Analyzer	https://testconnectivity.microsoft.com
Microsoft 365 network connectivity test	https://connectivity.office.com/
Microsoft Call Quality Dashboard	https://cqd.teams.microsoft.com/

Azure IT Admin Portals

Portal Name	URL
Microsoft Azure Portal	https://portal.azure.com/
Microsoft Azure (Release Candidate)	https://rc.portal.azure.com/
Microsoft Azure (Preview)	https://preview.portal.azure.com/
Azure Resource Explorer	https://resources.azure.com/
Azure Cloud Shell	https://shell.azure.com/
Azure Active Directory admin center	https://aad.portal.azure.com/
Azure Cosmos DB	https://cosmos.azure.com/
Azure Data Factory	https://adf.azure.com/
Azure Cognitive Services Custom Translator	https://portal.customtranslator.azure.ai/
Azure Non-profit Portal	https://nonprofit.microsoft.com/#/ngoportal

Azure IT Admin Portals – Sub Portal Links

Portal Name	URL
Azure Security Center	https://portal.azure.com…

Microsoft Licensing/Support Portals

Portal Name	URL
Volume Licensing Service Center	https://www.microsoft.com/Licensing/servicecenter/
Next Generation Volume Licensing	https://businessaccount.microsoft.com/
Microsoft Azure Enterprise Portal	https://ea.azure.com/
Microsoft Services Hub	https://serviceshub.microsoft.com/
Microsoft License Advisor	https://mla.microsoft.com/
Microsoft Partner Center	https://partner.microsoft.com/
Azure Subscriptions	https://account.azure.com/Subscriptions

Security / Defender IT Admin Portals

Portal Name	URL
Microsoft Cloud App Security	https://portal.cloudappsecurity.com/
Microsoft Defender for Endpoints (Previously Defender ATP)	https://securitycenter.windows.com/
Microsoft 365 Defender	https://security.microsoft.com/
Office 365 Security & Compliance	https://protection.office.com/
Microsoft Defender for Identity (Previously Azure ATP)	https://portal.atp.azure.com/
Multi-factor authentication	https://account.activedirectory.windowsazure.com…

Developer Portals

Portal Name	URL
Graph Explorer	https://developer.microsoft.com/en-us/graph/graph-explorer
Azure DevOps	https://dev.azure.com/
Visual Studio Subscriptions	https://my.visualstudio.com/
Visual Studio Subscriptions Management	https://manage.visualstudio.com/
Adaptive Cards	https://adaptivecards.io/

Other Useful Microsoft Portals

Portal Name	URL
Office 365 Anti-Spam IP Delist Portal	https://sender.office.com/
Azure Status	https://status.azure.com/
Azure DevOps Status	https://status.dev.azure.com/
Windows Virtual Desktop Consent Page	https://rdweb.wvd.microsoft.com/
Customer Digital Experiences	http://demos.microsoft.com/
Group Policy Search	https://gpsearch.azurewebsites.net/
Microsoft Startups	https://portal.startups.microsoft.com/
Office UI Fabric Icons	https://uifabricicons.azurewebsites.net/
Become Microsoft Certified	https://query.prod.cms.rt.microsoft.com…
Tech Community Video Hub	https://techcommunity.microsoft.com/t5/video-hub/ct-p/VideoHub
Microsoft Azure Sponsorships	https://www.microsoftazuresponsorships.com/
Microsoft Dynamics Lifecycle Services	https://lcs.dynamics.com/
Microsoft MVP	https://mvp.microsoft.com/

Portal Name	URL
What is my Microsoft Azure and Office 365 tenant ID?	https://www.whatismytenantid.com/
Office 365 ATP Safe Links Decoder	https://o365atp.com/
Message Header Analyzer	https://mha.azurewebsites.net/
Tenant Availability Check	https://o365.rocks/

Reference: https://msportals.xyz/

Licenses could not be assigned or removed due to an error -Azure AD group based licenses

June 5, 2020June 5, 2020Godwin DanielLeave a comment

Scenario: Group based licensing is enabled in Azure AD. Exchange online is not assigned through the group based licensed. Newly added users to the group fail to get licenses assigned via the group. Reprocessing the group based license throws error:

Licenses could not be assigned or removed due to an error

Solution: A recent service plan backfilled by the O365 Commerce Team into the Office and Microsoft SKUs Microsoft Bookings a has been added as Enabled on all the licenses. This service plan has a dependency on Exchange Online (Plan 1) or Exchange Online (Plan2).

Disabling the Microsoft Bookings service plan in the affected groups should resolve the licensing error.

Kill all active user sessions in any Azure AD/ Office 365 application

March 28, 2020March 28, 2020Godwin Daniel4 Comments

If you are are ever in a situation where you have to deal with a compromised O365 account or situation similar to mine where users were assigned Onedrive/SPO license and you want to revoke them and stop users from using them immediately, the below cmdlet is much helpful.

If you are dealing with a large group of users, you may tire your fingers clicking on “initiate sign-out” or better get all members of the group and use cmdlet Revoke-AzureADUserAllRefreshToken which invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.

Get the group objectid

Get-MsolGroup [groupname] | fl ObjectId

Next, export the users of the group to a csv

Get-MsolGroupMember -GroupObjectId xxxxx-xxxxx-xxxxx-xxxxx | Select-Object EmailAddress | Export-Csv -Path c:\temp\users.csv

Import the csv and revoke th refresh token for these users.

Import-CSV “c:\temp\users.csv” | % {Get-AzureADUser -SearchString $_.emailaddress | Revoke-AzureADUserAllRefreshToken}

Force a sync from Azure AD Connect to Office 365

June 29, 2018March 28, 2020Godwin DanielLeave a comment

AAD sync runs every 30 minutes, we are several situations where you cant wait 30 minutes for a change to sync across, you still want to force a sync. To do so, on the server which has AAD Connect installed and type the following to import the AAD Connect PowerShell module:

Import-Module ADSync

You check the current settings of the sync scheduler

Get-ADSyncScheduler

adsync01

To force a delta sync, you the following PowerShell command:

Start-ADSyncSyncCycle -PolicyType Delta

adsync02

If you want to force an initial (full) sync, use this command:

Start-ADSyncSyncCycle -PolicyType Initial

	SBX on Manage Exchange 2010 Calendar…
	Abdulrehman Altaf (@… on Block File Sharing in Tea…
	Shakthi on Kill all active user sessions…
	Godwin Daniel on Recover deleted Active directo…
	ANTONIO on Recover deleted Active directo…