Wednesday, July 1, 2020

Apply policy to group in Microsoft Team

Let's say that you wanted to apply certainly policy to a batch of users in Microsoft Team. As of now there is not much choice as UI has a limit of you can choose max 20 users and as per one of blog policy to the group will come sometime in July. There is one alternate approach. User out of box policy package in your team and attach that policy to users in the group. You can use below PowerShell script to run through the loop of users in a group and apply policy package to users. Please note that usually, it takes few hours to refreshed to show policy attached to users

$cred = Get-Credential "admin@domainname.onmicrosoft.com"
Connect-AzureAD -Credential $cred
Connect-MicrosoftTeams -Credential $cred

#Change Teaching Staff to your selected AD Group
$group = Get-AzureADGroup -SearchString "Security Group Creation"

$members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true | Where-Object {$_.ObjectType -eq "User"}

#Name        : Education_Teacher
#Description : This is an Education_Teacher package
#
#Name        : Education_SecondaryStudent
#Description : This is an Education_SecondaryStudent package

#Change the PackageName to your chosen package
$members | ForEach-Object { Grant-CsUserPolicyPackage -PackageName Education_PrimaryStudent_RemoteLearning -Identity $_.UserPrincipalName}
Posted by at No comments:
Labels:

Restrict Permission to add New Team in Microsoft Teams

Restricting to add new team feature is not available out of the box in Microsoft Team Admin Center. But there is an alternate approach that you create a security group and then give permission to create team to this group only. Let's assume that you have created the group name 'Security Group Creation Allowed'

$GroupName = "Security Group Creation Allowed"
$AllowGroupCreation = "True"

Connect-AzureAD

$settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
if(!$settingsObjectID)
{
      $template = Get-AzureADDirectorySettingTemplate | Where-object {$_.displayname -eq "group.unified"}
    $settingsCopy = $template.CreateDirectorySetting()
    New-AzureADDirectorySetting -DirectorySetting $settingsCopy
    $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
}

$settingsCopy = Get-AzureADDirectorySetting -Id $settingsObjectID
$settingsCopy["EnableGroupCreation"] = $AllowGroupCreation

if($GroupName)
{
    $settingsCopy["GroupCreationAllowedGroupId"] = (Get-AzureADGroup -Filter "DisplayName eq '$GroupName'").objectId
}
 else {
$settingsCopy["GroupCreationAllowedGroupId"] = $GroupName
}
Set-AzureADDirectorySetting -Id $settingsObjectID -DirectorySetting $settingsCopy

(Get-AzureADDirectorySetting -Id $settingsObjectID).Values
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)