Microsoft 365 MFA - I have lost my mobile which has Microsoft Authenticator apps installed now how to login and register to another mobile .

 1) Update your Office 365 Admin to revoke MFA Session and Require Re-Register MFA.

Go to Azure AD > User (select user) > Authentication methods > Click on Require re-register MFA  and Revoke MFA Session.

2) Go to the URL :  https://aka.ms/proofup and setup your new device.

3) Once Device is get setup you can able to see your old device , Remove this .

Create custom attribute and update value for guest account users

// Update custom attribute of the user.

Connect-AzureAD 

Get-AzureADUser -ObjectId 79a36543-1e05-4407-9e74-df6bea9135d4 | Select -ExpandProperty ExtensionProperty

Set-AzureADUserExtension -ObjectId 79a36543-1e05-4407-9e74-df6bea9135d4 -ExtensionName "extension_2c8a597a3ee24c138b03a0a67c5180b7_aribaemployeeID" -ExtensionValue "0000809999"

Code with variable

Connect-AzureAD # Enter your Azrue Admin/pwd 

$UserObjectID  = "32b290fb-ea39-4f9b-b4a1-268fb2" # Copy the object id of the user from Azure AD 
$UserAribaID = "0000900022" # Enter user's employee id adding 0 as prefix to make this 10 chararcter example Employee ID = 901022 , Ariba ID = 0000900022


Get-AzureADUser -ObjectId $UserObjectID | Select -ExpandProperty ExtensionProperty # Check extension property before update

Set-AzureADUserExtension -ObjectId $UserObjectID -ExtensionName "extension_2c8a597a3ee24c138b03a0a67c5180b7_aribaemployeeID" -ExtensionValue $UserAribaID

Get-AzureADUser -ObjectId $UserObjectID | Select -ExpandProperty ExtensionProperty # Check extension property after update .

SBC - Direct routing assign dial plan

Import-Module SkypeOnlineConnector
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession

Get-CsOnlineUser -Identity "lava@hrmasd.com" | fl RegistrarPool,OnPremLineUriManuallySet,OnPremLineUri,LineUri

Set-CsUser -Identity "lava@hrmasd.com" -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:+34000125098

Get all Azure AD users details to CSV file

$O365Account = 'admin.sanjiv.kumar@abcdef.onmicrosoft.com'
$O365pw = ConvertTo-SecureString 'tytyt' -AsPlainText -Force
$O365Credentials = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $O365Account, $O365pw

Connect-AzureAD -Credential $O365Credentials

$Alluser = Get-AzureADUser -All:$True | Select DisplayName,UserPrincipalName, PasswordPolicies, AccountEnabled 
$Alluser | Export-Csv C:\Temp\user.csv

Add Guest account users to exchange Global Address list

https://docs.microsoft.com/en-gb/microsoft-365/admin/create-groups/manage-guest-access-in-groups?view=o365-worldwide#add-guests-to-the-global-address-list

Create Exchange online address list

https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-lists?view=exchserver-2019#:~:text=By%20default%2C%20a%20new%20installation,recipients%20in%20the%20Exchange%20organization.

--------------------------------Filter properties------------------------------------------
https://docs.microsoft.com/en-gb/powershell/exchange/recipientfilter-properties?view=exchange-ps

-------------Steps------------------
https://tech.xenit.se/how-to-create-a-custom-address-lists-in-exchange-online/

Get-AddressList
New-AddressList -Name 'Test Address List' -RecipientFilter {((Company -eq 'XYZ'))}

----------Bulk Contact user creation ---------------------
https://docs.microsoft.com/en-us/microsoft-365/compliance/bulk-import-external-contacts?view=o365-worldwide#hide-external-contacts-from-the-shared-address-book

Check specific service plan (Exchange, OneDrive or Yammer) enabled or disabled in office 365 license users with assigned Date

$O365Account = 'admin.sanjiv.kumar@abcabc.onmicrosoft.com'
$O365pw = ConvertTo-SecureString 'Password' -AsPlainText -Force
$O365Credentials = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $O365Account, $O365pw

Connect-AzureAD -Credential $O365Credentials
Connect-MsolService -Credential $O365Credentials
#Log File
$users = Import-Csv 'C:\Temp\Excel data\Data.csv'
Start-Transcript -Path C:\Temp\SOF_Yammer_LicensesReportTranscript_$(get-date -f ddMMyyyy-HHmm).txt -Append
$Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss
$LogFileName=([string]::Concat("C:\Temp\SOT_Yammer_Report-" , $Datetime ,".csv"))
New-Item  $LogFileName  -ItemType file

Add-Content $LogFileName -Value ([string]::Concat("User email" +","+ "License Assigned date"))


#$users = Get-MsolUser -all #| Where isLicensed -EQ $true


#Foreach ($employee in $employee_list) 
Foreach ($user in $users)

{
    
    
    $intFlag = 0

    $UserEmailAddress = $user.Email

    $assignedplans = (Get-AzureADuser -ObjectId $UserEmailAddress).assignedplans

    foreach ($assignedplan in $assignedplans)

    {

       # To check the service plan ID look at MS website https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-service-plan-reference#next-steps
         #If (($assignedplan.ServicePlanId -eq "efb87545-963c-4e0d-99df-69c6916d9eb0"))# for Excahnge
         If (($assignedplan.ServicePlanId -eq "7547a3fe-08ee-4ccb-b430-5077c5041653")) #for Yammer
         #If (($assignedplan.ServicePlanId -eq "5dbe027f-2339-4123-9542-606e4d348a72")) #for OneDrive
        
        
        
        {
            If (($assignedplan.CapabilityStatus -eq "Enabled"))

             {
        
                    Write-Host   $UserEmailAddress -ForegroundColor White
                    Add-Content $LogFileName -Value ([string]::Concat($UserEmailAddress) +","+ $($assignedplan.AssignedTimestamp))
           
            }
        }

    }

    

}


Write-Host -ForegroundColor Cyan "`n***** Script completed, please close this window *****"
Stop-Transcript

Get the list of Microsoft Teams Coexistence mode (Teams only, Island mode, Skype online)

1 2 3 4 5 6

Import-Module SkypeOnlineConnector $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential Import-PSSession $sfbSession Get-CsOnlineUser | select DisplayName,UserPrincipalName,TeamsUpgradePolicy,TeamsUpgradeEffectiveMode | export-csv “C:\Temp\TeamReportfile29.csv” -NoTypeInformation

Create a new office 365 application instance for an Auto Attendant and Call Queue

1 2 3 4 5 6 7 8 9 10 11 12

#http://hilite.me/ Import-Module SkypeOnlineConnector Import-PSSession $sfbSession $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential #For new application instance for an Auto Attendant New-CsOnlineApplicationInstance -UserPrincipalName Test.AutoAttendent@test.com -ApplicationId “ce933385-9390-45d1-9512-c8d228074e07” -DisplayName "Test Auto Attendent" #For new application instance for a Call Queue New-CsOnlineApplicationInstance -UserPrincipalName Test.Queue@test.com -ApplicationId “11cd3e2e-fccb-42ad-ad00-878b93575e07” -DisplayName "Test Call Queue"

Change office 365 user usagelocation using powershell

1 2 3 4 5 6 7

#http://hilite.me/ # Find the Country code from https://www.iso.org/obp/ui/#search/code/ # Look for column alpha-2 (A2) two-letter country or region code $userCredential = Get-Credential Connect-MsolService -Credential $userCredential Set-MsolUser -UserPrincipalName sanjiv.test@test.com -UsageLocation "FR"

How to assign Office 365 Roles using powershell reading CSV file

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

Install-Module MSOnline $AzureAdCred = Get-Credential Connect-MsolService -Credential $AzureAdCred Get-MsolRole #Check all the roles $employee_list = Import-Csv 'C:\Temp\Role\OperationRole.csv' foreach ($employee in $employee_list) { $UserEmailAddress = $employee.Email Write-Host $UserEmailAddress Add-MsolRoleMember -RoleName 'Guest Inviter' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'User Account Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Helpdesk Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Service Support Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Directory Readers' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Exchange Service Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'SharePoint Service Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Lync Service Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Security Reader' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Reports Reader' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Message Center Reader' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Desktop Analytics Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'License Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Authentication Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Message Center Privacy Reader' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Compliance Data Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Global Reader' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Search Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Search Editor' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Password Administrator' -RoleMemberEmailAddress $UserEmailAddress Add-MsolRoleMember -RoleName 'Groups Administrator' -RoleMemberEmailAddress $UserEmailAddress }

How to remove Office 365 Global Admins reading from CSV file

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Install-Module MSOnline $AzureAdCred = Get-Credential Connect-MsolService -Credential $AzureAdCred $employee_list = Import-Csv 'C:\Temp\Role\OperationRole.csv' foreach ($employee in $employee_list) { $UserEmailAddress = $employee.Email Write-Host $UserEmailAddress Remove-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType User -RoleMemberEmailAddress $UserEmailAddress }

Check Get-CsOnlineUser users property

1 2 3 4 5

Import-Module SkypeOnlineConnector $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential Import-PSSession $sfbSession Get-CsOnlineUser -Identity "sip:sanjiv.kumar@test.com"

Grant-CsTeamsUpgradePolicy to teams only for bulk user from CSV file (upgrade MS teams from Island mode to Teams only)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

#http://hilite.me/ # Loop through all the records in the CSV Import-Module SkypeOnlineConnector $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential Import-PSSession $sfbSession $employee_list = Import-Csv 'C:\Temp\skypetoteams\phase1\Skype to Teams Phase-1 users.csv' $Datetime= Get-Date -Format dd_MM_yyyy_HH.mm.ss $LogFileName=([string]::Concat("C:\Temp\skypetoteams\phase1\Log_Skype to Teams Phase-1 users " , $Datetime ,".csv")) New-Item $LogFileName -ItemType file Add-Content $LogFileName -Value ([string]::Concat("User email" +","+ "Current Team upgrade policy")) Write-Host "Getting all user from csv.." foreach ($employee in $employee_list) { $employeeEmail= $employee.Email Write-Host $employeeEmail Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity $employeeEmail $userteampolicy = Get-CSOnlineUser -Identity $employeeEmail| Select TeamsUpgradeEffectiveMode Add-Content $LogFileName -Value ([string]::Concat($($employeeEmail) +","+ $($userteampolicy))) } Write-Host "Completed.."

Upgrade Microsoft Team policy

1 2 3 4 5

Import-Module SkypeOnlineConnector $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential Import-PSSession $sfbSession Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity sanjiv.kumar@test.com

Set DID numbers for Skype online /Teams users using powershell

1 2 3 4 5 6

Import-Module SkypeOnlineConnector $userCredential = Get-Credential $sfbSession = New-CsOnlineSession -Credential $userCredential Import-PSSession $sfbSession Set-CsOnlineVoiceApplicationInstance -Identity test@test.com -TelephoneNumber +9101156787 Get-CsOnlineTelephoneNumber -TelephoneNumber +9101156787

Office 365 B2B guest account creation with custom mail message

1 2 3 4 5 6 7 8 9 10 11 12 13

Install-Module AzureAD Import-Module AzureAD Connect-AzureAD $userName = 'Sanjiv Kumar' $messageInfo = New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo $messageInfo.customizedMessageBody = "Hi " + $userName +", Welcome to Testing Single Sign on Solution – the link enclosed on this email will allow you to access Testing Corporate Applications" New-AzureADMSInvitation -InvitedUserDisplayName 'Sanjiv kumar' -InvitedUserEmailAddress sanjiv.kumar@test.com -InvitedUserMessageInfo $messageInfo -InviteRedirectURL https://domainname.sharepoint.com/SitePages/Home.aspx -SendInvitationMessage $True

MFA enabled/disabled users from using Global access policy

Once the reports gets generated, Sort-out the reports based on the "MFA Methods" will provide the report for people registered with MFA or Not.

Get-msoluser -All | Select-Object @{N='UserPrincipalName';E={$_.UserPrincipalName}},

@{N='MFA Status';E={if ($_.StrongAuthenticationRequirements.State){$_.StrongAuthenticationRequirements.State} else {"Disabled"}}},

@{N='MFA Methods';E={$_.StrongAuthenticationMethods.methodtype}},

@{N='Auth Email';E={$_.StrongAuthenticationUserDetails.email}},

@{N='Auth Phone';E={$_.StrongAuthenticationUserDetails.PhoneNumber}},

@{N='Auth Device';E={$_.StrongAuthenticationPhoneAppDetails.DeviceName}},

@{N='Alternative Phone';E={$_.StrongAuthenticationUserDetails.AlternativePhoneNumber}},

@{N='Alternative Email';E={$_.AlternateEmailAddresses}} | Export-Csv -Path C:\Temp\MFA_Report.csv -NoTypeInformation

or 

Get-msoluser -All | Select-Object @{N='UserPrincipalName';E={$_.UserPrincipalName}},

@{N='MFA Status';E={if ($_.StrongAuthenticationRequirements.State){$_.StrongAuthenticationRequirements.State} else {"Disabled"}}},

@{N='MFA Methods';E={$_.StrongAuthenticationMethods.methodtype}},

@{N='Auth Email';E={$_.StrongAuthenticationUserDetails.email}},

@{N='Auth Phone';E={$_.StrongAuthenticationUserDetails.PhoneNumber}},

@{N='Auth Device';E={$_.StrongAuthenticationPhoneAppDetails.DeviceName}},

@{N='Alternative Phone';E={$_.StrongAuthenticationUserDetails.AlternativePhoneNumber}},

@{N='Alternative Email';E={$_.AlternateEmailAddresses}} | Out-GridView

Get and Set-AzureADUserExtension to find the users property

Guest B2 B account user does not has few extension property value like employeeId and others , understanding this , We need to use set command to push the value to guest account.

Set-AzureADUserExtension -ObjectId 0fc8c68a-9fb7-4ddd-ac3b-3d3c8bd26b2a -ExtensionName "employeeid" -ExtensionValue "1001" 

Get-AzureADUser -ObjectId fde1c840-25ac-4332-a47a-54a1f18a4463 | FL