NOTICE: it is easier to use Device Configuration Scripts now that this feature has been released in Intune.
A second case, comparable to EMS case: distributing Office templates and macro’s to your users on Windows 10 mobile managed Azure AD Joined devices.
In this case I will show you how to package and distribute a Powershell script (OnedriveMapper in this case) through Intune to MDM enrolled Windows 10 devices.
My current customer had a little dabble in Office 365, they set up their Hybrid configuration and added their @xxx.onmicrosoft.com email alias to all their users and groups. This mostly happens automatically.
They then later decided to go with a new, different Office 365 tenant for production purposes, the old tenant was dismantled and the AADConnect server was deleted.
However, all AD objects still had their alias for the old Office 365 tenant, syncing that to the new tenant would be a bad idea and I cleaned that up just to be sure it wouldn’t cause trouble in the future, here’s how I did that:
O365GroupSync is a tool that I am building for a large global NGO, because AADConnect creates Read-Only objects in Office 365.
Read-Only objects cannot be edited in Office 365, thus users are unable to edit distribution lists in Office 365’s Outlook Web Accress (OWA) even if they are managers of said lists.
O365GroupSync was built to take over the synchronisation and initial seeding of all distribution lists, both ways, to allow users to edit distribution lists while in a hybrid Office 365 Exchange Online scenario, both on premises and in the cloud.
This beta version has been tested, but is not yet running in any production environments.
Get it here
One thing that annoys me in Powershell is it’s tendency to automatically cast arrays with 1 object to a normal object, thus you can’t do $array[0] anymore or use .Count (unless using PS v3+).
You can’t really ensure your methods/functions always return a proper array, they might be empty or they might have been converted to an object. Here’s how to force anything into an array, always, and to make sure there are no ’empty’ objects that mess up the array’s count property:
[Array]$result = @(myFunctionCall | where {$_})
[Array] and @() make sure that $result becomes an array, while | where {$_} ensures that there are no empty values 🙂
As, generally, we want to know what goes on in our environment, I like to enable Auditing wherever I can. Sharepoint is a more and more important resource where we store our data. Auditing can be very useful if files dissapear, auditors need specific information, or worse, cryptolockers rename all your files.
As setting audit logging through the interface is well documented, I wanted to share the Powershell way of doing this, assuming you’ve already installed the Sharepoint Client Components:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") | Out-Null
$Context = New-Object Microsoft.SharePoint.Client.ClientContext("INSERT YOUR SITE URL HERE")
$secPassword = ConvertTo-SecureString "YOUR PASSWORD" -AsPlainText -force
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials("YOUR LOGIN",$secpassword)
$Context.RequestTimeout = 16384000
$Context.Credentials = $Credentials
$Context.Load($Context.Web)
$Context.Load($Context.Site)
$Context.ExecuteQuery()
#set audit logging for the site collection to ALL
$Context.Site.Audit.AuditFlags = "All"
$Context.Site.Audit.Update()
$Context.ExecuteQuery()