EntraID, M365Permissions, Microsoft Teams, OneDrive for Business, Powershell, Security, Sharepoint Online

M365Permissions Module

06/11/2024 JosL Leave a comment

Let’s be honest, the TeamPermissions module ‘s name has quickly lost touch with what it does (already doing Sharepoint and Onedrive as well).

Adding the overwhelming number of positive reactions and rapid adoption, I want to add even more features:

Scanning EntraID roles
Scanning Exchange roles
Scanning Mailbox permissions
Change detection (between scans)
Scanning Azure RM roles
Scanning PowerBI roles
SPN based scanning

So I’ve decided to rename it to M365Permissions!

Obviously it’ll take a lot of time/work to get above coded up and tested.

But for now I can already give you the M365Permissions PowerShell module, which includes:

EntraID roles (permanent and eligible)
Lots of bug fixes
Performance improvements (especially with lots of small sites)
Everything the TeamPermissions module did

Please give it a spin and let me know what other features you’d like to see!

TeamPermissions v1.1.2

31/10/2024 JosL 5 Comments

This version comes with the following updates:

vastly increased scan speed for larger libraries (+/- 20k items/minute)
Statistics improvement (all objects vs unique objects)
show hidden permissions that force-inherit (such as site owner)
bug fixes

For more info, check the TeamPermissions module page, Github or PSGallery

Automation, Identity, Microsoft Teams, Office 365, Security, Sharepoint Online, TeamPermissions

TeamPermissions v1.1.1

29/10/2024 JosL Leave a comment

This version comes with the following updates:

handle deleted groups
ability to run for ALL sites in a tenant using the new get-AllPermissions command
ability to hide the auditor from the log
Fix a bug with certain guest user types showing as deleted

For more info, check the TeamPermissions module page, Github or PSGallery

Automation, Identity, Microsoft Teams, Powershell

Locally detecting a user’s sign in to Microsoft Teams

15/10/2024 JosL Leave a comment

A customer wanted to see when/if users were doing their first sign in to MS Teams (on new devices), and if this was against their tenant. Mostly untested but for the world since I couldn’t google it:

function checkTeams(){
    $teamsLogPath = Join-Path $($env:LOCALAPPDATA) "packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\ecs_request_param.json"
    if((Test-Path $teamsLogPath)){
        $state = Get-Content $teamsLogPath | ConvertFrom-JSON
        if($state -and $state.tenantId -eq "YOUR TENANT GUID"){
            return $true
        }else{
            return $false
        }
    }else{
        return $false
    }    
}

EntraID, Microsoft Teams, Powershell, Security

Get-CsTeamsMeetingPolicy: Invalid credential Provide valid credential.

07/10/2024 JosL Leave a comment

For those googling, above error happened for us when trying to use application-based authentication for the MS Teams PowerShell commandlets.

We followed the instructions but kept getting Invalid credential Provide valid credential whenever calling a cmdlet, while the connect-microsoftteams command worked fine with the -accesstokens param.

Turns out, when you assign application level permissions to your service principal on top of the delegated permissions, the SPN is not authorized for all subsequent cmdlet calls :O

Liebensraum

M365Permissions Module

TeamPermissions v1.1.2

TeamPermissions v1.1.1

Locally detecting a user’s sign in to Microsoft Teams

Get-CsTeamsMeetingPolicy: Invalid credential Provide valid credential.

Microsoft 365, Azure, Automation & Code