Lab answer key: Managing Microsoft 365 with PowerShell
Exercise 1: Managing users and groups in Microsoft Entra ID
Task 1: Connect to Microsoft Entra ID
Microsoft Graph PowerShell works with PowerShell 7 and later. It’s also compatible with Windows PowerShell 5.1.
The following prerequisites are required to use the Microsoft Graph PowerShell SDK with Windows PowerShell.
- Upgrade to PowerShell 5.1 or later
The PowerShell script execution policy must be set to remote signed or less restrictive. Use Get-ExecutionPolicy to determine the current execution policy. For more information, see Install the Microsoft Graph PowerShell SDK.
-
On LON-CL1, select Start, and then enter Windows PowerShell.
-
In the results list, right-click Windows PowerShell or activate its context menu, and then select Run as administrator.
-
The PowerShell script execution policy must be set to remote signed or less restrictive, to set the execution policy, run the following command, and then type
A
and press the Enter key:Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
-
To install the Microsoft.Graph module, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key (when prompted for confirmation, type
Y
and press the Enter key again twice in a row):Install-Module Microsoft.Graph -Scope CurrentUser
-
After the installation is completed, you can verify the installed version with the following command:
Get-InstalledModule Microsoft.Graph
-
To connect to Microsoft.Graph, enter the following command, and then press the Enter key:
# Using interactive authentication for users, groups, teamsettings, RoleManagement. Connect-MgGraph -Scopes "User.ReadWrite.All", "Application.ReadWrite.All", "Sites.ReadWrite.All", "Directory.ReadWrite.All", "Group.ReadWrite.All", "RoleManagement.ReadWrite.Directory"
-
In the Sign in to your account window, enter the name of the user account with the Global Administrator role in the Microsoft Entra ID tenant you will be using in this lab, and then select Next.
-
At the Enter password prompt, enter your password, and then select Sign in.
-
To review a list of users in Microsoft Entra ID, enter the following command, and then press the Enter key:
Get-MgUser
Task 2: Create a new administrative user
-
To retrieve your organization’s verified domain, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key:
$verifiedDomain = (Get-MgOrganization).VerifiedDomains[0].Name
-
To create a password profile for the new user, enter the following command, and then press the Enter key:
$PasswordProfile = @{ "Password"="<password>"; "ForceChangePasswordNextSignIn"=$true }
Note: Identify an arbitrary but complex password that you want to use for a new user and record it since you will need it later in this lab. Make sure that the password is at least 8 characters-long, including a combination of lower case letters, upper case letters, digits, and at least one special character. In the next step, replace
<password>
with the password you decided to use. -
To create a new Microsoft Entra ID user, enter the following commands, and then press the Enter key:
New-MgUser -DisplayName "Noreen Riggs" -UserPrincipalName "Noreen@$verifiedDomain" -AccountEnabled -PasswordProfile $PasswordProfile -MailNickName "Noreen"
-
To store a reference to the new user in a variable, enter the following command, and then press the Enter key:
$user = Get-MgUser -UserId "Noreen@$verifiedDomain"
-
To store a reference to the Global Administrator role in a variable, enter the following command, and then press the Enter key:
$role = Get-MgDirectoryRole | Where {$_.displayName -eq 'Global Administrator'}
-
To assign the Global Administrator role to Noreen’s user account, enter the following command, and then press the Enter key:
$OdataId = "https://graph.microsoft.com/v1.0/directoryObjects/" + $user.id New-MgDirectoryRoleMemberByRef -DirectoryRoleId $role.id -OdataId $OdataId
-
To verify that the Global Administrator role was assigned to Noreen’s user account, enter the following command, and then press the Enter key:
Get-MgDirectoryRoleMember -DirectoryRoleId $role.id
-
In the output of the command, identify the UserPrincipalName attribute of Noreen’s user account and record it. You will need it in one of the later exercises of this lab.
Task 3: Create and license a new user
-
To create another Microsoft Entra user, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key:
New-MgUser -DisplayName "Allan Yoo" -UserPrincipalName Allan@$verifiedDomain -AccountEnabled -PasswordProfile $PasswordProfile -MailNickName "Allan"
-
To set the location property of the newly created user account, enter the following command, and then press the Enter key:
Update-MgUser -UserId Allan@$verifiedDomain -UsageLocation US
-
To review the available licenses in the tenant, enter the following command, and then press the Enter key:
Get-MgSubscribedSku | FL
-
To store the SKU ID for the intended license in a variable, enter the following command, and then press the Enter key:
$SkuId = (Get-MgSubscribedSku | Where-Object { $_.SkuPartNumber -eq "ENTERPRISEPREMIUM" }).SkuId
-
To create an AssignedLicense object, enter the following command, and then press the Enter key:
$License = New-Object -TypeName PSCustomObject -Property @{ DisabledPlans = @() SkuId = $SkuId }
-
To add the SKU ID to the license object, enter the following command, and then press the Enter key:
$License.SkuId = $SkuId
-
To create an AssignedLicenses object, enter the following command, and then press the Enter key:
$LicensesToAssign = @($License)
-
To add the AssignedLicense object to the AddLicenses property, enter the following command, and then press the Enter key:
$LicensesToAssign += $License
-
To configure Allan’s user object with the AssignedLicenses object, enter the following command, and then press the Enter key:
Set-MgUserLicense -UserId Allan@$verifiedDomain -AddLicenses @{SkuId = $SkuId} -RemoveLicenses @()
Task 4: Create and populate a group
-
To review the existing groups, enter the following command, and then press the Enter key:
Get-MgGroup
-
To create a new security group, enter the following command, and then press the Enter key:
New-MgGroup -DisplayName "Sales Security Group" -MailEnabled:$False -MailNickName "SalesSecurityGroup" -SecurityEnabled
-
To store a reference to Sales Security Group in a variable, enter the following command, and then press the Enter key:
$group = Get-MgGroup -ConsistencyLevel eventual -Count groupCount -Search '"DisplayName:Sales Security"'
-
To store a reference to Allan Yoo’s user account in a variable, enter the following command, and then press the Enter key:
$user = Get-MgUser -UserId Allan@$verifiedDomain
-
To add Allan Yoo’s user account to the Sales Security Group, enter the following command, and then press the Enter key:
New-MgGroupMember -GroupId $group.id -DirectoryObjectId $user.id
-
To verify that Allan Yoo’s user account is a member of the Sales Security Group, enter the following command, and then press the Enter key:
Get-MgGroupMember -GroupId $group.id
-
In the output of the command, identify the UserPrincipalName attribute of Allan’s user account and record it. You will need it in the next exercise.
Exercise 2: Managing Exchange Online
Task 1: Connect to Exchange Online
-
To install the ExchangeOnlineManagement module on LON-CL1, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key (when prompted for confirmation, enter
A
and press the Enter key again):Install-Module ExchangeOnlineManagement -force
-
To connect to Exchange Online, enter the following command, and then press the Enter key:
Connect-ExchangeOnline
-
In the Sign in to your account window, enter the name of the same user account you were using in the previous exercise of this lab, and then select Next.
-
At the Enter password prompt, enter your password, and then select Sign in.
-
To review a list of mailboxes in Exchange Online, enter the following command, and then press the Enter key:
Get-EXOMailbox
Task 2: Create a room mailbox
-
To create a new room mailbox, in the Windows PowerShell console, enter the following command, and then press the Enter key:
New-Mailbox -Room -Name BoardRoom
-
To configure the new room to accept meeting requests, enter the following command, and then press the Enter key:
Set-CalendarProcessing BoardRoom -AutomateProcessing AutoAccept
Task 3: Verify room resource booking
-
On LON-CL1, on the taskbar, select Microsoft Edge.
-
In Microsoft Edge, in the address bar, enter
https://outlook.office.com
, and then press the Enter key. -
Sign in as Allan Yoo by using the UserPrincipalName as the user name and providing the password you recorded in the previous exercise of this lab. When prompted, change your password as instructed. Be sure to record the password so that you can use it during subsequent exercises.
-
If prompted to stay signed in, select No.
-
From the menu bar, select Calendar, and then select New event.
-
In the Add a title box, enter Staff Meeting.
-
In the Invite attendees box, enter BoardRoom, select BoardRoom, select the first available time, and then select Send.
-
From the menu, select Mail.
-
Verify that Allan has received a response from BoardRoom that the meeting request was accepted.
-
Sign out from Allan’s user account.
-
Close Microsoft Edge.
Exercise 3: Managing SharePoint Online
Task 1: Connect to SharePoint Online
-
To install the SharePoint Online Management Shell, on LON-CL1, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key (when prompted for confirmation, enter
A
and press the Enter key again):Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser
-
To connect to SharePoint Online, enter the following commands, and then press the Enter key:
$verifiedDomainShort = $verifiedDomain.Split(".")[0] Connect-SPOService -Url "https://$verifiedDomainShort-admin.sharepoint.com"
-
When prompted, sign in as Noreen Riggs and change your password as instructed. Be sure to record the password so that you can use it during subsequent exercises.
-
To list the existing SharePoint Online sites, enter the following command, and then press the Enter key:
Get-SPOSite
Task 2: Create a new site
-
To review the available templates, in the Windows PowerShell console, enter the following command, and then press the Enter key:
Get-SPOWebTemplate
-
To create a new site, enter the following command, and then press the Enter key:
New-SPOSite -Url https://$verifiedDomainShort.sharepoint.com/sites/Sales -Owner noreen@$verifiedDomain -StorageQuota 256 -Template EHS#1 -NoWait
Note: Creating the site can take 10 minutes or longer. The -NoWait parameter performs this task asynchronously, so you don’t need to wait for its completion. If you intend to wait, you can verify the status of the SharePoint site by entering the following command, and then pressing the Enter key:
Get-SPOSite | FL Url,Status
-
To disconnect from SharePoint Online, enter the following command, and then press the Enter key:
Disconnect-SPOService
Exercise 4: Managing Microsoft Teams
Task 1: Connect to Microsoft Teams
-
To install the Microsoft Teams PowerShell Module, in the Administrator: Windows PowerShell console, enter the following command, and then press the Enter key (when prompted for confirmation, enter
A
and press the Enter key again):Install-Module -Name MicrosoftTeams -Force -AllowClobber
-
To connect to Microsoft Teams, enter the following command, and then press the Enter key:
Connect-MicrosoftTeams
-
In the Sign in to your account window, select the Use another account option, enter the name of the user account with the Global Administrator role in the Microsoft Entra ID tenant you were using in this lab, and then select Next.
-
To verify that there are no existing teams, enter the following command, and then press the Enter key:
Get-Team
Task 2: Create a new team
-
To create a Sales team, in the Windows PowerShell console, enter the following command, and then press the Enter key:
New-Team -DisplayName "Sales Team" -MailNickName "SalesTeam"
-
To place the team information in a variable, enter the following command, and then press the Enter key:
$team = Get-Team -DisplayName "Sales Team"
-
To review the information about your team, enter the following command, and then press the Enter key:
$team | FL
-
Review the information about the Sales Team. Notice that GroupId is a unique identifier.
-
To retrieve your organization’s verified domain, enter the following command, and then press the Enter key:
$verifiedDomain = (Get-MgOrganization).VerifiedDomains[0].Name
-
To add a user to the team, enter the following command, and then press the Enter key:
Add-TeamUser -GroupId $team.GroupId -User Allan@$verifiedDomain -Role Member
-
To review the team users, enter the following command, and then press the Enter key:
Get-TeamUser -GroupId $team.GroupId
Note: Notice that the user that created the team is an owner.
Task 3: Verify access to the team
-
On LON-CL1, on the taskbar, select Microsoft Edge.
-
In Microsoft Edge, in the address bar, enter
https://teams.microsoft.com
, and then press the Enter key. -
Sign in as Allan Yoo by using the UserPrincipalName as the user name and providing the password you changed earlier in this lab.
-
When prompted to stay signed in, select No.
-
Close the Bring your team together window, and then verify that Sales Team is listed.
-
Select New conversation, enter Prices are increasing 10% at month end, and then press the Enter key.
-
Close Microsoft Edge.