Use PowerShell to get site storage usage

One of the challenges for IT Pros when managing the online collaboration world of SharePoint Online and OneDrive for Business in Microsoft 365, is getting a quick overview of things like storage usage across their environment. In the gold ol’ days you’d just using Windows Explorer or something similar, but in the Microsoft 365 world these tools are not ‘online’ aware.

Thankfully, it is PowerShell to the rescue here again! What you can do is is basically grab all the SharePoint and OneDrive for Business Sites and look at a property called StorageUsageCurrent. Thus,

$sposites=get-sposite
$sposites.storageusagecurrent

will firstly get all the SharePoint sites and then display the storage usage of each in MB. However, that is a bit basic. What you really want is something like this:

image

for you SharePoint sites and and a separate group for your OneDrive for Business sites like this:

image

You might also notice that they are also sorted in descending order, from largest to smallest.

The good news is that I have done all that hard work for you and made the script available in my GitHub repo here:

https://github.com/directorcia/Office365/blob/master/o365-spo-getusage.ps1

The only thing that you need to do before running the script is to connect to SharePoint Online using PowerShell as an administrator.

Don’t forget there are also plenty of other handy scripts in my GitHub repo which get updated regularly. So, make your admin life easier and use what I have already created rather than re-inventing the wheel.

Creating unique file permissions with Teams

Microsoft Teams is a really easy way to share files with others. However, the modern concept with Microsoft Teams is that once you are part of the Team then you have the same rights as everyone else. This generally means that all Team members have the ability to read, write, modify and potentially delete files. This is common across all channels in the Team.

One thing that you really don’t want to do is go into the SharePoint back end of the Teams files and modify the default permissions. If you do, you’ll cause a whole lot of problems. We are expecting private channels in Teams very soon but here’s an easy way to overcome the default common sharing options in Teams by creating a separate area with unique permissions and linking that back into the Team.

image

Firstly navigate to your Team.

image

Select the Files tab to the right of Conversations to see all the files for that channel as shown above. These are common files that all Team members have the same rights to.

Select the Open in SharePoint option as shown above.

image

This will take you to the location of those channel files in SharePoint as shown above. This location is typically a subfolder with the name of the channel (here General), in a Document Library called Documents

You will need appropriate permissions to complete the process from here. So you will need to be an admin of the Team or a SharePoint Site owner.

image

In the top right of the screen select the COG then Add an app from the menu that appears as shown.

image

Typically, you’ll select to a new Document Library and give it a name.

image

In this case, a new Document Library called Final Presentations has been created as shown.

image

Once you are at this new location, select the COG again in the top right and this time select Library settings as shown.

image

Select the second option from the second column at the top of the page called Permissions for this document library.

image

Now it is just good ol’ SharePoint permissions configuration.

Typically, you firstly select Stop Inheriting Permissions.

image

In this case, Sales members will be changed from Edit to Read permissions by selecting that group and then the Edit User Permissions button. However, you can configure whatever permissions suit your needs.

image

Make sure you select OK after you have made you changes.

image

Once you have completed the require permissions, you need to return to the Team and link this new location there.

image

Inside the Team, select the channel in which you wish this new location to be linked and select the + icon on the right as shown.

image

From the dialog that appears, select Document Library as shown.

image

You can either navigate or input a direct link here. In this case the destination site, Sales, is selected.

image

You should then see the new location you created (here Final Presentations). Select this and then the Next button.

image

Give the new tab a name, which can be different from the location if you wish, and press Save.

image

You should now see the location you created and any files in there as shown above. These items have permissions governed by those set previously in SharePoint but now they are also displayed and accessible in Teams. The great thing is you can link this new location in multiple places and you can link from locations not even in the current Team. As long as users have permissions, they can see and interact with those files based on those permissions.

Hopefully, that is an easy way to create locations for file with unique permissions but still have them accessible for users via Teams.

Need to Know podcast–Episode 211

Where’s Brenton? Share your thoughts here – http://bit.ly/whereisbj

Microsoft has rolled back it’s recent planned partner changes. we have some new Intune security baseline policies to try (and troubleshoot) and Teams leads Slack in user numbers. I speak with Marc Kean to get the low down on what Azure storage is all about. All this and a lot more on this episode.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-211-azure-storage/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Updates to partner program (again)

Microsoft Intune announces security baselines

Exchange Online PowerShell WinRM issue

What is Azure Lighthouse?

Without-enrollment and Outlook for iOS and Android

Teams reaches 13 million active users

Planner and To-Do integration

New PowerApps and Flow licensing

Azure storage

Azure File Sync

CIAOPS Techwerks 8–Adelaide October 24

bw-car-vehicle

I am happy to announce that Techwerks 8 will be held in Adelaide on Thursday the 24th of October. The course is limited to 15 people and you can sign up and reserve your place now! You reserve a place by completing this form:

http://bit.ly/ciaopsroi

or  sending me an email (director@ciaops.com) expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. A special part of this event will be sessions by MVP Amy Babinchak as well as some other surprise guests.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:




























Patron Level Price Inc GST
Gold Enterprise Free
Gold $ 33
Silver $ 99
Bronze $ 176
Non Patron $ 399


The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Adelaide on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) or complete the form:

http://bit.ly/ciaopsroi

and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.

Need to Know podcast–Episode 210

Brenton speaks with global Azure black belt Sarah Young about the new Azure Sentinel service. Of course we also update you on all the happenings in the Microsoft Cloud and there has been plenty of late, so listen along to get all the latest and learn about Azure Sentinel.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-210-sarah-young/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Sarah Young

@contactbrenton

@directorcia

Faster, with a modern design, and new features – the new Outlook on the web is here

Tracking failed logins with Cloud App Security

New Azure discount for CSP partners to come live in October

OneDrive Roundup – June 2019

Announcing question and answer in Yammer

First Microsoft Cloud regions in the Middle East now available

Step 10. Detect and investigate security incidents: top 10 actions to secure your environment

All 10 steps

Upload Bitlocker keys to Azure AD

Bitlocker is the Microsoft technology that allows you to full encrypt your Windows PC hard disk. This is a good thing as it provides additional security and protection for that device, especially if that device ever gets lost or stolen. Typically, Bitlocker will use the Trusted Platform Module (TPM) chip on your PC to provide the encryption key for BitLocker. This means that the user doesn’t have to type in a password to unlock their drive for use. Now having an automatically managed key raises a question, what happens if you actually need that key? If everything is automated and I never see the key how can I get access to it if needed? If, say, the original PC died and I wanted to recover the original encrypted drive how would I recover? To do that, you’d need the encryption key.

You can manually backup you BitLocker Recovery key to a file or USB drive however, if your device is Azure AD joined then that Recovery Key should be saved directly into Azure AD. Here’s how you check this.

SNAGHTML1d8570c5

If you are using something Microsoft 365 Business and Intune navigate to Intune inside the Azure portal. Select Devices.

image

Select All Devices.

image

Select the PC in question from the list.

image

Now select the Recovery keys option.

image

On the right you should see the Recovery keys listed. You’ll note here that I don’t see the expected BitLocker Key.

image

If you don’t see the Recovery Key for your device go to that device and open BitLocker management on your PC. Select the option to Back up your recovery key as shown.

image

Then select the option to Save to your cloud account as shown. This should then upload the Recovery Key to Azure AD, provided you have an Azure AD joined machine first of course.

image

If you return to the device in Intune and refresh the display, you should now see the Recovery key for you device as shown above.

image

If you do not have access to the Intune portal, perhaps because you are not an administrator, simply navigate to:

https://account.activedirectory.windowsazure.com

and login with your Microsoft 365/Office 365 credentials and view your profile. You should then see any registered device plus the option to get the BitLocker keys as shown. Remember BitLocker is for Windows devices, not iOS or Android.

Even though Azure AD joined machines should save BitLocker keys automatically, I’d suggest you go and have a look and make sure that they are indeed actually there! Best be sure I say.

Tracking failed logins using Cloud App Security

Previously, I have said that Office365/Microsoft Cloud App Security is

A great security add on for Microsoft 365

I’ve also detailed the differences in the plans here:

Cloud App Discovery/Security

What many people want to know more information about is failed logins to their tenant, so Cloud App Security to the rescue!

image

Start by navigating to the Cloud App Security Activity log as shown above. Then select the Advanced option in the top right as shown.

image

Doing so should reveal the ability to define filters as show above.

I’d also recommend that you go and define a “safe” range of IP addresses like I have detailed here:

Define an IP range in Cloud App Security

In my case I have defined some known safe IP’s as “Corporate”.

image

So the first line of my query basically excludes any of these known IP addresses in the results. That is, I’m looking for failed logins outside my corporate environment. This will generally exclude average users failing to login to their accounts inside my environment, which happens a lot. The idea with this is simply to reduce the noise of lots of alerts, but if you want to know about all failed logins to your tenant, just exclude this condition.

image

The second part of the filter is to show activities that equal ‘Failed log on’ as shown. You can customise this further if you want to make it more granular, but for now let’s track any failed login to the tenant.

image

So the final query should look like the above.

image

You should be not surprised to see the number of results you get as shown above. In my case, there are failed logins from the US, China, Russia, Italy, etc.

Now of course, I can drill into each item for more details but what I really want is a way for me to be alerted about these when they happen. Cloud App Security to the rescue again.

image

At the top of the results you should find a button as shown that says New policy from search, which you should select.

image

You should now see a page like shown above where you can define your policy. You’ll need to give it a name and description. You may want to increase the severity or change the category to suit. You can also select between single or repeated activity.

image

Now if you want an email alert then you’ll need to select the option Send alert as email and put in your email address as shown above. You may also want to change the Daily alert limit to suit your needs.

When you have completed the configuration, scroll to the bottom of the page and select the Create button.

image

You should now see that policy in the list in your tenant as shown above.

Cloud App Security is a really powerful tool that I believe is a must have for every Microsoft 365 tenant, because not only can you create your own custom queries but you can also convert those into alerts as I have shown.

MVP for 2019-20

MVP_Logo_Horizontal_Preferred_Cyan300_RGB_300ppi

I’m proud to say that Microsoft has graciously awarded me as a Most Valued Professional (MVP) for 2019 in the Office Servers and Services category. This makes it now eight awards in a row for me, which is very special and honouring. I thank Microsoft for this special award and acknowledge the responsibilities it entails.

However, this award is not possible without members of the community out there who take the time to do things like read my blog, watch my YouTube channel, attend events where I speak and more. Thanks everyone.

I’m committed to continuing to provide more information and insight into the fantastic products and services Microsoft creates. I can’t wait each day to see what new stuff Microsoft has brought us and how it can be implemented for users. With the rapid development rate in the cloud I am always amazed at all the new stuff that becomes available but it is really great to have that challenge of staying current.

Having attended my first MVP Summit this  year I’m looking forward to next year’s one so I can again visit Redmond and learn from Microsoft and fellow MVPs. Being an MVP is being part of a unique community of very dedicated and smart people who truly love to share their knowledge. I aim to live up to the example they set and continue to improve and grow. I congratulate all those who were also awarded for this year and look forward to seeing you at the MVP Summit in 2020.

But again, I thank Microsoft for this honour and will work hard to live up top the expectations it sets again for 2019-20 so I can make it nine years ins 2020!