Get Teams Meeting Attendees via PowerShell and the Microsoft Graph

Here’s a handy way to get a list of attendees in Microsoft Teams using PowerShell. I have uploaded the script to do this here:

https://github.com/directorcia/Office365/blob/master/tms-attend-get.ps1

Before you run the script you’ll need to have the Graph PowerShell module installed.

image

You’ll also need to set some variable values for your own environment in the script. You can do this by locating $tenantid in the script as shown above, and setting that to your own tenant URL. Then find $meetingjoinurl and set that to the URL for that meeting. Finally, set $useremail to the email address of the user who created the meeting.

image

The meeting URL is the link people selected to join the meeting as shown above. You’ll also find it in the configuration for the meeting.

image

With all those settings updated, when you run the script it should look something like shown above. The script will connect to the Microsoft Graph with the scopes required to read the meeting details. You may be requested to login to the tenant and then potentially consent to these scopes during the connection phase. The required scopes are:

OnlineMeetingArtifact.Read.All
OnlineMeetings.Read

The script will get the GUID of the creator of the meeting from the email you specified followed by the meeting id from the meeting join link you specified, then the report id for that meeting and finally the report details for the meeting. It will then display the email address (if recorded) of attendees as shown above.

Of course, you can just download the CSV meeting report from the Teams page I know, but this process will be first step in eventually using Power Automate to get meeting attendees and send them an automatic follow up after the meeting. Stay tuned for details on that coming soon. This is simply proof of concept and a handy option if you do indeed just want to use PowerShell to get a list of meeting attendees.

Using the Defender for Endpoint API and PowerShell (Updated)

A while back I wrote this post:

Using the Defender for Endpoint API and PowerShell

Problem is, the script that I developed:

https://github.com/directorcia/Office365/blob/master/endpoint-api-svbm.ps1

now doesn’t seem to bring back any results!

image

It used the following API:

https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilitiesByMachine

which isn’t generating any data or any errors!

image

The above returned results shows a good status but the value of data is empty.

So for now I’ll have to assume that this API is unavailable. No fear I’ve developed a new script:

https://github.com/directorcia/Office365/blob/master/mde-vul-get.ps1

image

image

which will not only list out the vulnerabilities but also export to a CSV file.

image

That allows you to sort and filter the results any way you wish.

To get the script working you still need the following API permissions for your Azure AD App with the WindowsDefenderATP API:

Application permissions = Vulnerability.Read.All

Application permissions = Machine.Read.All, Machine.ReadWrite.All

like so:

image

You also need to ensure you change the Azure AD App information in the script to match your own:

image

If you want to export more information you should be able to easily modify the script which firstly get the machine info and then the vulnerabilities on each.

Hopefully, this give people what they need until the original API comes back on line.

Getting started automating Microsoft 365 administration with the Graph

https://www.youtube.com/watch?v=e1ypZGfifSQ

The Microsoft Graph is a unique and powerful way to administrate Microsoft 365. This session will provide you with a introduction to what the Microsoft Graph is, how to access it and how to use to improve the way you maybe currently administrating your customers environments. The session will also be jammed packed with live demonstrations and best practices for automating any Microsoft 365 environment. Save time, save money and save effort by viewing this session.

Inconsistent Intune PowerShell module results

If you run the command:

get-intuneconfigurationpolicy

you’d except to see all your Intune configuration policies displayed.

image

However, after connecting to the Microsoft Graph module you see that nothing is returned. My experience has also been receiving incomplete results using these commands.

image

What I have found is that using the Microsoft Graph directly by using commands like:

$uri = “https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/”

(Invoke-MSGraphRequest -Url $URI -HttpMethod GET).value

produces the desired results as shown above in the same environment.

So my tip is when working with Intune and Endpoint Manager with PowerShell is, use the Microsoft Grah directly to obtain and set the information you need.


Using PowerShell to create Teams from a CSV file

There was another Teams import from CSV PowerShell script that someone was working on and having issues with. That script was a bit old and used commands that had been changed in the Microsoft Teams PowerShell module since the script was created. So I have taken that script (unfortunately original source specifically unknown but credit noted) and modified it and uploaded to my Github repo here for all to use:

https://github.com/directorcia/Office365/blob/master/o365-tms-import.ps1

and the CSV file in the format required is here:

https://github.com/directorcia/Office365/blob/master/o365-tms-import.csv

image

Now that it is in my Github it is easy for me to update when and if required. I encourage you to also go in and have a look at the comments to understand what is going on.

In essence the script will import the data from CSV file and loop through all the entries creating a new Microsoft Team and then the channels specified in this Team as well as assign member and admin roles for you.

If you use the –debug command line parameter it will record a log file for you.

I have also added some error checking and improved output, as shown above, to give you a better idea of what is going on in each step.

I will note that when you assign member and admin permissions to the Team created via this script they seem to take  while to show up in the portal. So be patient, as they will appear. This isn’t a limitation of this script but just the refresh cycle of the portal.

There are some additional items I want to add but take a look and let me know what you’d like to see added or if I have made any errors that need fixing. Don’t forget to check back regularly for updates.

Checking Microsoft 365 Email Forwarding using PowerShell

A typical tactic after a business email compromise event is the creation of email forwarding rules using any one, or more, of these methods by an attacker:

Use rules in Outlook Web App to automatically forward messages to another account

Client rules

Sweep

It is therefore good practice to regularly check and verify the email forwarding rules inside your Microsoft 365 environment.

I have created a free PowerShell script exactly for this purpose, which you can find here:

Office365/o365-exo-fwd-chk.ps1 at master · directorcia/Office365 · GitHub

and the video:

https://www.youtube.com/watch?v=Oqk_yd6U3bk&t=16s

will provide a walk through of its execution.

Connect to Microsoft 365 using PowerShell

Once you have set up your PowerShell environment the next thing is to use it to connect to Microsoft 365 services like Exchange Online and Teams.

I have created several free automation scripts at:

https://github.com/directorcia

to make that process easy.

In this video, I’ll walk you through the steps of using what I have created to make it simple to connect to any Microsoft 365 service using PowerShell quickly and easily.

Here is a direct link to the video:

https://www.youtube.com/watch?v=c1PwAbzM8RI

Updating PowerShell for use with Microsoft 365

Keeping all your PowerShell modules up to date for Microsoft 365 is easy using the process in this video along with the free script I provide here:

https://github.com/directorcia/Office365/blob/master/o365-update.ps1

Simply use the script, with elevated privileges, and you can automatically update all the modules. If you then save the script locally, you can use an option to prompt you for each update if you wish.

Here is a direct link to video:

https://www.youtube.com/watch?v=p9rKHDM3-zI