Streamlining Teams administration with PowerShell and Dynamic Groups

[Pages:4]Streamlining Teams administration with PowerShell and Dynamic Groups

In this interactive guide, you will convert an Office 365 group from static membership to dynamic and use Windows PowerShell to assign a new App permission policy to all members of that Engineering group. You will and also use Windows PowerShell to create a private team and private channel.

Exercise 1: Change the Engineering group membership type to dynamic and add a dynamic query

Microsoft Teams supports teams associated with Office 365 groups using dynamic membership. Dynamic membership enables the membership of a team to be defined by one or more rules that check for certain user attributes in Azure Active Directory (Azure AD). Users are automatically added or removed to the correct teams as user attributes change or users join and leave the tenant. Since the Engineering department is rapidly growing, you need to change the configuration for the Engineering team to automatically add and remove members based on their department

1. In Microsoft Edge, click to place focus in the address bar, type and hit enter to navigate to the Azure Active Directory (AAD) admin center.

2. Sign in with the following credentials: o Type admin@ and hit enter or click Next o Type Password and hit enter or click Sign in o Click Yes to stay signed in.

3. In left navigation of the AAD admin center, select Azure Active Directory. 4. In the Contoso - Overview blade, under Manage, select Groups. 5. In the Groups -All groups blade, scroll down and select sg-Engineering. 6. In the sg-Engineering blade, under Manage, select Properties. 7. On the General settings page, select the Membership type menu and then

select Dynamic User. 8. In the sg-Engineering - Properties blade, on the General settings page, under Dynamic

user members, select Add dynamic query. 9. In the Dynamic membership rules blade, on the Configure Rules tab, select

the Property dropdown menu and then select department. 10. Select the Operator dropdown menu and then select Equals. 11. Click on the Add value text box below Value, then type Engineering and hit enter. 12. Click the Save button at the top of the Dynamic membership rules page. 13. In the sg-Engineering - Properties blade, click the Save button. 14. Review the text of the dialog explaining that the existing group membership may change

based on the rule provided and select Yes

Exercise 2: Assign the app permission policy to accounts in the Engineering department using Windows PowerShell

1. Click on the Windows PowerShell icon in the Windows TaskBar to open PowerShell.

Note: The Microsoft Azure Active Directory Preview, Skype for Business Online, and Microsoft Teams PowerShell modules have already been installed in this Guide.

2. In Windows PowerShell, enter the following and then press Enter: $Cred = Get-Credential

3.

In the Windows PowerShell credential request window, Sign in with the following

credentials

o Type admin@ and hit tab or click in the password field

o Type password and hit enter or click OK

4. Connect to Azure Active Directory. In Windows PowerShell, enter the following and then

press Enter: Connect-MsolService -Credential $Cred

5. Connect to Skype for Business Online. In Windows PowerShell, enter the following and

then press Enter: Import-PsSession $(New-CsOnlineSession -Credential $Cred) -AllowClobber

6. In Windows PowerShell, enter the following and then press Enter: Get-CsTeamsAppPermissionPolicy | fl Identity Review the output of the command and verify the Software Development app permission policy is listed.

7. In Windows PowerShell, enter the following and then press Enter: $AppPolicyName = "Software Development app permission policy"

8. In Windows PowerShell, enter the following and then press Enter: $GroupName = "sg-Engineering"

9. This command will identify the members of the Engineering group and then assign the

app permission policy to each member of the group. In Windows PowerShell, enter the

following and then press Enter. Get-MsolGroupMember -GroupObjectId (Get-MsolGroup | where {$_.DisplayName -eq $GroupName}).ObjectId | ForEach-Object {$Account = $_.DisplayName; $SipAddr=$_.EmailAddress; Write-Host "Processing $Account - $SipAddr"; GetCSOnlineUser $_.EmailAddress -ErrorAction SilentlyContinue | GrantCsTeamsAppPermissionPolicy -PolicyName $AppPolicyName}

10. In Windows PowerShell, enter the following and then press Enter: Get-CsOnlineUser | where {$_.TeamsAppPermissionPolicy -like "Software Development Group*"} | fl DisplayName,TeamsAppPermissionPolicy

Exercise 3: Create a new private team named 'Contoso Super Team' using Windows PowerShell

The Microsoft Teams PowerShell module allows you to manage the lifecycle of teams within your organization. As a Global Administrator or Teams Service Administrator, you can identify and

manage teams on behalf of your users, and make bulk updates to teams faster - including changing memberships or managing team settings.

1. In Windows PowerShell, scroll down to enter the following and then press Enter: $Cred = Get-Credential

2. In the Windows PowerShell credential request window, Sign in with the following credentials o Type admin@ and hit tab or click in the password field o Type password and hit enter or click OK

3. Create a remote PowerShell connection to Microsoft Teams. In Windows PowerShell, enter the following and then press Enter: Connect-MicrosoftTeams -Credential $Cred

Note: the Microsoft Teams PowerShell module has already been installed in this guide.

4. Create a new Private team using the New-Team cmdlet. In Windows PowerShell, enter the following and then press Enter: New-Team -DisplayName "Contoso Super Team" -Description "Special use team for the big project" -AllowGuestCreateUpdateChannels:$False AllowUserDeleteMessages:$False -Visibility Private

5. In Windows PowerShell, enter the following and then press Enter: Get-Team Review the output of the command and verify the new team is listed.

To learn more about installing the Teams PowerShell module, click here .

Exercise 4: Create a Private Channel in the Contoso Super team

As an administrator, you can now use Windows PowerShell to create and manage private channels on behalf of your users. Contoso would like to centralize creation of private channels, so you will neeed to assist in creating a private channel for the Contoso Super Team.

1. In Windows PowerShell, enter the following and press enter: $GroupId = (Get-Team -DisplayName "ContosoSuper Team").GroupId

2. Then enter the following and press enter to create the channel. : New-TeamChannel -MembershipType Private -GroupId $GroupId -DisplayName "Internal project review"

3. Verify the current membership of the private channel (at this point it should only be administrator) by entering the following and pressing enter: Get-TeamChannelUser -GroupId $GroupId -DisplayName "Internal project review"

To learn more about private channel lifecycle management using the Teams admin center, PowerShell, and the Microsoft Graph API click here.

Exercise 5: View new team and channel within the Teams web app

1. Click on the Microsoft Edge icon in the Windows taskbar, to open Edge, then switch to the tab corresponding to Microsoft Teams.

2. Locate Contoso Super Team in the left navigation, and find the Contoso Internal Review channel, noting the lock icon indicating it is a private channel. Click to open the ...(more options) menu

3.

In the menu, select Manage channel.

4. Review the current membership, which is currenly limited to the administrator account specified in PowerShell.

Conclusion

Congratulations on completing the Teams admin lab! You've used multiple different Microsoft management tools to deploy, configure and manage Microsoft Teams in your organization.

What you've learned

? Change the membership of a group to dynamic membership ? Use Windows PowerShell to assign policy to members of a group. ? Used Windows PowerShell to create a new private team, and manage private channels on

behalf of your users.

To continue your learning with Microsoft Teams we highly recommend navigating to aka.ms/TeamsonLearn

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download