Posh365
Install
Set-ExecutionPolicy RemoteSigned
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Install-Module Posh365 -ForceInstall without Admin Access
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Install-Module Posh365 -Force -Scope CurrentUserUpdate Posh365
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Install-Module Posh365 -Force
Import-Module Posh365 -ForceConnect
Connect-Cloud Connect to one or more services: Az, AzureAD, Compliance, Exo2, MSOnline, SharePoint & Teams. Credentials are locally encrypted for reuse - no need to reenter credentials the next time you need to connect.
Connect-Cloud -Tenant Contoso -EXO2 -MSOnline -AzureAD
Connect-Cloud -Tenant Contoso -EXO2 -MSOnline -AzureAD -GCCHIGH
Connect-Cloud -Tenant Contoso -EXO2 -MFA #when using MFA
Connect-Cloud -Tenant Contoso -Teams
Connect-Cloud -Tenant Contoso -Teams -GCCHIGH
Connect-Cloud -Tenant Contoso -AZ
Connect-Cloud -Tenant Contoso -AZ -GCCHIGH
Connect-Cloud -Tenant Contoso -SharePoint
Connect-Cloud -Tenant Contoso -Compliance
Connect-Cloud -Tenant Contoso -DeleteCreds #Deletes locally encrypted creds onlyNew-ExoCBAConnection Create reusable Exchange Online Certificate Based Authentication (CBA) connections
New-ExoCBAConnection -Tenant Contoso
Connect-Cloud -Tenant Contoso -EXOCBA
Connect-CloudMFA Same as Connect-Cloud but includes built-in password manager GUI
Connect-CloudMFA -Tenant Contoso -EXO2 -MSOnline -AzureAD -TeamsConnect-Exchange Connect to Exchange on-premises
Connect-Exchange -Server EXHybrid #Encrypts and reuses creds locally
Connect-Exchange -Server EXHybrid -DontViewEntireForest
Connect-Exchange -Server EXHybrid -DeleteExchangeCreds #Deletes locally encrypted creds onlyExport-GraphConfig Use a GUI to save/encrypt ClientID, TenantID, Secret, UserName & Password Connect-PoshGraph Use saved encrypted credentials to connnect to Graph and Azure APIs
Export-GraphConfig -Tenant Contoso
Connect-PoshGraph -Tenant ContosoDiscover Office 365
Get-DiscoveryOffice365 -Tenant Contoso -VerboseChoose all items & click OK Choose Connection type & click OK
First time running this? Let's install PowerShellGet2:
1. Run: Connect-Cloud -Tenant Contoso -EXO2 2. Sign in as Global Admin & restart powershell when prompted 3. Run: Get-DiscoveryOffice365 -Tenant Contoso -Verbose
Discover On-Premises
Requires RSAT
Get-DiscoveryOnPrem -Verbose1. Run: Get-Discovery -Verbose 2. Enter name of Exchange Server when prompted 3. Click link for Batches, copy/paste code on-premises 4. Click link for Permissions, copy/paste code on-premises 5. Add both documents to the root of SharePoint > Documents 6. Add BATCH01 to BatchName column in Batches.xlsx for pilot
| Document to add to SharePoint | Paste code on-premises (not EMS) |
|---|---|
| Batches.xlsx | https://bit.ly/corebatches |
| Permissions.xlsx | http://bit.ly/PermissionsScaled |
Migrate from Hybrid to Office 365
Note: Each command presents a GUI for selection and confirmation Connect to Exchange Online. Connect-Cloud -Tenant Contoso -EXO2
Analyze Permissions
Update-MailboxMovePermissionBatch GUI to analyze permissions of mailboxes from Batches.xlsx. Will output new Batches.xlsx to desktop. Can add to SharePoint as new Batches file.
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
}
Update-MailboxMovePermissionBatch @paramsMigrate
Test-MailboxMove Test migration readiness of the mailboxes from Batches.xlsx. Of each user to be migrated, reports PASS or FAIL overall and individual on the following tests:
- Verifies each smtp address domain is an accepted domain
- Verifies mail user exists in Exchange Online
- Verifies mailbox does not exist in Exchange Online
- Verifies mail user is DirSynced
- Verifies UserMailboxes accounts are not disabled
- Verifies Routing Address is valid
- Verifies UserPrincipalName matches PrimarySmtpAddress (Use -SkipUpnMatchSmtpTest to skip this test)
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
}
Test-MailboxMove @paramsNew-MailboxMove Creates new move requests. Example uses batches file in SP site named "migrate". Use links in Discovery On-Premises to create Batches and Permissions files [ Link ]
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
RemoteHost = 'hybrid.contoso.com'
Tenant = 'contoso'
}
New-MailboxMove @params# For GCC/GCCHIGH tenants: use full tenant address as shown below:
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
RemoteHost = 'hybrid.contoso.com'
Tenant = 'contoso.mail.onmicrosoft.us'
}
New-MailboxMove @paramsSet-MailboxMove Set move requests
Set-MailboxMove -BadItemLimit 300 -LargeItemLimit 400Suspend-MailboxMove Suspends move requests
Suspend-MailboxMoveResume-MailboxMove Resumes move requests
Resume-MailboxMove
Resume-MailboxMove -DontAutoCompleteRemove-MailboxMove Removes move requests
Remove-MailboxMoveComplete-MailboxMove Complete move requests
Complete-MailboxMove
Complete-MailboxMove -Schedule #GUI presented to pick time, date, and usersReport on Migration
Get-MailboxMoveStatistics Gets move request statistics for any or all move requests. Multi-select or select all, click OK
Get-MailboxMoveStatistics
Get-MailboxMoveStatistics -IncludeCompletedGet-MailboxMoveReport Gets full move request report - from present to past. The way it should be
Get-MailboxMoveReportLicense
Set-MailboxMoveLicense GUI to license users via AzureAD
Connect to AzureAD Connect-Cloud -Tenant Contoso -AzureAD
Set-MailboxMoveLicense
Set-MailboxMoveLicense -MailboxCSV .\UserPrincipalName.csv
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
}
Set-MailboxMoveLicense @paramsGet-MailboxMoveLicense Reports on user license Skus via AzureAD
Get-MailboxMoveLicense
Get-MailboxMoveLicense -OneSkuPerLine
Get-MailboxMoveLicense -OneSkuPerLine -ExportToExcel # file saved in Posh365 folder on desktop
Get-MailboxMoveLicense -IncludeRecipientType # Connect to EXO2
$params = @{
SharePointURL = 'https://contoso.sharepoint.com/sites/migrate'
ExcelFile = 'Batches.xlsx'
}
Get-MailboxMoveLicense @paramsGet-MailboxMoveLicenseCount Reports on a tenant's consumed and total skus and options
Get-MailboxMoveLicenseCountGet-MailboxMoveLicenseReport Reports on each user's assigned skus and options, csv and excel output
Get-MailboxMoveLicenseReport -Path C:\temp\Mail Flow
Message Trace
Trace-Message GUI to trace Exchange Online messages. Select messages & click OK for trace details
Trace-Message # all messages from past 15 minutes
Trace-Message -StartSearchHoursAgo 6.3 -EndSearchHoursAgo 5 -Subject 'From the CEO'
Trace-Message -StartSearchHoursAgo 10 -Sender jane@Contoso.com
Trace-Message -Sender jane@Contoso.com -Recipient emily@Contoso.comTrace-ExchangeMessage GUI to trace on-premises messages. Select messages & click OK for messageID details
Trace-ExchangeMessage # all messages from past 15 minutes
Trace-ExchangeMessage -StartSearchHoursAgo 10 -ExportToCsv
Trace-ExchangeMessage -StartSearchHoursAgo 10 -ExportToExcel -SkipHealthMessagesAdministration
Managed Folder Assistant
Get-MfaStats Return Managed Folder Assistant statistics as an object. Switch to start the MFA too
'jane@Contoso.com' | Get-MfaStats
'jane@Contoso.com' | Get-MfaStats -StartMFA
(Import-CSV .\mailboxes.csv).UserPrincipalName | Get-MfaStats
(Import-CSV .\mailboxes.csv).UserPrincipalName | Get-MfaStats -StartMFA
(Get-EXOMailbox -Properties Office -Filter "Office -eq 'Redmond'").UserPrincipalName | Get-MfaStats
(Get-EXOMailbox -Properties Office -Filter "Office -eq 'Redmond'").UserPrincipalName | Get-MfaStats -StartMFANetworking
Office365 Endpoints
Get-OfficeEndpoints URLs and IPs, initial and "changes since", CSV and Excel output (click to enlarge)
