Created
March 18, 2023 12:29
-
-
Save drtomasso/2199dcc60ba58aa80a7b784fa6bc2e7c to your computer and use it in GitHub Desktop.
Retrieve and Update Microsoft Teams and Channels Information: A set of two PowerShell scripts to retrieve Microsoft Teams and channels information, including SharePoint site URLs, visibility, sensitivity labels, and owners' user principal names. The first script (PowerShell 7) fetches the initial data, while the second script (PowerShell 5) upda…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script retrieves information about Microsoft Teams and their channels, including | |
| SharePoint site URLs, visibility, sensitivity labels, and owners' user principal names. | |
| .DESCRIPTION | |
| The script authenticates using MSAL.PS and retrieves data from the Microsoft Graph API. | |
| It exports the data to a CSV file for further processing. Sensitivity labels are not | |
| retrieved in this script due to limitations in PowerShell 7 and MSAL.PS. | |
| .AUTHOR | |
| Tomas Kirkegaard | |
| .PERMISSIONS | |
| Application permissions are needed for this script. Ensure that the following | |
| permissions are granted in the Azure portal for the app registration: | |
| - Group.Read.All (Microsoft Graph) | |
| - Sites.Read.All (Microsoft Graph) | |
| - User.Read.All (Microsoft Graph) | |
| - Directory.Read.All (Microsoft Graph) | |
| The application permissions require admin consent. | |
| .APP REGISTRATION | |
| 1. Sign in to the Azure portal (https://portal.azure.com). | |
| 2. Navigate to "Azure Active Directory" > "App registrations" > "New registration". | |
| 3. Enter a name for the app, select "Accounts in this organizational directory only", | |
| and click "Register". | |
| 4. Copy the "Application (client) ID" and "Directory (tenant) ID" for later use. | |
| 5. Navigate to "API permissions" > "Add a permission" > "Microsoft Graph". | |
| 6. Select "Application permissions" and add the required permissions listed above. | |
| 7. Click "Grant admin consent for [your organization]" to grant the necessary permissions. | |
| 8. Navigate to "Certificates & secrets" > "New client secret" to create a new secret. | |
| Copy the generated secret value for later use. | |
| .PARAMETERS | |
| -ClientId | |
| Replace YOUR_CLIENT_ID with the "Application (client) ID" obtained from the app registration. | |
| -ClientSecret | |
| Replace YOUR_CLIENT_SECRET with the "Client secret" obtained from the app registration. | |
| -TenantId | |
| Replace YOUR_TENANT_ID with the "Directory (tenant) ID" obtained from the app registration. | |
| .EXAMPLE | |
| .\Get-TeamsAndChannels.ps1 | |
| #> | |
| # Check for the correct PowerShell version (7) | |
| if ($PSVersionTable.PSVersion.Major -ne 7) { | |
| Write-Host "This script requires PowerShell 7. Please run the script with PowerShell 7." -ForegroundColor Red | |
| exit | |
| } | |
| # Load the MSAL.PS module | |
| Import-Module MSAL.PS | |
| # Set up Microsoft Graph API and authentication variables | |
| $clientId = "YOUR_CLIENT_ID" | |
| $clientSecretPlainText = "YOUR_CLIENT_SECRET" | |
| $tenantId = "YOUR_TENANT_ID" | |
| $scope = "https://graph.microsoft.com/.default" | |
| #Function to get Sensitivity Label | |
| function Get-SharePointSiteSensitivityLabel ($siteUrl) { | |
| $contextInfoUri = "$($siteUrl)_api/contextinfo" | |
| $contextInfo = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $contextInfoUri -Method Post) | |
| $formDigestValue = $contextInfo.FormDigestValue | |
| $webInfoUri = "$($siteUrl)_api/web" | |
| $headers = @{ | |
| Authorization = "Bearer $($accessToken)" | |
| "X-RequestDigest" = $formDigestValue | |
| } | |
| $webInfo = (Invoke-RestMethod -Headers $headers -Uri $webInfoUri -Method Get) | |
| return $webInfo.SensitivityLabelDisplayName | |
| } | |
| # Convert client secret to SecureString | |
| $clientSecret = $clientSecretPlainText | ConvertTo-SecureString -AsPlainText -Force | |
| # Authenticate with Microsoft Graph API | |
| $authResult = Get-MsalToken -ClientId $clientId -ClientSecret $clientSecret -TenantId $tenantId -Scope $scope | |
| # Check if the authentication was successful | |
| if ($null -ne $authResult) { | |
| $accessToken = $authResult.AccessToken | |
| } | |
| else { | |
| Write-Host "Authentication failed" | |
| exit | |
| } | |
| # Define the base URI for Microsoft Graph API requests | |
| $graphApiBaseUri = "https://graph.microsoft.com/v1.0/" | |
| # Get all groups with a resourceProvisioningOptions value of 'Team' | |
| $groupsUri = $graphApiBaseUri + "groups?`$filter=resourceProvisioningOptions/Any(x:x eq 'Team')" | |
| $groups = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $groupsUri -Method Get).value | |
| $csvOutputFile = "TeamsAndChannels.csv" | |
| # Empty the CSV file before adding content | |
| if (Test-Path $csvOutputFile) { | |
| Remove-Item $csvOutputFile | |
| } | |
| # Create the CSV header | |
| $header = "Team Name,Channel Name,SharePoint Site URL,Visibility,Sensitivity Label,Owners User Principal Name" | |
| Add-Content -Path $csvOutputFile -Value $header | |
| # Loop through each group and get their SharePoint site URL | |
| foreach ($group in $groups) { | |
| # Check if the group is a Team | |
| if ($group.resourceProvisioningOptions -contains 'Team') { | |
| $teamName = $group.displayName | |
| # Get SharePoint site URL | |
| $siteUri = $graphApiBaseUri + "groups/$($group.id)/sites/root/webUrl" | |
| $siteUrl = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $siteUri -Method Get).value | |
| # Set team sensitivity label to None, this will be updated in second script | |
| $sensitivityLabel = "None" | |
| # Get team owners | |
| $ownersUri = $graphApiBaseUri + "groups/$($group.id)/owners" | |
| $ownerIds = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $ownersUri -Method Get).value | |
| $ownersUserPrincipalNames = @() | |
| foreach ($ownerId in $ownerIds) { | |
| $ownerDetailsUri = $graphApiBaseUri + "users/$($ownerId.id)" | |
| $ownerDetails = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $ownerDetailsUri -Method Get) | |
| $ownersUserPrincipalNames += $ownerDetails.userPrincipalName | |
| } | |
| $ownersList = $ownersUserPrincipalNames -join ";" | |
| # Get team channels | |
| $channelsUri = $graphApiBaseUri + "teams/$($group.id)/channels" | |
| $channels = (Invoke-RestMethod -Headers @{Authorization = "Bearer $($accessToken)"} -Uri $channelsUri -Method Get).value | |
| foreach ($channel in $channels) { | |
| $channelName = $channel.displayName | |
| # Get visibility (public/private) | |
| $visibility = $channel.membershipType | |
| # Set channel sensitivity label to None, this will be updated in second script | |
| $channelSensitivityLabel = $sensitivityLabel | |
| # Add row to CSV | |
| $row = "$teamName,$channelName,$siteUrl,$visibility,$channelSensitivityLabel,$ownersList" | |
| Add-Content -Path $csvOutputFile -Value $row | |
| } | |
| } | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script reads the CSV file generated by the first script and retrieves sensitivity | |
| labels for SharePoint sites and channels using Connect-SPOService and Connect-IPPSSession | |
| in PowerShell 5. | |
| .DESCRIPTION | |
| The script connects to SharePoint Online and Microsoft 365 Compliance Center to | |
| retrieve sensitivity label information. It updates the CSV file with the | |
| sensitivity label names. | |
| .AUTHOR | |
| Tomas Kirkegaard | |
| .PARAMETERS | |
| -Url | |
| Replace YOUR_SHAREPOINT_ADMIN_URL with your SharePoint admin URL. | |
| -UserPrincipalName | |
| Replace YOUR_USER_PRINCIPAL_NAME with your user principal name for | |
| connecting to the Microsoft 365 Compliance Center. | |
| .NOTES | |
| Required permissions: | |
| - SharePoint Online Management Shell | |
| - Security & Compliance Center PowerShell | |
| .EXAMPLE | |
| .\Update-TeamsAndChannels.ps1 | |
| #> | |
| # Check for the correct PowerShell version (5) | |
| if ($PSVersionTable.PSVersion.Major -ne 5) { | |
| Write-Host "This script requires PowerShell 5. Please run the script with PowerShell 5." -ForegroundColor Red | |
| exit | |
| } | |
| # Connect to SharePoint Online | |
| Connect-SPOService -Url "YOUR_SHAREPOINT_ADMIN_URL" | |
| # Connect to Microsoft 365 Compliance Center | |
| Connect-IPPSSession -UserPrincipalName "YOUR_USER_PRINCIPAL_NAME" | |
| # Define the path of the CSV file | |
| $csvPath = "TeamsAndChannels.csv" | |
| # Load the CSV file | |
| $teamsAndChannels = Import-Csv -Path $csvPath | |
| # Loop through each row in the CSV file | |
| foreach ($row in $teamsAndChannels) { | |
| # Get the SharePoint site URL from the current row | |
| $siteUrl = $row.'SharePoint Site URL' | |
| # Get the sensitivity label for the SharePoint site | |
| $sensitivityLabel = (Get-SPOSite -Identity $siteUrl).SensitivityLabel | |
| if ([string]::IsNullOrEmpty($sensitivityLabel)) { | |
| # If the sensitivity label is null or empty, set the label name to "Not set" | |
| $sensitivityLabelName = "Not set" | |
| } | |
| else { | |
| # Get the name of the sensitivity label | |
| $sensitivityLabelName = (Get-Label -Identity $sensitivityLabel).DisplayName | |
| } | |
| # Replace the sensitivity label value in the current row with the new value | |
| $row.'Sensitivity Label' = $sensitivityLabelName | |
| } | |
| # Output the updated CSV to the original file in UTF-8 encoding | |
| $teamsAndChannels | Export-Csv -Path $csvPath -NoTypeInformation -Encoding UTF8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment