Last active
October 25, 2020 06:04
-
-
Save jcallaghan/19fcdcf05ddf43a74bce0b0f720f7cc8 to your computer and use it in GitHub Desktop.
Apply configuration for Office3 365 Group Classification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Azure Active Directory cmdlets for configuring group settings | |
Reference - https://docs.microsoft.com/en-gb/azure/active-directory/users-groups-roles/groups-settings-cmdlets | |
Note: | |
Update group classifications (lines 39 and 40) | |
Set GroupCreationAllowedGroupId to your group if change is required (lines 30 and 31) | |
#> | |
## Get and review tenant config | |
Connect-MsolService | |
Get-MsolCompanyInformation | |
# Requires AAD module (UAC install) | |
# Uninstall-Module AzureAD | |
# Install-Module AzureADPreview -AllowClobber | |
# Connect to AAD | |
Connect-AzureAD | |
## Get AAD setting templates | |
#Get-AzureADDirectorySettingTemplate | |
## Review current configuration | |
$existingADSettings = Get-AzureADDirectorySetting | |
$existingADSettings | ForEach Values | |
# Review the group applied to GroupCreationAllowedGroupId | |
# $groupID = "your group ID here" # to apply a new group and comment out the next line | |
$groupID = $existingADSettings.Values | where-object {$_.name -eq "GroupCreationAllowedGroupId"} | |
if($groupID -ne $null){ | |
write-host "GroupCreationAllowedGroupId = $($groupID.Value)" | |
Get-AzureADGroup -ObjectId $groupID.Value | |
} | |
## Apply new classifications | |
$Template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b | |
$Setting = $template.CreateDirectorySetting() | |
$setting["ClassificationList"] = "Contoso Users Only,Contoso Users and External Guests" | |
$setting["ClassificationDescriptions"] ="Contoso Users Only:For internal usage only,Contoso Users and External Guests:External access permitted" | |
$setting["GroupCreationAllowedGroupId"] = $groupID.Value | |
# If no settings exist as per line 25 use this command | |
New-AzureADDirectorySetting -DirectorySetting $setting | |
# If settings exist as per line 25 use the command | |
Set-AzureADDirectorySetting -id $existingADSettings.Id -DirectorySetting $setting |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment