You can enforce a password change for Office 365 (Azure AD) users without having to reset the password through Powershell.
For a single user:
Set-MsolUserPassword -UserPrincipalName user@domain.com -ForceChangePasswordOnly $true -ForceChangePassword $true
To force all users to change their password:
Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true
You can also use filters ? {} to limit the password change enforcement to specific groups of users.
Note that it is recommended to also use Revoke-AzureADUserAllRefreshToken to end all current open sessions, and immediately enforcing the user(s) to log in again and change their passwords.
With the deprecation of Internet Explorer, it is currently no longer possible to install the Exchange Online Powershell module via ECP. But you can also install the Exchange Online Powershell module via Powershell itself:
First install the dependencies:
Install-PackageProvider -Name NuGet -Force Install-Module -Name PowerShellGet -Force
Next install the Exchange Online Management module:
Install-Module -Name ExchangeOnlineManagement
With the strong increase in hackers targeting Office 365 tenants, it may be useful to see who has Global Administrator access in your tenant. This can be done either via the Office 365 Portal but also through Powershell.
Note: be sure to install the required Powershell cmdlets before attempting this.
Connect to your Office 365 tenant:
Connect-MsolService
To retrieve a list of users with the Global Administrator role, run this:
Get-MsolRoleMember -RoleObjectId $(Get-MsolRole -RoleName "Company Administrator").ObjectId | Select DisplayName,EmailAddress
You can append Export-Csv to export the list to a CSV-file.
A very useful blog article about killing active sessions to a compromised Office 365 account:
You can manually trigger Azure AD Connect to perform a sync cycle. Open a Powershell on the server running Azure AD Connect, then type:
During the installation of Azure AD Connect, the registration of the Azure AD Connect Health for Sync-agent may fail. When this happens, you can manually register the agent by running this Powershell cmdlet:
Register-AzureADConnectHealthSyncAgent -AttributeFiltering $false -StagingMode $false
You need the credentials of an O365 account with Global Admin rights.
In-place online archive, this means having your online archive readily available in Outlook, is only available if you have Office ProPlus or a standalone version of Outlook. Outlook from Office Standard (including Office365 Business Premium) does not provide access to the online archive, and as such, it can only be opened from OWA.
« ‹ | December 2024 | › » | ||||
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |