11 Dec 2019 by Mike Weaver
Integration: The Final Step in Change Management
The final step in successful change management is the Integration stage. Here’s how to bring everything together. Watch now.
Earlier this week we hosted a great webinar, presented by Alan Byrne and Vasil Michev. The session focused on PowerShell scripting for Office 365, and covered all kinds of advice, tips and workarounds for using the tool, and getting the data you need.
If you missed the session, don’t worry – you can watch the on-demand recording here.
More PowerShell webinars in the New Year!
Due to the popularity of this topic, and some of the questions we received, we will be hosting a similar session focused on optimizing PowerShell scripts for large tenants. This will be taking place in February 2018, so make sure you keep an eye out for further details.
Questions from the audience
The last part of the webinar was dedicated to audience questions, and we had some brilliant contributions, so we thought it would list some of the questions we received here, and Vasil Michev has provided extended answers, with links to helpful resources or documentation. Enjoy!
Q. ‘Do the trusted locations (that you configure in the Azure MFA portal) work in an ADFS setup?’
A. It depends. When your domain is federated via AD FS or any 3rd party federation solution, you can perform the Multi-Factor Authentication (MFA) challenge either at your IdP or against Azure MFA. For the former, different mechanisms exist to bypass MFA based on network location. If using Azure MFA, the answer is yes, you will be able to bypass the MFA prompt when on a trusted location, but you need to make sure that you send the appropriate claim. You can refer to this article for additional details.
Q. ‘I’d like to know if there’s a way to read the “throttle” messages to more accurately insert pauses into the robust command.’
A. The answer (as well as a working script example) is given as part of the “Running PowerShell cmdlets for large numbers of users in Office 365” blog article, which you can find here.
This is also one of the topics we will discuss for our next webinar, so stay tuned.
Q. ‘How do you handle piping large amounts of mailboxes into another command like statistics, since when it goes over 4000 users, Microsoft throttles me and the script stops.’
A. In general, when running against a large number of objects, I would strongly recommend using a proper script, instead of just piping cmdlets. The pipeline methods might seem simpler and more convenient to use, but it is much slower. Check this Scripting guy article for example.
Now, on the other hand, memory consumption might be bigger when you use a full-blown script. Overall, there are many factors involved, but the best suggestion we can give you is to follow the recommendations in the “Running PowerShell cmdlets for large numbers of users in Office 365” article. In a nutshell, use server-side filtering to get only the objects you need, and combine it with Invoke-Command to make sure you get only the properties you want, therefore minimizing the network and memory footprint, as well as the time to execute.
Using a full script also allows you to put some logic in to handle throttling. It can be as simple as adding some artificial delay every other iteration, or a more robust solution such as the example used in this article.
Q. ‘How can I get last sync time for a particular device?’
A. You should be able to get this information via the Get-MobileDeviceStatistics cmdlet (or Get-ActiveSyncDeviceStatistics in older versions). Now, there are some challenges when running this cmdlet against a large number of users/devices, which we will tackle in the next webinar.
Q. ‘How will PowerShell work with MFA if using a 3rd partly like Okta, etc?’
A. Modern authentication is agnostic against the 2FA method used (if any). It should work just fine, as long as the 3rd party IdP complies with the specifications. Microsoft maintains a list of third party providers that “qualify” for Modern authentication. You can access this list here.
As noted in the article however, no MFA scenarios have been tested when populating this list, so your best option is to confirm directly with the vendor.
We hope you found the webinar useful – watch it here if you missed it! If you’re managing a large tenant using PowerShell, and are interested in more tips and advices for getting your scripts to run smoothly – make sure you watch out for more details about our follow-on PowerShell webinar next year.
If you have any further questions, please feel free to comment on this post and we’ll try to answer them.