Microsoft Office 365
The Office 365 plugin enables the creation of automated services connected to O365 licenses, users , roles and distribution groups.
Prerequisites
Install the following powershell modules:
- MSOnline
- ExchangeOnlineManagement
Install-Module MSOnline -Force -Verbose
Install-Module ExchangeOnlineManagement -Force -Verbose
| Activities |
|---|
| Add-ZPO365DistributionGroupMember |
| Add-ZPO365RoleMember |
| Add-ZPO365MailboxPermission |
| Add-ZPO365RecipientPermission |
| Add-ZPO365MailboxModeratedBy |
| Get-ZPO365User |
| Get-ZPO365Group |
| Get-ZPO365Mailbox |
| New-ZPO365DistributionGroup |
| New-ZPO365ExcelLicenseReport |
| New-ZPO365User |
| New-ZPO365Mailbox |
| Remove-ZPO365EmailAddress |
| Remove-ZPO365License |
| Remove-ZPO365RoleMember |
| Remove-ZPO365User |
| Remove-ZPO365DistributionGroupMember |
| Remove-ZPO365Group |
| Remove-ZPO365RecipientPermission |
| Remove-ZPO365MailboxPermission |
| Remove-ZPO365Mailbox |
| Set-ZPO365EmailAddress |
| Set-ZPO365License |
| Set-ZPO365LicenseDelegated |
| Set-ZPO365GraphUser |
| Set-ZPO365User |
| Set-ZPO365Group |
| Set-ZPO365DistributionGroup |
| Set-ZPO365MailboxType |
| Set-ZPO365MailboxSendOnBehalf |
| Set-ZPO365MailboxForwardingAddress |
| Set-ZPO365Mailbox |
| Set-ZPO365MailboxClutter |
| Start-ZPO365DirectorySync |
| Test-ZPO365User |
| Test-ZPO365IsLicenseAssigned |
| ConvertTo-ZPO365ObjectGuid |
| Disable-ZPO365ActiveSync |
| Disable-ZPO365Pop |
| Disable-ZPO365Imap |
| Enable-ZPO365ActiveSync |
| Enable-ZPO365Pop |
| Enable-ZPO365Imap |
| Data sources | Type |
|---|---|
| Get-ZPO365FreeLicenses | Web service |
| Get-ZPO365ServicePlan | Web service |
| Get-ZPO365User | Web service |
| Get-ZPO365UserLicense | Web service |
| Get-ZPO365UserLicenseServicePlan | Web service |
| Get-ZPO365Group | Web service |
| Get-ZPO365ServicePlanRestricted | Web service |
| Get-ZPO365UserLicenseInformation | Web service |
| Get-ZPO365MobileDevice | Web service |
| Test-ZPO365DisplayName | Web service |
| Test-ZPO365EmailAddress | Web service |
| Test-ZPO365User | Web service |
| DropDown.O365Domain | Drop down |
| DropDown.O365License | Drop down |
| DropDown.O365User | Drop down |
| DropDown.O365DistributionGroup | Drop down |
| DropDown.O365MyDistributionGroup | Drop down |
| DropDown.Graph.O365User | Drop down |
| DropDown.Graph.O365License | Drop down |
| DropDown.Graph.O365LicenseDelegated | Drop down |
| DropDown.Graph.O365ServicePlanRestricted | Drop down |
| DropDown.Graph.O365ProjectOnlineLicense | Drop down |
Installation and Configuration
Update Provider Config
ProvisioningSystem
Update the provider config with the settings applicable for your environment
office365.provisioningsystem.providers.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | DC01.domain.local | Preferred domain controller FQDN |
| Credential | O365 | Name of the credential object stored in the Credential Manager |
| ConnectionRetryCount | 10 | Number of retries to perform if the connection to MSOL fails |
| ConnectionRetryIntervalSec | 1 | Number of seconds to wait between each connection attempt |
| UsageLocation | SE | Fallback Usage Location to use if none is specified in the activities |
| UICulture | en-US | Language to display state messages in (en-US or sv-SE) |
| DirSyncServer | SRV01.domain.local | Name of the server running dirsync. Requires PowerShell remoting |
| SessionName | ZervicePoint.Activity.O365.Exchange | Name of the PSSession. |
| ExchangeConnectionUri | https://outlook.office365.com/powershell-liveid | Connection URL to Excange online |
| ExchangeAuthentication | Basic | Exchange authentication types |
| LicenseDelegationConfigurationPath | C:\Program Files\Zipper\ZervicePoint\Provider extensions\Office 365 | Path to your license configuration json file |
| GraphTenantName | zipperdevtest.onmicrosoft.com | The target tenant of the Graph related calls |
| GraphAPIVersion | 1.6 | The Graph version to use in the Graph related calls |
| GraphCredential | O365 | Typically the same credential as for O365 |
| GraphProxyCredential | O365 | Typically the same credential as for O365. Must be specified if GraphProxy is set |
| GraphProxy | http://webproxy.company.com | Leave empty if no proxy is needed for Graph calls |
ClientWebService
Update the provider config with the settings applicable for your environment
office365.clientwebservice.provider.xml
| Key | Example Value | Description |
|---|---|---|
| DomainController | DC01.domain.local | Preferred domain controller FQDN |
| SearchBase | OU=Demo,DC=domain,DC=local | Default search base if no other search base is set up in the dropdown.xml file |
| Credential | O365 | Name of the credential object stored in the Credential Manager |
| ConnectionRetryCount | 10 | Number of retries to perform if the connection to MSOL fails |
| ConnectionRetryIntervalSec | 1 | Number of seconds to wait between each connection attempt |
| UICulture | en-US | Language to display state messages in (en-US or sv-SE) |
| Categories | Active Directory | Categories to display in the User dropdowns. supported values are: 'Active Directory', 'Office 365' or 'Active Directory, Office 365' |
| SessionName | ZervicePoint.ClientWebService.O365.Exchange | Name of the PSSession. |
| ExchangeConnectionUri | https://outlook.office365.com/powershell-liveid | Connection URL to Excange online |
| ExchangeAuthentication | Basic | Exchange authentication types |
| LicenseDelegationConfigurationPath | C:\Program Files\Zipper\ZervicePoint\Provider extensions\Office 365 | Path to your license configuration json file |
| GraphTenantName | zipperdevtest.onmicrosoft.com | The target tenant of the Graph related calls |
| GraphAPIVersion | 1.6 | The Graph version to use in the Graph related calls |
| GraphCredential | O365 | Typically the same credential as for O365 |
| GraphProxyCredential | O365 | Typically the same credential as for O365. Must be specified if GraphProxy is set |
| GraphProxy | http://webproxy.company.com | Leave empty if no proxy is needed for Graph calls |
Dependencies
License Delegation configuration
Getting started
Create a file called LicenseDelegationConfiguration.json (recommended path is C:\Program Files\Zipper\ZervicePoint\Provider extensions\Office 365\Shared modules\LicenseDelegationConfiguration).
Configure the path in providers.xml for both provisioning system and client web service where key is "LicenseDelegationConfigurationPath" and value is the path.
Open LicenseDelegationConfiguration.json in a texteditor and configure the rules.
Rules
- Roles - Specify available licenses for roles
- GloballyDisabledLicenses - Disable licenses globally
- GloballyDisabledServicePlans - Disable service plans globally
- SwapLicenseSets - Specify sets of licenses which are swappable
Roles To specify roles in configuration file, use roles key and specify which licenses and service plans are available for specific roles. For example, the following make STANDARDPACK license and Teams and Yammer enterprise serviceplans available for the role Sweden.
{
"roles": {
"Sweden": [
{
"skuPartNumber": "STANDARDPACK",
"allowedServicePlans": [
"TEAMS1",
"YAMMER_ENTERPRISE"
]
}
]
}
}
An example with multiple roles and licenses.
{
"roles": {
"Sweden": [
{
"skuPartNumber": "STANDARDPACK",
"allowedServicePlans": [
"Deskless"
]
},
{
"skuPartNumber": "ENTERPRISEPACK",
"allowedServicePlans": [
"Deskless",
"FLOW_O365_P2"
]
}
],
"Norway": [
{
"skuPartNumber": "POWER_BI_STANDARD",
"allowedServicePlans": [
"BI_AZURE_P0"
]
}
]
}
}
GloballyDisabledLicenses The GloballyDisabledLicenses rule allows you to disable licenses for all roles.
{
"globallyDisabledLicenses": [ "CRMTESTINSTANCE", "ENTERPRISEPACK" ]
}
GloballyDisabledServicePlans The GloballyDisabledServicePlans rule allows you to disable licenses for all roles.
{
"GloballyDisabledServicePlans ": [ "TEAMS1", "FLOW_O365_P2" ]
}
SwapLicenseSets You can add license sets where you specify which licenses should be swappable. An example if you want the users to have either ENTERPRISEPACK or POWER_BI_STANDARD.
{
"swapLicenseSets": {
"Standard": [
"ENTERPRISEPACK",
"STANDARDPACK"
]
}
}
In this case, suppose you have a user who has ENTERPRISEPACK and you assign POWER_BI_STANDARD. If you have this configuration the user would only have POWER_BI_STANDARD.
It's also possible to specify multiple SwapLicenseSets.
{
"swapLicenseSets": {
"Standard": [
"ENTERPRISEPACK",
"STANDARDPACK"
],
"CRM": [
"CRMPLAN1",
"CRMPLAN2",
"CRMSTANDARD"
]
}
}
License Delegation json example
An example with multiple rules.
{
"roles": {
"Sweden": [
{
"skuPartNumber": "STANDARDPACK",
"allowedServicePlans": [
"Deskless",
"FLOW_O365_P1",
"POWERAPPS_O365_P1",
"TEAMS1",
"SHAREPOINTWAC",
"PROJECTWORKMANAGEMENT",
"SWAY",
"INTUNE_O365",
"YAMMER_ENTERPRISE",
"MCOSTANDARD",
"SHAREPOINTSTANDARD",
"EXCHANGE_S_STANDARD"
]
},
{
"skuPartNumber": "ENTERPRISEPACK",
"allowedServicePlans": [
"Deskless",
"FLOW_O365_P2",
"POWERAPPS_O365_P2",
"TEAMS1",
"PROJECTWORKMANAGEMENT",
"SWAY",
"INTUNE_O365",
"YAMMER_ENTERPRISE",
"RMS_S_ENTERPRISE",
"OFFICESUBSCRIPTION",
"MCOSTANDARD",
"SHAREPOINTWAC",
"SHAREPOINTENTERPRISE",
"EXCHANGE_S_ENTERPRISE"
]
}
],
"Norway": [
{
"skuPartNumber": "POWER_BI_STANDARD",
"allowedServicePlans": [
"BI_AZURE_P0"
]
},
{
"skuPartNumber": "ENTERPRISEPACK",
"allowedServicePlans": [
"Deskless",
"FLOW_O365_P2",
"POWERAPPS_O365_P2",
"TEAMS1",
"PROJECTWORKMANAGEMENT",
"SWAY",
"INTUNE_O365",
"YAMMER_ENTERPRISE",
"RMS_S_ENTERPRISE",
"OFFICESUBSCRIPTION",
"MCOSTANDARD",
"SHAREPOINTWAC",
"SHAREPOINTENTERPRISE",
"EXCHANGE_S_ENTERPRISE"
]
}
]
},
"globallyDisabledLicenses": [ "CRMTESTINSTANCE" ],
"globallyDisabledServicePlans": [ "TEAMS1" ],
"swapLicenseSets": {
"Standard": [
"ENTERPRISEPACK",
"STANDARDPACK"
],
"CRM": [
"CRMPLAN1",
"CRMPLAN2",
"CRMSTANDARD"
]
}
}
Related Activities, dropdowns and webservices
- Set-ZPO365LicenseDelegated
- DropDown.Graph.O365LicenseDelegated
- DropDown.Graph.O365ServicePlanRestricted
- Get-ZPO365ServicePlanRestricted
- Get-ZPO365UserLicenseInformation