How to manage office 365 accounts in windows azure web site - powershell

I'd like to deploy a Office 365/Exchange Online management portal in the WAWS(Windows Azure WebSite) which could create new user/group/mailbox or change some property of specific user, etc. Is it possible to deploy this kind of web application in the WAWS environment? Should I call PowerShell and Office365 cmdlet in the ASP.NET environment? Or there are any better way to do this?

As the #Matt alludes to in his comment, there is already a web-based management portal for both of these. However, since you ask this question, I'm going to assume that you want additional functionality/customization.
The short answer is yes, you can.
User accounts in Office 365 are, behind the scenes, accounts in Azure Active Directory. So, for creating users, contacts, security groups and adding licenses, you will need to use the Azure Active Directory Graph API:
Getting Started With Windows Azure Active Directory Graph
For managing Exchange Online, you will probably want to use the Exchange Web Services Managed API 2.0. You'll probably only need this if you need to create distribution groups or manage individual users' contact folders (mailboxes for users get created when you assign an Exchange license from Azure Active Directory).
Get started with EWS Managed API client applications
Update: the Office 365 APIs were recently announced, and are now in Preview. They are a RESTful API, which can be used to manage (for now), mail, contacts and calendar items. Depending on your use case, this may be easier to deal with than the EWS Managed API 2.0.
Using the Mail, Calendar, and Contact REST APIs to work with emails, calendar items, and contacts

Related

Password Protect Looker (Google Data Studio) Report Via SSO

I built a Looker (Google Data Studio) report. The organization uses Outlook (Microsoft) for their emails (i.e. the domain is registered there, so for example, if the domain was underthesea then an email would be johnsmith#underthesea.com, and this is hosted by Outlook/Azure/Microsoft).
Is there a way to be able to access the report only via the organization's email? (I believe this is called SSO.)
The goal is that only those with active organizational emails would be able to see the report, which has sensitive organizational data in it.
I have researched this and have gotten nowhere. My question is whether this is possible at all since the emails are connected to Microsoft and the dashboard is in a Google application.
If it is possible - how?
I tried researching but it is not clear what is necessary to create the SSO if the organizational emails are not connected to Google.
How to do SSO with Google and Azure: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial
-Integration between Azure and Google SSO: https://learn.microsoft.com/en-us/answers/questions/21067/integration-between-azure-and-google-sso-and-user
-How to activate SSO from Google documentation: : https://cloud.google.com/architecture/identity/single-sign-on

Azure DevOps and Teams - one Group group to control membership to both

I have been trawling the internet and clicking myself blue in the face! Hopefully someone has a definitive answer.
I want to have one Group (in either of Azure AD, Microsoft Teams or Azure DevOps). This group must have access to a DevOps project and a Team site. When I change the membership of the group, the membership must change for both the Team and the DevOps project. I want to avoid the overhead of managing the groups for both separately.
Is this at all possible? Thanks.
This is a really good question, and the answer is not obvious at all. Ironically we had the same exact problem in Microsoft Teams - when a user was added or deleted from the underlying Office 365 Group (which is mastered in Azure AD), it would take up to an hour, sometimes more, to be reflected in Teams, which has its own copy of the member list.
There is a way to do it, and it's how Teams does it: it relies on a relatively new feature in Microsoft Graph called subscriptions. You can find the documentation for it here: https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0.
Essentially what you want to do is create a subscription to the group: POST https://graph.microsoft.com/v1.0/subscriptions with the right message body and your endpoint will be called whenever there's a membership change in the group. Your endpoint won't know what changed, just the event and some IDs - you will likely have to make a separate call to retrieve the actual data (unless the IDs alone are sufficient).
There's a sample on GitHub that illustrates how to use Microsoft Graph subscriptions including more details on how to subscribe to group notifications specifically.
One thing to be aware of is that to use these APIs, your application will require fairly elevated permissions: Group.Read.All which means it has the ability to read not only the team/group members, but all of its messages too (among other things), for every group in your Office 365 tenant. We are working with the MS Graph team to support a less-privileged, per-group permission approach, but even after that's released for Teams Graph APIs, support for that will have to be added to the subscriptions APIs I just mentioned and that may not happen for a while.

Create client under CSP using powershell

We are switching from reseller/advisor accounts to CSP.
We can manually create Customers under PartnerCenter which creates the relationship as Cloud Reseller as opposed to Advisor as before.
We can create the company name fine and add License based subscriptions however when we add Usage Based Subscription it lists the subscription name as Microsoft Azure instead of our Company Name. Also we have to go into this subscription and manually create AzureReader and AzureAdmin users under the ARM Portal.
I am looking for powershell options to automate this process:
Create a new client under CSP using powershell.
Create a usage based subscription with our Company Name instead of Subscription name of Microsoft Azure under this new client.
Add the AzureReader and AzureAdmin users to the Subscription.
Any assistance is appreciated.
I looked through several forums as well as scripts on Github but have not found anything and unfortunately I am not a coder or powershell guru.
Updating my answer -
Powershell preview is out now here
i am afraid there are no power-shell to accomplish this but instead there is a .net sdk or a REST API that can help to accomplish this.
Read more here

Use Powershell to list all mailbox users contacts from their contact folder with all attributes

I am on Office 365 and I (Admin of the site) have to run a query that takes a users mailbox (e. g: 'john.doe#example.com') and lists all of its contacts from the contact folder with all available attributes like name, email-address and so on. After searching heavily with Google and co. I found nothing regarding powershell handling contacts except importing and exporting. Is there a way?
You need to use an API like Exchange Web Services to access that level of information. You can use the EWS Managed API from Powershell. As it turns out, Glen Scales has a good write-up on exporting contacts that way.

Cloud e-mail and portal integration: experiences?

I am evaluating cloud e-mail solutions based upon:
Google Apps for Education
Microsoft Live#edu
I work for a University and we currently have an institutional portal (based on uPortal).
We currently have our local IMAP server and webmail client fully integrated with the portal. We would like to replicate the current portal e-mail experience with the new e-mail services. At present users can see a snapshot of their inbox in the portal and click through into the appropriate place in the webmail client.
We expect that we need to solve similar problems when integrating with the cloud based e-mail solutions.
We need to solve the single sign-on (SSO) problem.
We need to be able to access the inbox messages on the users behalf. (e.g. proxy authentication)
Does anybody have an experience or advice on this?
Many thanks,
Mark
Not sure what programming language you can use, however you can download the source code for some MOSS web parts for live#edu to give you an idea how to code them, they use SSO.
If anybody else happens upon this page they might also be interested the answers I recieved via the Jasig uPortal Mailing List answers