Skip to content

In this episode, the team goes deeper into the discussion about Microsoft Teams templates.

  • Types of templates
  • Managing templates
  • Governance
  • Development

In this Episode, a follow up to Episode 71. The teams walks through the process of running Microsoft 365 DSC in Azure Automation.

What is MicrosoftDSC?

Microsoft365DSC is an Open-Source initiative hosted on GitHub, lead by Microsoft engineers and maintained by the community. It allows you to write a definition for how your Microsoft 365 tenant should be configured, automate the deployment of that configuration, and ensures the monitoring of the defined configuration, notifying and acting on detected configuration drifts. It also allows you to extract a full-fidelity configuration out of any existing Microsoft 365 tenant. The tool covers all major Microsoft 365 workloads such as Exchange Online, Teams, Power Platforms, SharePoint and Security and Compliance.

Why automate MicrosoftDSC using a runbook?

Ordinarily, you would need to run MicrosoftDSC manually or setup an “agent” on a server to monitor changes in your tenant (tenant drift) which can be cumbersome and not always practical for some environments.

Azure Automation is a service in Azure that allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure.

The following guide shows you what how to setup Microsoft DSC as an Azure runbook.  The runbook will monitor for changes in your Office 365 tenant an alert you when any changes do occur.

Getting everything setup in your Azure Tenant

Running MicrosoftDSC requires many prerequisite PowerShell Modules and dependencies to be installed into your Azure Tenant.  This quite a cumbersome process so we have created a script to simplify this. **Shout out to fellow MVP Barbara Forbes for the inspiration for this code - https://twitter.com/Ba4bes**

M365DSCRunBookInstall

Before running this you will need to do the following things:

  1. Get your Tenantid.  (use https://www.whatismytenantid.com/)
  2. Find your Azure SubscriptionID from the Azure Portal
  3. Create an Azure Automation Account - QuickStart Ref
  4. Create an Azure Resource Account
  5. Copy the script below into your a PowerShell window (as Administrator)

This will install all the required Microsoft 365 DSC Prerequisites PowerShell Modules to use within your automation RunBook.

install-module az.accounts
install-module az.automation

#Update the values below specific to your tenant!
$tenantID = "YOUR TENANTID HERE"
$subscriptionID = "YOUR SUBSCRIPTION ID HERE"
$automationAccount = "Your M365Automation Account Here"
$resourceGroup = "Your Azure Resource Group Here"

$moduleName = "Microsoft365dsc"
Connect-AzAccount -SubscriptionId $subscriptionID -Tenant $tenantID 

Function Get-Dependency {
#Function modifed from: https://4bes.nl/2019/09/05/script-update-all-powershell-modules-in-your-automation-account/
    param(
        [Parameter(Mandatory = $true)]
        [string] $ModuleName    
    )

    $OrderedModules = [System.Collections.ArrayList]@()
    
    # Getting dependencies from the gallery
    Write-Verbose "Checking dependencies for $ModuleName"
     $ModuleUri = "https://www.powershellgallery.com/api/v2/Search()?`$filter={1}&searchTerm=%27{0}%27&targetFramework=%27%27&includePrerelease=false&`$skip=0&`$top=40"
    $CurrentModuleUrl = $ModuleUri -f $ModuleName, 'IsLatestVersion'
    $SearchResult = Invoke-RestMethod -Method Get -Uri $CurrentModuleUrl -UseBasicParsing | Where-Object { $_.title.InnerText -eq $ModuleName }

    if ($null -eq $SearchResult) {
        Write-Output "Could not find module $ModuleName in PowerShell Gallery."
        Continue
    }
    $ModuleInformation = (Invoke-RestMethod -Method Get -UseBasicParsing -Uri $SearchResult.id)

    #Creating Variables to get an object
    $ModuleVersion = $ModuleInformation.entry.properties.version
    $Dependencies = $ModuleInformation.entry.properties.dependencies
    $DependencyReadable = $Dependencies -split ":\|"

    $ModuleObject = [PSCustomObject]@{
        ModuleName    = $ModuleName
        ModuleVersion = $ModuleVersion
    }
    
    # If no dependencies are found, the module is added to the list
    if (![string]::IsNullOrEmpty($Dependencies) ) {
        foreach ($dependency in $DependencyReadable){
            $DepenencyObject = [PSCustomObject]@{
                ModuleName    = $($dependency.split(':')[0])
                ModuleVersion = $($dependency.split(':')[1].substring(1).split(',')[0])
            }
            $OrderedModules.Add($DepenencyObject) | Out-Null
        }
    }

    $OrderedModules.Add($ModuleObject) | Out-Null

    return $OrderedModules
}

$ModulesAndDependencies = Get-Dependency -moduleName $moduleName
#$ModulesAndDependencies

write-output "Installing $($ModulesAndDependencies | ConvertTo-Json)"

#Install Module and Dependencies into Automation Account
foreach($module in $ModulesAndDependencies){
    $CheckInstalled = get-AzAutomationModule -AutomationAccountName $automationAccount -ResourceGroupName $resourceGroup -Name $($module.modulename) -ErrorAction SilentlyContinue
    if($CheckInstalled.ProvisioningState -eq "Succeeded" -and $CheckInstalled.Version -ge $module.ModuleVersion){
        write-output "$($module.modulename) existing: v$($CheckInstalled.Version), required: v$($module.moduleVersion)"
    }
    else{
        New-AzAutomationModule -AutomationAccountName $automationAccount -ResourceGroupName $resourceGroup -Name $($module.modulename) -ContentLinkUri "https://www.powershellgallery.com/api/v2/package/$($module.modulename)/$($module.moduleVersion)" -Verbose     
        While($(get-AzAutomationModule -AutomationAccountName $automationAccount -ResourceGroupName $resourceGroup -Name $($module.modulename)).ProvisioningState -eq 'Creating'){
            Write-output 'Importing $($module.modulename)...'
            start-sleep -Seconds 10
        }
    }
}

DSC PowerShell RunBook Sample

Here is the sample code as your Azure RunBook.  This can be scheduled to run on regular basis.

  1. Browse to your Azure Automation account.
  2. Under process automation, click Run Books.
  3. Create a new Azure RunBook, give it a name and make sure to select the runbook type asPowerShell.
  4. Edit the RunBook and copy the code below and paste it into your RunBook.
  5. In your Azure Automation Account, browse to shared resources -> credentials to add your credentials which will be used to execute the RunBook.
  6. Set the schedule for how often your Runbook executes
$creds = Get-AutomationPSCredential -Name "AutomationAccount"
$GitHubDSCConfig = 'https://raw.githubusercontent.com/YOURGITHUB/m365dscsample/main/GoldStandardDSCConfig.ps1'

$path = "$env:TEMP" 
$Date = $(Get-Date -f yyyy-MMM-dd-HHMMtt)

write-output "Pulling DSC from Tenant $Date" 
Export-M365DSCConfiguration -Quiet -Workloads @("TEAMS") -GlobalAdminAccount $creds -path $path -filename "runbook_$date.ps1" *>&1 | out-null

write-output "Pulling DSC from GitHub" 
Invoke-RestMethod -Uri $GitHubDSCConfig -OutFile "$path\dscconfig_$date.ps1"

write-output "Generating Delta Report`r`n" 
New-m365dscdeltareport -source "$path\dscconfig_$date.ps1" -destination "$path\runbook_$date.ps1" -OutputPath "$path\DeltaNew_$date.HTML" *>&1 | out-null

$readfile = Get-Content -path "$path\DeltaNew_$date.HTML"
write-output $readfile

write-output "Send Email"

$sendMailParams = @{
    Credential = $Creds
    From = $($Creds.username)
    To = 'habib@mydomain.com', 'michael@mydomain.com','dino@mydomain.com','curtis@mydomain.com'
    Subject = "DSC Delta Report - $Date"
    Body = "This is the delta report between your tenant and the Baseline Configuration $readfile"
    BodyasHtml = $true
    Attachments = "$path\DeltaNew_$date.HTML"
    SMTPServer = 'smtp.office365.com'
    Port = 587
    UseSsl = $true    
    DeliveryNotificationOption = 'OnFailure','OnSuccess'    
    Encoding = 'UTF8'
    Priority = 'High'
    EA = 'Stop'
}

Send-MailMessage @sendMailParams

In this episode, the team discusses our Microsoft Ignite favorite announcements that we are excited and interested about.

https://t.co/lLm47W2ry7?amp=1

https://www.microsoft.com/microsoft-365/partners/news/article/modern-work-and-security-news-at-microsoft-ignite

Ignite 2020 Book of News (microsoft.com)

In this episode, we have a good chat with the guys who are coordinating Teamsfest. They give us a rundown about the 1-day event that is jam-packed with a star-studded lineup with sessions related to Microsoft Teams.

Registration Link for the event: TeamsFest 2020 (sessionize.com)

In this episode, the team talks with Nik Charlebois Senior Customer Engineer and lead for Microsoft 365 Desired State Configuration (DSC), and fellow canuck about:

  • How it came to be
  • Vision
  • Use cases
  • Workloads

Microsoft365DSC is an Open-Source initiative hosted on GitHub, lead by Microsoft engineers and maintained by the community. It allows you to write a definition for how your Microsoft 365 tenant should be configured, automate the deployment of that configuration, and ensures the monitoring of the defined configuration, notifying and acting on detected configuration drifts. It also allows you to extract a full-fidelity configuration out of any existing Microsoft 365 tenant. The tool covers all major Microsoft 365 workloads such as Exchange Online, Teams, Power Platforms, SharePoint and Security and Compliance.

In this episode, the team talks with CEO Matt Landis, of Landis Technologies who are are one of the Microsoft Teams Certified Contact Center & Compliance Cloud recording partners.

We discuss their products:

  • Business Focus
  • Product differentiator
  • Product Architecture
  • Advanced and challenging scenarios
  • Microsoft Certification & validation process of their product.

In this episode, the team talks with PM Evan Kahan from Numonix , who are are one of the Microsoft Teams Certified Compliance Cloud recording partners.

We discuss their IX Cloud product:

  • Business Focus
  • Product differentiator
  • Product Architecture
  • Advanced and challenging scenarios
  • Microsoft Certification & validation process of their product.

In this episode the team talks with Isabella Lubin Sr. Program Manager at Microsoft to discuss the Evolution of Teams as a Platform.

  • The vision of Teams as a platform
  • Adoption of Teams as a platform
  • Teams as a platform scenarios
  • Build announcements

In this episode, we talk with fellow Office apps and services MVP - Matt Wade . Matt has published etiquette guides and end-user resources like the Office 365 periodic table on https://www.jumpto365.com/, and has a wealth of knowledge around bots with his work at https://atbot.io/

In this episode which is similar to Episode 36 & Episode 57, we cover a massive amount of features in Microsoft Teams that have been launched, rolling out or announced in the past 90 days. We've pulled all this information from Office 365 message center, Microsoft Tech community, Office 365 Roadmap with Teams filter.

New End User Functionality

  • Microsoft Lists in Teams
  • Microsoft Lists is a Microsoft 365 app that helps you track information and organize your work.
  • Track issues, assets, routines, contacts, inventory and more using customizable views and smart rules and alerts to keep everyone in sync.
  • This is brand new so not yet released but will be interesting to see where it plays well with respect to Planner and To Do.
  • Updated Feature: Invite a group or distribution list to a Teams meeting – previously you needed to do this in Outlook but now available when scheduling a meeting in Teams client.
  • Microsoft Teams support for Egnyte as a Third party which is cloud storage provider that do secure enterprise file sharing
  • Screen recording available in Microsoft Stream – create up to 15 minute videos using your mic and PC in Stream and then trim and publish the video. Edge and Chrome are supported for now.
  • Microsoft Teams - Increasing team membership limit to 10K from 5K. Just a note that Org wide teams still only support 5k users
  • Inline Edit Toggle for OneNote in Teams – you now edit OneNote content just like can a word or excel file in Teams.
  • Contextual search is coming to Teams – this is great as it allows you to do a  (Ctrl F) to search for content within a specific channel now.
  • Last but not least, MS is releasing a change that allows you to set a policy where you can force users in Islands Mode to only have the Teams Outlook Addin available to them forcing them to schedule all meetings in Teams.
  • Personal Apps available in Teams mobile client
  • Feature Update: Reverse number lookup in activity feed, call history, and voicemail
  • Option to create all meetings online for Outlook on the web and Outlook mobile
  • (Updated) New Feature: Teams/Skype Consumer chat and calling interop
  • New Teams meeting setting - require meeting participants to use the lobby
  • Feature Update: Teams meeting call and meeting chat size to increase to 300
  • Office 365 Groups will become Microsoft 365 Groups
  • Manage which accounts can log in to Teams via enrolled mobile devices

Development

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-build-edition-2020/ba-p/1394224

  • Making it easier to build and publish apps - Visual Studio and Visual Studio Code Extension for Teams
  • App Studio Update (v1.4.0)
  • With the latest update (v1.4.0), App Studio now has new enhancements such as, support for app manifest schema 1.6, “advanced section” in app details to easily support advanced features, app package validation tool to run tests that extend outside
  • Bringing low-code bots to Teams, with Power Virtual Agents
  • Simplified Power Apps and Power Virtual Agents “Add to Teams”
  • Enhanced workflow automation with Power Automate + Teams
  • New Shifts + Power Automate actions
  • Improved Power BI sharing to Teams
  • Activity feed notifications for apps
  • Granular Permissions
  • Mobile device capability for apps
  • New Microsoft Graph APIs for subscribing to notifications for new app messages
  • New Teams Graph APIs in v1.0
  • Graph APIs for Shifts

Management

  • New Feature: Microsoft Teams room management within Teams Admin Center
  • Call Quality Dashboard (CQD) V2 data to be retired
  • General availability of automatic classification with sensitivity labels in Microsoft 365 services
  • Improving IT Admins’ ability to manage apps
  • New 3rd party subscription purchase experience
  • Grant Consent to Graph API Permissions
  • New controls to enhance the Teams app discoverability experience