Skip to content

Category: Microsoft

[Powershell] Create Microsoft 365 admin account on all managed tenants

I received a question from a customer asking me for a way to create MFA-enabled administrator accounts on all Microsoft 365 tenants managed through the Partner portal, without having to manually go to each tenant and creating them. To solve this, I threw together a quick script that imports a .CSV file containing the DisplayName, UserPrincipalName and Password and then goes through every managed tenant to create the accounts and enables MFA on the newly created accounts.

As an extra bonus, I’ve also provided a script that could be used to remove the accounts on all managed tenants.

Enjoy!

Account Creation

<#
.Description
	This script is used for creating (multiple) Microsoft 365 tenant administrator accounts for all tenants managed by your MSP.
	Current Version: 1.1
	
	Version History:
   ---------------- 
   v1.0: First release.
   v1.1: Fixed a bug that caused trouble when adding roles.
   
	By: Stefan van Bruggen

#>




# Connect to Microsoft 365 using your partner account credentials.

Connect-MsolService

# Get managed tenant IDs and prefixes.

Get-MsolPartnerContract -All | ForEach {
    $TenantPrefix = [string]$_.DefaultDomainName
    $TenantId = [string]$_.TenantId.Guid
      
		# Define administrator roles to be granted to the user.
      
		$Roles = "Authentication Administrator","Azure Information Protection Administrator","Company Administrator","Conditional Access Administrator","Directory Readers","Directory Synchronization Accounts","Directory Writers","Exchange Service Administrator","Helpdesk Administrator","Hybrid Identity Administrator","Intune Service Administrator","Kaizala Administrator","License Administrator","Message Center Privacy Reader","Message Center Reader","Partner Tier1 Support","Partner Tier2 Support","Password Administrator","Privileged Authentication Administrator","Privileged Role Administrator","Reports Reader","Service Support Administrator","SharePoint Service Administrator","Teams Communications Administrator","Teams Communications Support Engineer","Teams Communications Support Specialist","Teams Service Administrator","User Account Administrator"
    
		# Import users from .csv and create new user account, the .csv should have the following fields: DisplayName,UserPrincipalName,Password
      
		Import-Csv .\users.csv | ForEach {
        $newUPN = $_.UserPrincipalName + "@" + $TenantPrefix
        $newUPN = [string]$newUPN
        New-MsolUser -DisplayName $_.DisplayName -UserPrincipalName $newUPN -Password $_.Password -ForceChangePassword:$true -PasswordNeverExpires:$true -TenantId $TenantId 
        
        # Add newly created user account to previously defined administrator roles

        ForEach($role in $roles){
            Add-MsolRoleMember -TenantId $TenantId -RoleName $role -RoleMemberEmailAddress $newUPN
      }
    
    }  
      
      # Set required variables for MFA.
      
      $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
      $st.RelyingParty = "*"
      $st.State = "Enabled"
      $sta = @($st)
      
      # Enable MFA.
      
      Set-MsolUser -TenantId $TenantId -UserPrincipalName $newUPN -StrongAuthenticationRequirements $sta
}

Account Removal

<#
.Description
	This script is used for removing (multiple) Microsoft 365 tenant administrator accounts for all tenants managed by your MSP.
	Current Version: 1.0
   
	By: Stefan van Bruggen, Open ICT
		s.vanbruggen@open-ict.nl

#>


# Connect to Microsoft 365 using your partner account credentials.

Connect-MsolService

# Get managed tenant IDs and prefixes.

Get-MsolPartnerContract -All | ForEach {
    $TenantPrefix = [string]$_.DefaultDomainName
    $TenantId = [string]$_.TenantId.Guid
	
# Import list of users that need to be removed from .csv and remove the accounts, the .csv should have the following fields: UserPrincipalName
	
	Import-Csv .\delete-users.csv | ForEach {
        $UPN = $_.UserPrincipalName + "@" + $TenantPrefix
        $UPN = [string]$UPN
        Remove-MsolUser -UserPrincipalName $UPN -TenantId $TenantId -Force
    }
	
}

[Microsoft] Hands-on Labs – Quick Review


I’ve waited for this moment for so long… *wipes away tear

Last week, Microsoft finally launched the ‘new and improved’ version of TechNet Labs (found here) called Hands-on Labs.

Introduction
In these labs, Microsoft provides you with an Azure-powered live environment  you can use to practice their new and current products without the risk of messing up your own systems.
Currently, they provide a pretty wide range of options including Server 2016, Azure, SQL Server and many more. (note: For some reason sorting the labs by newest places the newer products at the last page instead of the first).

Let’s get started, fire up those VMs!

So, let’s start with a randomly chosen lab to see how it all works, shall we? First we pick a lab and view the details:

Looks interesting enough, time to launch the lab and let Azure do it’s magic..


When launching the lab, we get redirected to a new webpage and you get to see a progress window, just to let you know it’s working hard to start your lab. (Wouldn’t want people to think Azure is taking it easy, would we?)

 

First impressions

Creating and booting up the required VMs was faster than I expected, within a few minutes you are greeted by a short introduction of the lab objective and you are ready to get that knowledge flowing into your mind.

Is it any good?

Based on the short time I spent clicking through a few of the labs, I have to say that I’m very positive about the Hands-on Labs.

The process of launching the labs, creating the VMs and working with the labs is very straightforward and works pretty smooth. I expected this process to take a lot longer, but Microsoft does a good job of providing their users with a fully functioning environment in a very short time.

If they manage to provide new labs before or shortly after the release of new products or product versions, I can see this becoming a must-use tool for exam preparations and a very handy tool to get some hands-on experience with the products you are planning to implement in your own environment.
Conclusion: Very positive first experience, with a lot of potential uses.

Stefan van Bruggen - 2019