Office 365 is a cloud service that is made up of many different underlying services that are integrated together, such as Exchange Online, SharePoint Online, and Skype for Business Online. With so many different services in place, unifying administration into a single portal doesn't make much sense. Such a portal would be complex, confusing to use, and would limit the ability of the product groups that develop each individual service to optimize and improve their own admin experiences.
As such, there's a variety of admin portals that we need to use for administering Office 365 services, and several different PowerShell connections that are used as well.
Office 365 Administration Portals
Office 365 has multiple web-based administration portals that you can access using any modern web browser such as Google Chrome, Mozilla Firefox, or Microsoft Edge.
- Office 365 Admin Portal – this is the main portal for managing an Office 365 tenant, providing admin controls for a variety of common tasks such as managing users, groups, and billing, as well as other features such as the Service Health Dashboard. The URL is https://portal.office.com/adminportal
- Exchange Admin Center – the EAC for Exchange Online delivers a similar administration experience as the on-premises Exchange Admin Center, and provides more detailed administration for Exchange Online configuration and recipients. The URL is https://outlook.office365.com/ecp
- Skype for Business Online Admin Center – the SfBO Admin Center lets you manage your Skype users, external communications settings, voice services, and online meetings. The URL for the SfB Admin Center will vary depending on your tenant location, but you can locate it in the Office 365 Admin Portal. An example URL is https://adminau1.online.lync.com
- SharePoint Online Admin Center – the SPO Admin Center lets you manage SharePoint online site and site collections, permissions, and apps. The URL for the SPO Admin Center will vary depending on your tenant name, and you can locate it in the Office 365 Admin Portal. An example URL is https://exchangeserverpro-admin.sharepoint.com
- Security and Compliance Center – the S&C Center provides a portal for managing compliance features in Office 365 that span multiple services, such as Advanced Threat Protection (ATP), data loss prevention (DLP), eDiscovery, and mobile device management (MDM). The URL is https://protection.office.com
- Yammer – the Yammer admin portal can be used to activate your Yammer network, customize the appearance, manage users and policies, and perform community management tasks. The URL for the Yammer admin portal will vary based on your tenant domain. An example URL is https://www.yammer.com/practical365.com/admin/
- Azure – the Azure management portal is used to administrator Azure Active Directory and other Azure services for your tenant, or for separate Azure subscriptions that your organization also has. Microsoft Intune is also managed through the Azure portal. The URL is https://portal.azure.com.
- Azure Active Directory – Azure AD has its own dedicated portal as well. This is useful if you only want to manage Azure AD and related features such as conditional access and Privileged Identity Management, and not the full suite of Azure cloud services. The URL is https://aad.portal.azure.com.
- OneDrive for Business – the ODfB Admin Portal allows you to manage and control OneDrive sync, sharing and device access settings. The URL is https://admin.onedrive.com.
- StaffHub – the StaffHub portal allows team managers to create and publish schedules, and invite team members to StaffHub. The URL is https://staffhub.office.com/admin.
- Windows Defender Security Center – The Windows Defender Security Center is used to manage Windows Defender ATP. The URL is https://securitycenter.windows.com/.
- Azure Advanced Threat Protection – The Azure ATP portal is used to manage the workspaces for Azure ATP, which monitors on-premises Active Directory environments for suspicious behaviour. The URL is https://portal.atp.azure.com.
Office 365 PowerShell Connections
Although the web-based administration portals for Office 365 and various services provide most of the functionality you need for day to day admin tasks, some tasks require you to use PowerShell instead. In addition, PowerShell is a more efficient means of performing bulk administration tasks, or for performing tasks that require changes in multiple Office 365 services.
Office 365/Azure AD
Many Office 365 tasks such as user and licensing management, adding and removing domain names, and managing company information in PowerShell are performed using the Azure Active Directory Module for Windows PowerShell, which is supported on Windows 7 and later client operating systems and Windows Server 2008 R2 and later. Using the Azure Active Directory module depends on the Microsoft Online Service Sign-in Assistant for IT Professionals being installed on the same computer.
- Microsoft Online Services Sign-in Assistant for IT Professionals
- Azure Active Directory Module for Windows PowerShell (64-bit)
Update, July 2018 – the MsOnline module has been moved to the PowerShell Gallery. To install it, run the following command:
1 |
Install-Module MSOnline |
To connect to Azure Active Directory run the following PowerShell commands:
1 2 3 4 |
#Enter your Office 365 admin credentials when prompted PS C:\> $Credential = Get-Credential PS C:\> Connect-MsolService -Credential $Credential |
The PowerShell commands for the Azure AD are prefixed with Msol, for example Get-MsolUser. You can see the full list of commands by running the following command:
1 |
PS C:\> Get-Command -Module MSOnline |
Microsoft has released a new Azure AD PowerShell module to replace the MsOnline module. The AzureAD module is available in the PowerShell Gallery. However, if you are developing scripts based on the current module, you'll need to get ready to update your scripts with the different cmdlet names of the new module, which are prefixed with AzureAD, but aren't a direct 1:1 match in terms of functionality.
1 2 3 |
PS C:\>Install-Module AzureAD PS C:\>Connect-AzureAD |
Exchange Online
Exchange Online can be managed using PowerShell without installing any additional modules, as long as you have at least PowerShell version 3.0 installed. Windows 10 and Windows Server 2012 or later already meet the minimum requirements for connecting to Exchange Online with PowerShell. If you're still using Windows 7 or Windows Server 2008 R2 for administration, you'll need to update to at least .NET Framework 4.5.1 and then install the Windows Management Framework (WMF) 3.0 or later.
To connect to Exchange Online run the following PowerShell commands:
1 2 3 4 5 |
[PS] C:\> $credential = Get-Credential [PS] C:\> $exosession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid -Credential $credential -Authentication Basic –AllowRedirection [PS] C:\> Import-PSSession $exosession |
Microsoft also makes available the Exchange Online Remote PowerShell module. The EXOPS module supports modern authentication, which among other things means it supports multi-factor authentication. You can download the EXOPS module from here and install it on your management workstations or servers. After installing the module a desktop shortcut is added to your profile. When you launch the module from the shortcut it will check for updates each time (which are important to install).
You can then connect to Exchange Online by running the following command:
1 |
PS C:\> Connect-EXOPSSession |
Microsoft Teams
Microsoft has released a PowerShell module for managing the Teams application. The module is available in the PowerShell Gallery and can be installed with the following command.
1 |
PS C:\> Install-Module -Name MicrosoftTeams |
To connect to Microsoft Teams run the following command.
1 |
PS C:\> Connect-MicrosoftTeams |
To see a list of available cmdlets, run the following command.
1 |
PS C:\> Get-Command -Module MicrosoftTeams |
Although this is a PowerShell module, it takes a very user-centric view of Microsoft Teams. For example, the Get-Team cmdlet returns teams that the user is a member of, although the documentation says that it should return all teams in the organization. It's possible these types of issues will be fixed in future releases.
Skype for Business Online
Skype for Business Online can be managed using PowerShell by installing the Skype for Business Online PowerShell Module. To connect to Skype for Business Online, run the following PowerShell commands:
1 2 3 4 5 |
PS C:\> $credential = Get-Credential PS C:\> $skypesession = New-CsOnlineSession -Credential $credential PS C:\> Import-PSSession $skypesession |
Skype for Business Online cmdlets are prefixed with CsOnline, for example Get-CsOnlineUser. You can see the full list of available cmdlets by running the following command:
1 |
PS C:\> Get-Command -Noun CsOnline* |
SharePoint Online
SharePoint Online can be managed using PowerShell by installing the SharePoint Online Management Shell. To connect to SharePoint Online, run the following PowerShell commands:
1 2 3 |
PS C:\> $Credential = Get-Credential PS C:\> Connect-SPOService -url https://exchangeserverpro-admin.sharepoint.com -Credential $credential |
You'll need to subsitute your own admin URL in the command above.
Sharepoint Online cmdlets are prefixed with SPO, for example Get-SPOSite. You can see the full list of available cmdlets by running the following command:
1 |
PS C:\> Get-Command -Noun SPO* |
Security and Compliance Center
The Security and Compliance Center can be managed using PowerShell without installing any additional modules. You can connect to the Security and Compliance Center by running the following PowerShell commands:
1 2 3 4 5 |
PS C:\> $credential = Get-Credential PS C:\> $ccsession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection PS C:\> Import-PSSession $ccsession |
The Security and Compliance Center has a range of cmdlets for different tasks such as managing DLP, preservation policies, and eDiscovery cases. You can see the full list of cmdlets on TechNet.
If your account is enabled for multi-factor authentication then you can use the EXOPS module to connect to the Security & Compliance Center instead. The instructions for installing the EXOPS module are listed above in the Exchange Online section of this article. From the EXOPS module you can connect to the Security & Compliance Center by running the following command:
1 |
PS C:\> Connect-IPPSSession |
PowerShell Scripts and Tools
For PowerShell administration of Office 365 services there are some additional scripts and tools that are a useful addition to your toolbox.
- Managing Stored Credentials – this set of functions can be added to your PowerShell profile, or to scripts that you write, and allows you to securely manage different sets of administrator credentials for Office 365.
- Connect to Office 365 Services – this script by MVP Michel de Rooij contains a set of PowerShell functions to make it simpler to connect to individual Office 365 services.
Paul is a Microsoft MVP for Office Apps and Services and a Pluralsight author. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server.
Hi.
A very useful article thanks. Your link to “Azure Active Directory Module for Windows PowerShell (64-bit)” has moved elsewhere (cant find it!)
Cheers
Looks like it’s been moved to the PowerShell Gallery.
Try “Install-Module MSOnline”