I’m often asked why the Microsoft 365 admin consoles omit the print option. For instance, go to the Active users section of the Microsoft 365 admin center and look for a way to print a list of users. There isn’t one. What usually exists is an option to export data (users in this case) to a CSV file.
I think several reasons exist why Microsoft takes this approach with admin consoles. First, the consoles page information for display. As you move to the bottom of the list, more data appears until the complete set is present (I’ve never tried this with a tenant with 50,000 users, but that’s the theory). This implementation is consistent with the way the Graph APIs fetch data. In larger tenants, paging works better than if you were forced to wait for all data to be available. Second, the engineering effort to implement and support print options across all the admin consoles might be a cost Microsoft wants to avoid. Third, the export option allows tenants to download the information and format it according to their own requirements (all organizations have their own formats). Last, programmatic access to the data is often available through PowerShell or Graph API. Overall, it’s hard to complain too much about the lack of printing support in Microsoft 365 admin consoles.
Which brings me neatly to Teams and a request to generate a report of the policies assigned to user accounts. As you know, Teams is extraordinary fond of policies. A recent check revealed 40 separate Teams policies which can be assigned to an account (sixteen policies are available for editing through the Teams admin center). Unless they’re involved with the Teams Phone system (which consumes many policies), the average Teams administrator might interact with the following set:
- Meeting Policy: Controls capabilities available in Teams meetings.
- Messaging Policy: Controls capabilities in Teams chat and channel messages.
- App Setup Policy: Controls the apps pinned to the app navigation bar and the apps users can install.
- App Permission Policy: Controls the set of apps available to Teams users.
- Enhanced Encryption Policy: Controls the availability of Teams end to end encryption in 1:1 calls.
- Update Management Policy: Controls if users can access preview features.
- Channels Policy: Controls if users can create new private and shared channels.
- Feedback Policy: Controls if users are prompted to send feedback surveys to Microsoft.
- Live Events Policy: Controls how the user can create live events.
With this set of policies in mind, we can write some PowerShell to generate a report of Teams policy assignments.
Coding the Report
The report script is very straightforward.
- Connect to the Microsoft Teams PowerShell module to fetch information about the policies assigned to users.
- Connect to the Exchange Online management PowerShell module. This is an optional connection that I use to fetch the tenant name for the report using the Get-OrganizationConfig cmdlet. You could also use the Get-AzureADTenantDetail cmdlet from the Azure AD module.
- For each user, extract the policy assignments and update a PowerShell list object. It’s easy to add or substract policy assignments to customize the output. If the default policy is used, we output “Tenant Default” (you can chose a different name if you like), otherwise the script inserts the name of the assigned policy.
- When all users are processed, use the list data and some HTML code to create a HTML file.
- Create a CSV file using the report data to make it easy to analyze the assignments.
- Finish up by reporting success and the names of the created files.
Figure 1 shows an example of the report. As you can see, the report lists the assignment for each of the nine targeted polices for each user.
You can download the script from GitHub. Feel free to amend the code to suit the requirements of your tenant. The basics will remain the same, but you might want to add some extra policies or spruce up the formatting of the report.
The Power of the Shell
The script didn’t take long to write (admittingly, I had the HTML bits to hand). It’s yet another proof of how useful PowerShell is to Microsoft 365 tenant administrators in terms of filling the gaps left by Microsoft. Or, put another way, going where Microsoft choses not to go. Enjoy!