Microsft Teams Homebrew - Get-TeamsEffectiveUserPolicy -Identity -Policy

-

There is an ever increasing number of policies that can apply to users in Microsoft Teams.

There's also different ways to apply them. When queried outside of Teams Admin Center (TAC) its not immediately clear what has been assigned.

Get-CsOnlineUser might return a blank - thats because its not assigned (Global). 

Thats all well and good but it doesn't tell me if a policy has been assigned by group.


To find this out you need to write a few more lines of powershell. I decide to wrap it up as a function and have this minimum viable product. No doubt it will need some tweaking as we go along, but for the moment, it seems to work.

Call the function with one of the applicable policies and it will return [Global], [D] (direct) or [G] (group) with the policy name.

It's straight forward enough - checks to see if there is a policy assignment. If so, it checks if theres a direct assignment, and if not, checks the ranking of the group assignments.

Simple enough and makes for a simple function when it needs to be done repeatedly.


/quick update to return as an object with two members, rather than a single string.


function Get-TeamsEffectiveUserPolicy {
    param (
        $UserID,
        [validateset("TeamsAppPermissionPolicy", "TeamsAppSetupPolicy", "TeamsAudioConferencingPolicy", "TeamsCallParkPolicy", "TeamsCallingPolicy", "TenantDialPlan", "TeamsEmergencyCallRoutingPolicy", "TeamsEmergencyCallingPolicy", "TeamsEnhancedEncryptionPolicy", "TeamsMeetingPolicy", "TeamsMessagingPolicy", "TeamsUpdatePolicy", "TeamsVoiceRoutingPolicy", "TeamsVoicemailPolicy")]
        $Policy
    )
    $result = $null
    $UserPolicies = $null
    $Assigned = $null
    $direct = $null
    $policies = $null

    $UserPolicies = get-csuserpolicyassignment -identity $userID -PolicyType $Policy
    if ([string]::IsNullOrEmpty($UserPolicies)) {
        $result = [pscustomobject]@{Assignment = "Global"; PolicyName = "<not set>" }
    }
    else {
        $Assigned = get-csuserpolicyassignment -identity $userID -PolicyType $Policy | Select-Object -ExpandProperty PolicySource
        if ($assigned.Assignmenttype -contains 'Direct') {
            #Direct assignment to user
            $direct = $assigned | where-object { $_.AssignmentType -like 'Direct' }
            $result = [pscustomobject]@{Assignment = "Direct"; PolicyName = "$($direct.PolicyName)" }
        }
        else {
            #No direct assignment
            #Get Group Policy assignments and check order
            $Policies = Get-CSGroupPolicyAssignment | Where-Object { $_.groupID -in $assigned.reference } | Sort-Object Rank | Select-Object -First 1
            $Result = [pscustomobject]@{Assignment = "Group"; PolicyName = "$($policies.PolicyName)" }
        }
    }
    Return $result
}

Comments

Post a Comment

Popular posts from this blog

Skype Online and MCOValidationError

-
These user counts are incorporated into the Lync ReportHTML  from the previous post: https://jc-nts.blogspot.com/2019/05/powershell-module-reporthtml.html While doing some housekeeping for a client, I noticed that the Interpreted User Type attribute in SfBO threw up some HybridOnpremSfBUserWithMCOValidationError accounts. The full list included: DirSyncSfBUser: On-premises users which have been assigned a SfB online licence DirSyncTeamsUser: On-premises users which have been assigned a Teams licence HybridOnlineSfBUser: A user created on-premises and migrated to SfBO HybridOnpremSfBUser: A user created on-premises and enabled on-premises for Lync/Skype HybridOnpremSfBUserWithDeletedLicenses: An on-premises user has a deleted office 365 SfB licence HybridOnpremSfBUserWithMCOValidationError: An on-premises user with a domain that is not valid in your synchronised tenant PureOnlineSfBUser: Online users which have been assigned a SfB licence PureOnlineTeamsUser: Online users
Read more

SCCM 2012 R2 - Offline servicing error

-
While updating images in SCCM 2012R2 to apply recent updates to a windows 8 image, I hit the following errors: Failed to install update with error code -2146498513 InstallUpdate returned code 0x800f082f Failed to install update with ID 17242935 on the image. ErrorCode = 2095 To fix: Mount the image (.wim) file using dism: dism /mount-wim /wimfile:d:\sources\os\captures\w8x86.wim /index:2 /mountdir:c:\mount Load the registry SOFTWARE key reg load HKLM\MyKey c:\mount\windows\system32\config\software Find the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Compnent Based Servicing\SessionsPending Edit the DWORD Exclusives to value 0 (in my case it was 3) unload the registry reg unload HKLM\MyKey commit the changes to the wim dism /unmount-wim /mountdir:c:\mount /commit In SCCM, schedule the updates. Key an eye on the OfflineServicingMgr log file - you might need to do the same again. Links DISM mounting http://msdn.microsoft.com/en-us/library/ff79481
Read more

Polycom provisioning - and Zoom!

-
Updated June 2019 So I have a little downtime which means I need a little project. On my 'havent setup in the test lab yet' is a polycom provisioning service. So, off to eBay i head for some devices (naturaly) and i'm pleasantly surprised to find some VVX handsets at a very reasonable £30. On a roll, i head off to find some Trio conference devices. A step up from the CX3000 they replaced, these are nice pieces of kit. I just missed out on a trio 8800 and visual+ bundle, so with VVX501 in hand i setup a provisioning service. FTP server - filezilla - check exceptions in the firewall - allow the filezilla app through - check DHCP options (160 AND 161 for newer firmware) - check Create a config file for the MAC address (i only have a single device, after all) Remembering to disable updates from the Lync/Skype/Office365 service - I dont want a reboot loop as it updated and downgrades repeatedly. <?xml version="1.0" standalone="yes"?> <
Read more