Microsft Teams Homebrew - Get-TeamsEffectiveUserPolicy -Identity -Policy

There is an ever increasing number of policies that can apply to users in Microsoft Teams.

There's also different ways to apply them. When queried outside of Teams Admin Center (TAC) its not immediately clear what has been assigned.

Get-CsOnlineUser might return a blank - thats because its not assigned (Global). 

Thats all well and good but it doesn't tell me if a policy has been assigned by group.


To find this out you need to write a few more lines of powershell. I decide to wrap it up as a function and have this minimum viable product. No doubt it will need some tweaking as we go along, but for the moment, it seems to work.

Call the function with one of the applicable policies and it will return [Global], [D] (direct) or [G] (group) with the policy name.

It's straight forward enough - checks to see if there is a policy assignment. If so, it checks if theres a direct assignment, and if not, checks the ranking of the group assignments.

Simple enough and makes for a simple function when it needs to be done repeatedly.


/quick update to return as an object with two members, rather than a single string.


function Get-TeamsEffectiveUserPolicy {
    param (
        $UserID,
        [validateset("TeamsAppPermissionPolicy", "TeamsAppSetupPolicy", "TeamsAudioConferencingPolicy", "TeamsCallParkPolicy", "TeamsCallingPolicy", "TenantDialPlan", "TeamsEmergencyCallRoutingPolicy", "TeamsEmergencyCallingPolicy", "TeamsEnhancedEncryptionPolicy", "TeamsMeetingPolicy", "TeamsMessagingPolicy", "TeamsUpdatePolicy", "TeamsVoiceRoutingPolicy", "TeamsVoicemailPolicy")]
        $Policy
    )
    $result = $null
    $UserPolicies = $null
    $Assigned = $null
    $direct = $null
    $policies = $null

    $UserPolicies = get-csuserpolicyassignment -identity $userID -PolicyType $Policy
    if ([string]::IsNullOrEmpty($UserPolicies)) {
        $result = [pscustomobject]@{Assignment = "Global"; PolicyName = "<not set>" }
    }
    else {
        $Assigned = get-csuserpolicyassignment -identity $userID -PolicyType $Policy | Select-Object -ExpandProperty PolicySource
        if ($assigned.Assignmenttype -contains 'Direct') {
            #Direct assignment to user
            $direct = $assigned | where-object { $_.AssignmentType -like 'Direct' }
            $result = [pscustomobject]@{Assignment = "Direct"; PolicyName = "$($direct.PolicyName)" }
        }
        else {
            #No direct assignment
            #Get Group Policy assignments and check order
            $Policies = Get-CSGroupPolicyAssignment | Where-Object { $_.groupID -in $assigned.reference } | Sort-Object Rank | Select-Object -First 1
            $Result = [pscustomobject]@{Assignment = "Group"; PolicyName = "$($policies.PolicyName)" }
        }
    }
    Return $result
}

Comments

Popular posts from this blog

Skype Online and MCOValidationError

SCCM 2012 R2 - Offline servicing error

Polycom provisioning - and Zoom!