Tag Archives: Admin

Useful PowerShell Scripts for Managing Classes in Microsoft Teams

So, you have school data sync setup and all of your class teams have been generated in Microsoft Teams. Teachers are eager to start using it for extending the classroom or remote learning. Teachers then realise that students can do things that they were not aware of and request for some rights to be restricted.

Here is a list of useful PowerShell scripts to help you manage some of the most common issues that schools face.

  • – Allow teachers to delete student messages
  • – Stop students emailing the class group
  • – Disable chat for students
  • – Calling and Live Event Policies

Allow teachers to delete student messages

It’s surprising that this is not enabled as standard. Owners in class teams cannot delete member messages unless a custom message policy is set.

Create a messaging policy in the Teams Admin centre

Create a new messaging policy and select “Owners can delete sent messages”

Create custom message policy in Teams
Owners can delete messages
Apply Custom Message Policy using PowerShell
 

This needs to be run as a global admin. The variables at the top of the script should be changed to the AAD (or synced AD) group that you want to apply the messaging policy to and the message policy name.

#Variables to change - add the AAD group and custom message policy name here
$ADSecurityGroupNameToApplyPolicyTo="All Teachers"
$customMessagePolicyName="CustomTeacherMessagingPolicy1"

# Install AzureAD PowerShell if you don't already have it - commented out below
# install-module azuread

#Import modules if you haven't already
Import-Module SkypeOnlineConnector
Import-Module AzureAD

#Connect to Skype and Azure AD
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession
Connect-AzureAD -Credential $userCredential

$GroupUsers = Get-AzureADGroup -ALL $true -Filter "DisplayName eq '$ADSecurityGroupNameToApplyPolicyTo'" | Get-AzureADGroupMember -ALL $true | select mail
 
foreach ($GroupUser in $GroupUsers)
{
	$userEmail=$GroupUser.Mail
	write-host "Processing $userEmail"
	Grant-CsTeamsMessagingPolicy -PolicyName "$customMessagePolicyName" -Identity "$userEmail"
}

Stop students emailing the class group

Once a student receives a welcome message into a group, they may reply back to it or find it in the address list and start a large group email.

In the script below connect to Microsoft Exchange PowerShell. You should update the variables with an AD security group for students to apply the policy to. To ensure you only apply this to the relevant teams, use the wildcard search to filter them. In this example we are assuming teams have been named in a format of SchoolCode-AcademicYear-ClassName so we can set the wildcard to only apply this setting to Teams starting with SCH-2019.

######Replace the following variables if necessary##########
$studentADSecurityGroup ="All Students"   #AD Group for all students
$wildcardsearch="SCH-2019*"                #Wildcard for Teams display name - Search for Teams beginning with ....  
###########################################################

$MyCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber
$groups = Get-UnifiedGroup -ResultSize 20000 -SortBy DisplayName -Identity "$wildcardsearch" | Select DisplayName,WhenCreated,Id
 
foreach ($group in $groups)
{
    $teamName = $group.DisplayName
    Write-Host "restricting group emails on $teamName for $studentADSecurityGroup"
    Set-UnifiedGroup -Identity "$teamName" -RejectMessagesFromSendersOrMembers "$studentADSecurityGroup"
}

Disable chat for students

Teams is a safe environment for students to chat, chats can be audited and monitored more closely than if they where to use WhatsApp or snapchat outside of the school systems. However, there are some situations where it might require turning off for safeguarding reasons.

Create message policy in Teams admin centre
Teams message policy

Click “Add” to create a new message policy and turn off the chat setting.

Turn off chat for students


Apply Custom Message Policy using PowerShell

This needs to be run as a global admin. The variables at the top of the script should be changed to the AAD (or synced AD) group that you want to apply the messaging policy to and the message policy name.

#Variables to change - add the AAD group and custom message policy name here
$ADSecurityGroupNameToApplyPolicyTo="All Students"
$customMessagePolicyName="CustomStudentMessagingPolicy1"

# Install AzureAD PowerShell if you don't already have it - commented out below
# install-module azuread

#Import modules if you haven't already
Import-Module SkypeOnlineConnector
Import-Module AzureAD

#Connect to Skype and Azure AD
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession
Connect-AzureAD -Credential $userCredential

$GroupUsers = Get-AzureADGroup -ALL $true -Filter "DisplayName eq '$ADSecurityGroupNameToApplyPolicyTo'" | Get-AzureADGroupMember -ALL $true | select mail
 
foreach ($GroupUser in $GroupUsers)
{
	$userEmail=$GroupUser.Mail
	write-host "Processing $userEmail"
	Grant-CsTeamsMessagingPolicy -PolicyName "$customMessagePolicyName" -Identity "$userEmail"
}

Calling Policies

Calling policies can be used to configure what can and can’t be done by users when calling on Teams. An example of this might be for preventing students from calling on Teams.

Calling policies can be found under Voice as shown below:

Calling Policies

These are the settings that can be applied:

Teams Calling Policy for Students

This is how we apply a calling policy:

#Variables to change - add the AAD group and custom message policy name here
$ADSecurityGroupNameToApplyPolicyTo="All Students"
$customMessagePolicyName="CallingPolicyForStudents"

# Install AzureAD PowerShell if you don't already have it - commented out below
# install-module azuread

#Import modules if you haven't already
Import-Module SkypeOnlineConnector
Import-Module AzureAD

#Connect to Skype and Azure AD
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession
Connect-AzureAD -Credential $userCredential

$GroupUsers = Get-AzureADGroup -ALL $true -Filter "DisplayName eq '$ADSecurityGroupNameToApplyPolicyTo'" | Get-AzureADGroupMember -ALL $true | select mail
 
foreach ($GroupUser in $GroupUsers)
{
	$userEmail=$GroupUser.Mail
	write-host "Processing $userEmail"
	Grant-CsTeamsCallingPolicy -Identity "$userEmail" -PolicyName "$customMessagePolicyName"
}

Live Event Policies

Live Event policies might be used restricting who can attend or record them live events.

Live event policies can be found under Meetings as shown below:

Live Event Policies

These are the options when setting up a Live Events policy.

Teams Live Event Policy for Teachers

This is how we apply a Live Event policy:

#Variables to change - add the AAD group and custom message policy name here
$ADSecurityGroupNameToApplyPolicyTo="All Students"
$customMessagePolicyName="LiveEventPolicyForStudents"

# Install AzureAD PowerShell if you don't already have it - commented out below
# install-module azuread

#Import modules if you haven't already
Import-Module SkypeOnlineConnector
Import-Module AzureAD

#Connect to Skype and Azure AD
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $userCredential
Import-PSSession $sfbSession
Connect-AzureAD -Credential $userCredential

$GroupUsers = Get-AzureADGroup -ALL $true -Filter "DisplayName eq '$ADSecurityGroupNameToApplyPolicyTo'" | Get-AzureADGroupMember -ALL $true | select mail
 
foreach ($GroupUser in $GroupUsers)
{
	$userEmail=$GroupUser.Mail
	write-host "Processing $userEmail"
	Grant-CsTeamsMeetingBroadcastPolicy -Identity "$userEmail" -PolicyName "$customMessagePolicyName"
}

Office 365 User Adoption Episode 8: School Leadership with Microsoft Teams

We’ve spoken a lot on this blog and in our podcast about how Microsoft Teams and SharePoint transforms the classroom, from sharing class resources with pupils to improving student engagement with Digital Ink and Class Notebook.

However, there are also many opportunities to use these tools to drive School Leadership Teams.

We spoke with Gareth Rose, Assistant Headteacher of Notley High School & Braintree Sixth Form to see how their School Leadership Teams, Heads of Faculty and Subject Leaders use Microsoft Teams and SharePoint.



“SharePoint is a brilliant tool for sharing files. And, while it has a lot of collaboration tools within it, we find Microsoft Teams the easiest way to co-author documents used and created by the School Leadership Teams (SLT),” explains Gareth.

“We have five core Teams: one for SLT, one for the admins who support SLT, a data admin team and a pastoral middle leadership team that includes SLT and the Heads of Houses.”

A Team acts as a central hub for collaboration – a place where you can talk with Team members, share and co-author files and keep meeting minutes all in one place.

“To keep everything connected with our SharePoint site, Cloud Design Box has set it up so that users can access the relevant Teams from their SharePoint mega menu.”

School Leadership Teams Heads of Faculty and Subject Leaders use Microsoft Teams and SharePoint

Within each Team, Notley High School has private channels where only specific people can access files and conversations. Private channels in Teams can be controversial as many believe you should simply set up a new Team if a private channel is required.

But, as Gareth explains, it’s a structure that has really worked for them:

“If we set up a new Team every time we need a private channel, we’d have far too many Teams with them all linking off in different directions. With our structure, everyone can access, view and edit the files applicable to them.”

To further simplify processes, Gareth has maintained one rule: SharePoint is for sharing finalised documents and Teams is for collaborating on WIP files.

“All the work-in-progress documents are stored within their corresponding Teams, where they can be accessed and edited by the right people. It’s only when they’re finished that they can be released into SharePoint,” he tells us.

“We have a one version policy – if the file is being worked on, it’s in Teams, and if the file is finalised, it’s in SharePoint.”

It’s easy to see why Notley High has chosen this method of working. This is a great example of Office 365, SharePoint and Teams adoption that shows how the products can be used by the school leadership to work together more dynamically, keeping everyone on the same page and everything in one place, without having to waste time copied into unnecessary emails.


Watch the full Office 365 User Adoption podcast on School Leadership with Microsoft Teams on our YouTube Channel.

Meanwhile, if you would like to discuss adopting SharePoint, Office 365 or Microsoft Teams for your school or multi-academy trust, speak with a member of our team today.


Cloud Design Box

Set default classic or new experience in SharePoint Online

The new list and library experience is here in SharePoint Online. It is great news for the SharePoint community (better integration with OneDrive, responsive, platform independent). For users with customisations or for companies who are not ready for the change yet, you can delay the new experience from the administration panel. There are certainly things which will improve in the new experience such as consistent navigation (you may notice that you lose the navigation configured in classic mode), custom JS overlays and custom branding. Microsoft should have some updates on those features in the coming year.

To switch back to classic mode for the entire tenancy:

Open the Office 365 admin centre and select “SharePoint” from the admin centre list.

Office 365 admin area

Go to the settings option and set the list and library view to classic mode. This may take a few moments to apply.

Office 365 admin area

You can override these settings in individual library settings if required.