I’ve been getting a bunch of questions currently about among the requirements in CIPP, so I figured this week I’ll weblog about how a few of them work within the background. CIPP tries to make the most of Graph as a lot as doable to make adjustments to tenants and set them to a particular state.
This time we’ll talk about how we set the M365 contact emails. These contact e-mails are used for a bunch of stuff; the safety emails are used for safety advisories and points, the technical electronic mail for points contained in the tenant akin to Dirsync not working, advertising and marketing and basic emails are principally used for subscription info, like stuff expiring or renewing.
Setting these to a central e-mail can assist you seize occasions. You’ll obtain emails when there are issues with the compliance heart, or issues like that.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
#
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret'
$RefreshToken = 'RefreshToken'
#
$credential = New-Object System.Administration.Automation.PSCredential($ApplicationId, ($ApplicationSecret | ConvertTo-SecureString -AsPlainText -Power))
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal
Write-Host "Connecting to the Graph API to get all tenants." -ForegroundColor Inexperienced
$Contractheaders = @{ "Authorization" = "Bearer $($graphToken.accesstoken)" }
$Prospects = (Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/contracts?`$prime=999" -Methodology GET -Headers $Contractheaders).worth
foreach ($Buyer in $Prospects) {
$ClientToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $Buyer.customerId
$headers = @{ "Authorization" = "Bearer $($ClientToken.accesstoken)" }
Write-Host "Processing $($buyer.DefaultDomainName)"
$ConsentBody = @"
{
"marketingNotificationEmails" : ["marketing@contoso.com"],
"privacyProfile" :
{
"contactEmail":"alice@contoso.com",
"statementUrl":"https://contoso.com/privacyStatement"
},
"securityComplianceNotificationMails" : ["security@contoso.com"],
"securityComplianceNotificationPhones" : ["(123) 456-7890"],
"technicalNotificationMails" : ["tech@contoso.com"]
}
"@
(Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/group/$($buyer.customerId)" -ContentType "software/json" -Physique $ConsentBody -Methodology PATCH -Headers $headers)
}
|
And that’s it! As all the time, Glad PowerShelling.
