Getting Distribution Group Members

So, your organization moved to office 365 and you have crossed your faithful years of managing its IT infrastructure, suddenly you are into the cloud generation now. Everyone talks about security which makes your security auditor ask constant reports about group membership details. If you are this person and does not deal the traditional way of logging into office 365 for reports, instead by using the extensive powershell options that suits your own customizations, then you are in the right page. Let me explain the below script #DroidWay ūüėČ .

Below given script explains how to export distribution (list)group members in office 365. The Get distribution group members powershell office 365 cmdlet is used to retrieve the members from Office 365 distribution list. Office 365 distribution list management can be a easy task with the help of cmdlets available in powershell, with a variety of supported actions such as Office 365 distribution group management, Export group members to csv from Office 365, etc,.




Save the above script(example: script.ps1), execute it as script.ps1 -O365Username -O365password StrangePwd  (OR) Just execute script.ps1 and type the O365 credentials in the UI.


This blog explains few powershell scripting techniques that can be used to Export list of distribution group members from Office 365 to csv file .


Step1:  We have to declare argument parameters that will be specified as input during script execution, in this Example I have used the Office 365 username and password.



Step2: Create powershell session for Office 365 and import it for use.


Step3: Declare parameters that will store the Export CSV Output , Get-group will get the names of all Office365  Distribution groups, which is stored in $name to For loop to Get-distributionGroupmember users from it, which is further to be stored in $member. Mention the file location of output file (Empty .CSV file) where you need the Office365 distribution group members list to be exported in $ExportCSV .



Step4: Add another For loop within the previous Step3 For loop to receive each Office 365 Distribution Group member($member) of the Office 365 distribution list($name) and store it in two variables enclosed within the $details parameter. Create New object for each $details and add it into the $results object.



Step5: Export the results and end the powershell session.




Sample OUTPUT CSV Content:


“Alex Wilber”,”Tailspin Toys”
“Joni Sherman”,”Tailspin Toys”
“Megan Bowen”,”Tailspin Toys”
“Lynne Robbins”,”Tailspin Toys”
“Henrietta Mueller”,”Tailspin Toys”
“Lidia Holloway”,”Tailspin Toys”
“Joni Sherman”,”Executives”
“Henrietta Mueller”,”Executives”
“Joni Sherman”,”Legal Team”
“Lynne Robbins”,”Finance Team”
“Alex Wilber”,”Sales Team”
“Megan Bowen”,”Sales Team”
“Henrietta Mueller”,”Sales Team”
“Lidia Holloway”,”Sales Team”
“Alex Wilber”,”Northwind Traders”
“Joni Sherman”,”Northwind Traders”
“Megan Bowen”,”Northwind Traders”

Posted in O365 Powershell | Leave a comment

OneDrive for Business Files Restore

Announcing New Feature: OneDrive for Business Files Restore

Keeping our files safe and secure is always¬†everyone’s top priority.

There are some occasions where our files could be compromised due to accidental end-user deletion, file corruption, or malware infection. Until now the recovery process from such an event could take time and potentially result in data loss. But now it’s not as Microsoft just announced Files Restore¬†for OneDrive for Business.



Files Restore is a complete self-service recovery solution that allows administrators and end users to restore files from any point in time during the last 30 days. If a user suspects their files have been compromised, they can investigate file changes and allow content owners to go back in time to any second in the last 30 days.


Now users or administrators can rewind changes using activity data to find the exact moment to revert to.


To use Files Restore, all a user needs to do is choose Settings and then Restore OneDrive

OneDrive Settings PaneOneDrive Settings Pane


Users are presented with a histogram showing file activity over the last 30 days with an intuitive slider to ‚Äúrewind‚ÄĚ those changes.

Files Restore HistogramFiles Restore Histogram


They can then easily select the file or files to restore from that point in time.

Files Restore HistogramFiles Restore Histogram


The user then is prompted with a date range as well as the number of files to restore. The user chooses to restore and the files are then restored back into the users OneDrive.

Files Restore ProceedFiles Restore Proceed


As you can see, Files Restore for OneDrive for Business can save time and stress when file loss occurs, putting end users in control.


This capability started rolling out from 22nd Jan to all OneDrive for Business users and will continue to roll out over the next few weeks.

More Links:

This article was originally published in Microsoft TechCommunity

Posted in Uncategorized | Leave a comment

KnockKnock attack targets Office 365 corporate email accounts – It’s time to monitor failed login attempts in your Office 365

What’s KnockKnock?

Researchers uncovered KnockKnock, an attack on Office 365 Exchange Online email accounts, originating from 16 countries around the world.


Who are all most affected?

KnockKnock targeted on automated corporate email accounts not tied to a human identity, which often lacked advanced security policies like no MFA and no recurring password reset.


Where are the attack originated from?

  • Hackers used 63 networks and 83 IP addresses to conduct their attacks.
  • Roughly 90 percent of the login attempts came from China, with additional attempts originating from Russia, Brazil, U.S., Argentina and 11 other countries.


Am I affected?

Maybe. You need to monitor failed login activities regularly to know whether you are under any security threat.


How to monitor failed login activities?

You can go to¬†audit log option available in security & compliance center and search for failed login attempts. but it’s very difficult to search and find as O365 produce huge audit data.


Is there any easy way to monitor failed login attempts?

Yes, you can use AdminDroid Office 365 Reporter tool to monitor failed login attempts. The favorite view available under ‘User Activities Dashboard‘ will clearly show daily failed login activities with the top user details.

You can find the demo of the dashboard here.

User Login Activities

User Login Activities


KnockKnock research was conducted by SkyHigh.

Posted in News, Security | Leave a comment

SharePoint Online Site Collection Admin Audit Log Retention

What is Site Collection Admin Audit Log?

Site Collection Admin Audit Log helps the administrators to keep a log of what is happening inside the site collection. Knowing who has done what with which information is critical for achieving regulatory compliance and record management.

Note: This option is not enabled by default as enabling this may potentially generate a large number of audit events.

What is the default retention period for the audit log?

By default, the audit log has 90 days retention period, but the administrator had more control over this retention period. Begining July 24th, 2017, there is a major change going to be rolled out regarding audit log retention.

What are the new changes to SharePoint Online Site Collection Admin Audit Logging?

Microsoft will be making changes to the SharePoint Online Site Collection Administration Audit Log feature by enforcing a 90-day retention period. Customers who used this feature previously will be automatically updated to the new retention policy and settings. New customers who subscribed to Office 365 after this change will be forced to use the 90-day retention period.

Important: This change does not impact the Unified Auditing experience from the Office 365 Security & Compliance Center.

When are these changes going to be rolled out?

Microsoft has planned to roll out this changes to its first Release enabled Office 365 Tenants from July 24th, 2017.

How can I view data beyond the 90-day retention period?

Once the 90-day retention period is met an Excel file will automatically get created in the document library specified. These files will contain audit data from specific periods of time.

Is there any solution to store activities for a longer time period?

Yes, PowerShell is always the savior whenever you bogged by certain limitations. But it takes more time to develop the required functionality and it may be error prone as this functionality requires scheduling. It’s better to implement a 3rd party auditing tool.

Solution: Already a full-fledged Office 365 Auditing Report Tool available for download from Microsoft TechNet Gallery. ¬†It allows you to keep track of all Office 365 auditing information to your local server for as long as it’s required.

You can know more about the announcement in Microsoft Tech Community.


Posted in News, Office 365, SharePoint Online | Leave a comment

Office 365 Adoption and Activation Reports using Power BI

As an Office 365 admin, I always wanted to get a detailed analytics on how Office 365 services are used in my environment. It will help me to decide whether any users are facing any hiccups in accessing any of the services or do they need any training to get start with any of the Office 365 services.

Office 365 is lacking in this space for a long time. Now it seems Microsoft has committed to having a short plan to overcome this limitation. Recently Microsoft announced the limited preview of Office 365 Adoption Content Pack in Power BI.

Dashboard of Office 365 Reports -Power BI

Office 365 Reports – Using Power BI

Let me just dive into the available metrics in the pack. The metrics are split into four reports: Adoption Communication, Collaboration and Activation.

Adoption Reports:

These metrics will greatly help you to understand how your users have adopted Office 365 and its services. All the analytics can be seen separately for Exchange, OneDrive, SharePoint, Skype and Yammer. The following are the highlights of metrics available in adoption reports.

  • How many users have assigned a license?
  • How many users actively use the services?
  • How many are the first time users for this month?
  • How many are the returning users for this month?
Adoption Overview - Office 365 Reports using Power BI

Office 365 Adoption Report – Power BI

Communication Reports:

This report provides detailed metrics about how the usage of different communication methods is used.

  • Average number of emails sent
  • Average number of Yammer posts read
  • Average amount of time spent using Skype
  • Which client apps are used to read email?
  • Which client apps are used to Skype?
Adoption Overview - Office 365 Reports using Power BI

Communication Overview – Office 365 Reports using Power BI

Collaboration Report:

This report provides information regarding OneDrive and SharePoint collaboration.

  • How many users share documents externally
  • How many users share documents internally
  • How many users store documents in OneDrive and SharePoint
  • How many users collaborate SharePoint and OneDrive documents.

Activation Report:

Activation report helps you to get the number of activation of Office 365 ProPlus, Project and Visio. It gives you the following information.

  • Total activation counts across users
  • Number of users that have activated the products
  • The number of devices that has activated the products
  • The type of device that has activated¬†the products

Usage Reports:

Usage reports are available for most of the Office 365 services. The links to these reports can be found at the bottom of the main reporting page.

Yammer Usage Report: It gives information like how many people post messages, how many consume content by liking or reading a message and new user activation

Skype for Business Usage Report: It gives the information like how many users leverage Skype to connect with others using the message or video conferencing and the Skype activity.

OneDrive for Business Usage Report:  Shows admins how users leverage OneDrive to collaborate with others. This report includes following statistics.
– How many users use OneDrive to share files
– File storage utilization metrics
– Active OneDrive accounts
– Average number of files stored in OneDrive

SharePoint Usage report: It shows how SharePoint team sites and groups sites are being used to store files.  This report includes following statistics.
– Active SharePoint sites
– Number of files stored on average

Office 365 Top User report: It helps admins to identify Office 365 power users and the products they are using.

How to sign-up for the preview program?

To get the limited preview of this adoption content pack, you need to send an email to and include your tenant ID.


  • Sign-up closes by October 16, 2016; and space is limited.
  • It will take 2-3 weeks to prepare the data. Once it is done, you will receive an email with instructions.

The adoption content pack will become available for all customers to opt in by the end of December.


Posted in News, Office 365, Office 365 Reports | Tagged , , | Leave a comment

Office 365 Project Time Reporter

What is Office 365 Project Time Reporter?

Office 365 Project Time Reporter is a mobile app which helps you to manage your Project Online through the mobile app.

Mobile preview of Office 365 Project Time Reporter - AdminDroid

Mobile preview of Office 365 Project Time Reporter – iOS


OK, but what is Project Online?

If you are hearing about Project Online for the first time, then here you go; “Project Online is a project management service from Microsoft. It comes with Office 365 suite (but available only with certain plans). It helps you to manage your project with ease.”

– I will make a separate detailed blog about Project Online soon.

What can be done using Office 365 Project Time Reporter?

As this is the first release of the app, you will find only the major features to manage your Project Online.  I expect more features will come in the upcoming releases.

  • Using this app, team members can submit their timesheets and report progress.
  • Add new assignments or non-project work to your timesheets.
  • Create new task or update the existing task progress.

What platforms are supported?

Currently, only iOS app is out. Microsoft said that Android and Windows Phone version would hit soon to the Google Play Store and Windows Store.

You can download the iOS app in Apple Store.


If you want to know more about ‘Office 365 Project Time Reporter’ then you can check out this link.


source: Office Blogs


Posted in News | Tagged , | Leave a comment

Everything You Want to Know About Dynamic Office 365 Groups

What is Dynamic Office 365 Group?

What if your group always up to date based on certain properties of the user account, yes this is called dynamic office 365 groups.

The group membership of the most of the groups we use in day to day basis always depends on some of the user properties like department, city, office-location, country, manager, job title, etc., These are the strong candidates to fit in the Dynamic Office 365 Groups.


Screenshot of Office 365 Dynamic Distribution Groups Preview

Screenshot of Office 365 Dynamic Distribution Groups Preview

How long will it take to update the Dynamic Office 365 Group?

Microsoft confirmed that the dynamic group membership is usually updated within a minute.

This one-minute latency won’t be an issue because if we want to add the user to a group manually then it will take more than a minute of our time.

How easy is it to create Dynamic Membership for Groups?

Most of the time to access the advanced features always one need to use the PowerShell, but Microsoft provides nice GUI for creating dynamic membership for a group; with one condition, you need to have Azure AD Premium License to access this feature!.

Just in three easy steps.

  • Go to Azure classic Portal, Select Active Directory from the LHS, and then open your org’s directory.
  • Click on the Groups tab, and then select the desired group.
  • Now head to Configure tab, just turn on the ‘Enable Dynamic Membership’ switch, now you can define your simple membership condition easily.

Can I create a Dynamic Membership with complex rules.

Yes, you can.

Microsoft offers Advanced Rule option right under where you defined your dynamic membership condition. Currently, no GUI is available for framing the advanced rule, so one need to construct the rule manually with lots of commitment.

I always wonder why Microsoft releases half-baked features when it will just take few days of work to build a GUI for constructing the Advanced Rule.

To know more about how to create an ‘Advanced Rule, ‘ you can check out this Microsoft article.

What should I consider before switching to use new Dynamic O365 Groups?

There is no doubt it is the most needed feature for admin which will save you tons of hour which you can concentrate on more productive works.

But the single most important thing which you need to consider is the PRICING.

You need to have Azure Active Directory Premium license to use this cool feature. This license currently costs you 6$/user/month. Wel, the Azure Premium comes with some more cool features,  but if dynamic membership is the only thing you are going to use means you have to reconsider this option.

Tony Redmond has shared his thought about the big cost on dynamic distribution group here. I suggest you check out the link for more detail.

Note: Currently this feature in the preview.

Posted in Office 365 | Tagged , , , | Leave a comment

Office 365 Email Spoofing Report

What is Email Spoofing?

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. In simple words, email spoofing is the act of sending email on behalf of another user.

Image result for email spoof

Is Email Spoofing Bad?

Email spoofing has both good and bad faces. Some malicious user may spoof the actual domain to send spam or phishing emails. Spoofing is a common way for getting the user credentials or credit card information.

In some cases, there are legitimate reasons for spoofing.

  • You are using 3rd party service to send bulk mail or to run any mail campaign.
  • You may be¬†using an¬†external company to handle the customer care on behalf of your organization.

What Actions Need to be Taken?

  • The admin has to ensure that the mail sent by legitimate spoofers doesn’t get caught by the spam filters at the sending and receiving end.
  • In the other hand, malicious emails need to be blocked. So the admin needs to disable unauthorized spoofing in the domain.

How does Spoof Intelligence Work in Office 365?

Customers who have Office 365 Enterprise E5 or have purchased Advanced Threat Protection licenses have access to spoof intelligence in the Office 365 Security & Compliance Center.

The spoof intelligence policy is already set and enforced by O365. We cannot disable it, but we can choose how much we want to actively manage it.

You can control which domain or user can spoof your domain by reviewing the existing policy applied in Office 365 & Compliance Center.


To manage senders who are spoofing your domain by using the Security & Compliance Center

  1. Go to the Security & Compliance Center.
  2. Sign in to Office 365 with your work or school account. Your account must have administrator credentials in your Office 365 organization.
  3. In the Security & Compliance Center, expand Security policies > Anti-spam.Screenshot showing the anti-spam settings page in the Security & Compliance Center
  4. In the right pane, on the Standard tab, expand Spoof intelligence.
  5. To view the list of senders spoofing your domain, choose Review new senders.If you’ve already reviewed senders and want to change some of your previous choices, you can choose Show me senders I already reviewed instead. The following panel appears.Screenshot showing the Standard tab on the Spoof intelligence panel in the Security & Compliance Center
  6. On the Standard tab, each row represents a sender that is spoofing one or more users in your organization.If a sender is spoofing multiple users, and you want to allow that sender to spoof some users but not others, on the Standard tab, select Choose users.Screenshot showing how to choose which users to allow a sender to spoofScreenshot showing multiple spoofed users by one senderTo add a sender to the allow list for a user, choose Yes from the Allowed to spoof column. To add a sender to the block list for a user, choose No. This brings up the Detailed tab with the list of users being spoofed split into individual rows so you can choose whether to allow or block the sender from spoofing each user individually.
  7. Choose Save to save any changes.

How to See Spoofed Email Activity for My Office 365 Tenant?

You can check the ‘Spoof Mail Report’ in your Security & Compliance Center to get the view of spoofed senders in your domain. You can quickly get a visual report of summary data, and drill-down into details about individual messages, for as far back as 90 days. You can check this in detail in this¬†Microsoft TechNet blog.

Ref: Learn more about spoof intelligence

Posted in Office 365, Security | Tagged , , , , , , | Leave a comment

Microsoft Classroom (Preview) – New addition to Office 365 Education Subscription

What is Microsoft Classroom?

Microsoft Classroom is your homepage for managing all of your classes. Organize multiple class sections, create and grade assignments, collaborate with other teachers in Professional Learning Communities (PLCs), and provide feedback to students.


What can be done with Microsoft Classroom?

Classes & Assignments in a snap

Microsoft Classroom has a OneNote Class Notebook built into every class, allowing teachers to create assignments with due dates, complete with Outlook calendar events and reminders. School Data Sync saves teachers time by automatically creating groups and enabling single sign on to apps in Office 365.

Engage students in new ways

Let your students learn in more ways . You can help them to express their inner creativity, and make learning more effective and engaging with new tools like Sway for interactive class materials or dynamic presentations. New Learning Tools help students improve their reading and writing skills across a broad range of unique student abilities and learning styles.

Better Collaboration

With OneNote Class Notebook, students can show their creativity and collaborate with handwritten notes, sketches, typing, photos, videos, voice, and links. Teachers can provide personalized individual feedback along the way. Students can collaborate on assignments and co-author documents in Office Online, Office desktop, or Office mobile. Microsoft Forms is now available in preview for teachers to easily and quickly create basic surveys, quizzes, questionnaires, registrations and more.


Learn how to add Microsoft Classroom Preview in your Office 365 Education subscription here.

Posted in News, Office 365 Education | Tagged , , , | Leave a comment

Professional Learning Community groups in Office 365 Education

A professional learning community, shortly PLC, is a group of educators who meet regularly to share expertise and work collaboratively to improve teaching skills and the academic performance of students. Teachers around the world have started using Office 365 Groups to make collaboration within a PLC a lot simpler and more streamlined. PLC groups are typically formed around interest areas (e.g., 9th-grade math), grade levels (e.g., 10th-grade teachers) or across subjects (e.g., science teachers).

Here are some barriers to engagement with PLCs today that Office 365 Groups is addressing:

  • Teachers can be isolated, time is severely limited and collaboration is difficult.
  • Professional collaboration tools are disconnected and don‚Äôt always support meaningful, sustained collaboration.
  • A challenge for many PLCs is extending the work and relationships in the times and spaces between physically coming together.
  • It can be difficult for new teachers to ramp up.
    Information is often stored in personal spaces as opposed to one common place that can benefit others.
  • New members need to better understand the journey, story, exploration and history of a PLC, its activities and areas of inquiry.

The new Office 365 PLC groups include one place to collaborate effectively in a community of practice. Each group comes with a:

  • Inbox for group email communication, including Connector for connecting your group to Twitter and following topics or Twitter handles¬†that interest¬†your PLC¬†group.
  • Calendar for scheduling group events.
  • Document¬†library for storing and working on group files and folders.
  • OneNote notebook for taking project and meeting notes.
  • Planner¬†for organizing and assigning tasks and getting updates on project progress.

You can know more about PLC in the Microsoft announcement blog.

Posted in Office 365 Education | Tagged , , , , | Leave a comment