Since apparently I’m the go-to person for everything Graph-related in the company, a colleague asked me the other day how can we report on any channels that have the email functionality enabled and correspondingly gather their email addresses. Turns out it’s not that complicated – one call to fetch all Teams, then for each Team one more call to fetch all Channels. Information about any email addresses configured for the channel is returned in the default output, so no need to query anything else. Then, it’s just a matter of formatting the output.
I didn’t bother to ask why exactly they need the report, but just in case anyone else needs the same, I published the script over at the TechNet Gallery and GitHub. In addition, the script will also return any email addresses configured on the Team itself. Even the nasty SPO ones, which you might want to filter out. And, since all we do is iterate over each object and fetch some properties, as an added bonus you can use the script to generate a report of all Teams and channels in the company. Simply add any other properties you deem important to the output. Speaking of which, here’s how the output looks like for a Demo tenant:
Now for the obligatory explanation on how the script works. Since we are doing Graph calls via PowerShell, we need few things configured first. Most importantly, an Azure AD application with sufficient permissions to enumerate all Groups (yes, Groups) in the tenant. The Group.Read.All scope should suffice. Get the AppID and client secret for the app and populate them in the corresponding variables at the beginning of the script. Do the same for your tenant ID. Lastly, point to a version of Microsoft.IdentityModel.Clients.ActiveDirectory.dll installed on your system, the one that comes with the AzureAD module should do fine. If you need more help with setting this up or want to better understand the concepts involved, this article is a good starting point.
Hi,
Thanks for publishing this, and four years later I´m running into challenges.
I´m not running the full script, instead I´m using Graph explorer as a account with Group.Read.All permissions and the groups part of the script works fine when I run it manually:
https://graph.microsoft.com/beta/groups?$top=999&$filter=resourceProvisioningOptions/any(x:x eq ‘Team’)&$select=id,displayName,mail,proxyAddresses,resourceBehaviorOptions,resourceProvisioningOptions,visibility
However, when I´m manually and randomly selecting one of the returned groups and are trying to get the channel info from that specific group using::
https://graph.microsoft.com/v1.0/teams/abcd1234-56gh-7890-andmore-andsome-more/channels
I´m faced with a 403 error: “Failed to get license information for the user. Ensure user has a valid Office365 license assigned to them”
Indeed, my admin account does not have a license assigned, but that would also be the case when running the full script in the context of an application with group.read.all permissions so how can this work at all?
When running the script with application permissions, license requirements to not apply. If you run it as a user/delegate permissions, you need to make sure you’re added to each and every team/group you want to cover, even if you have admin roles assigned. Best go with application permissions if possible.
Hi there!
thank you so much for this script. I was looking for something like this for a long time. I managed to run the script but, it’s giving the first 100 teams results only.
Is there any limitation?
Regards,
Rahul
It’s a simple proof of concept script, it doesn’t do paging, so it only returns the first set of results.