Thursday, November 22, 2018

Using Office 365 Groups PowerShell to manage Power BI Workspace members

Imagine the following scenario:
As the IT admin for an organization Office 365 management is part of your job.
You're introducing Microsoft Teams in the organization and people are getting enthusiastic, requesting loads and loads of new Microsoft Teams sites.

Power BI workspaces are used to create and share Power BI reports. Every Power BI workspace is creating an Office 365 group and every Office 365 group is creating a Power BI workspace. What a fantastic happy connected Microsoft Cloud world we live in... When everything stays connected and works that is..

I'm not sure how the Office 365 group was initiated.. via the Power BI workspace or via the Teams site. I do know I didn't want to be a team owner anymore. As an admin I guided the team, provisioned their team one-note, plan etc. Now the team started communicating and @mention the group name. I'm receiving team related as an administrator, the time had come to 'leave the team'. (Teams function in member management). This action triggers some Microsoft internal workflows and eventually it will remove my full membership from the Office 365 Group. This was no problem for me until one (Monday) morning I receive an incident: "The Power BI dataset is not refreshing".

No worries mate! I'll quickly login to the Power BI workspace and investigate the issue, maybe even trigger the refresh manually. Not! Because I left the Teams Team and lost the Office 365 Groups membership I was no longer part of the Power BI workspace members, result: Unable to find or manage the workspace. Of course there is the Office 365 groups management from the Azure AD portal. Quickly find the group, add myself as owner and wait. Wait a bit longer, wait several hours and surely after 2.5 hours I can see the teams team again. Unfortunately I still can't see the Power BI workspace. Trying to add/ remove myself again (as owner of the group), nothing works. My colleague who still is a member of the workspace sees my account listed as 'admin'! But I can't see/ access the workspace. When he sends me the link I get an access denied!

24 hours later, still no access and I need to think of something. Something clearly doesn't function in the inner workings of the Office 365 Groups Permission management, updating the Groups connected objects like Teams, PBI workspaces etc. etc.
I decide to use the Groups PowerShell module to execute the same permission change as I tried to execute in the Azure AD portal. Groups management is done via the Exchange Online PS module so I create a connection:

1: $UserCredential = Get-Credential

2: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

3: Import-PSSession $Session -DisableNameChecking

Then using the Add-UnifiedGroupLinks command I try to add myself as an Owner of the group, I receive a error: 

PowerShell indicates I'm not listed in the group membership at all! AND I first need to add myself as a member before I can be added as an owner. I know this works the same way in Teams but the Azure AD Portal does not warn about this at all. It allows you to immediately add an account as owner of the group. This might be the reason why it's not functional from the Azure AD Portal?!

Surely, a few minutes after executing the PowerShell comands above I gained full access to the Power BI workspace and am able to help them out again! (Unfortunately this also means I'll be receiving the Teams @mention group-name again.. Need to figure out how I can fix that :)

No comments:

Post a Comment