Featured image of post Automating with PowerShell: Setting M365 Contact emails

Automating with PowerShell: Setting M365 Contact emails

I’ve been getting a bunch of questions lately about some of the standards in CIPP, so I figured this week I’ll blog about how some of them work in the background. CIPP tries to utilize Graph as much as possible to make changes to tenants and set them to a specific state.

This time we’ll discuss how we set the M365 contact emails. These contact e-mails are used for a bunch of stuff; the security emails are used for security advisories and issues, the technical email for issues inside the tenant such as Dirsync not working, marketing and general emails are mostly used for subscription information, like stuff expiring or renewing.

Setting these to a central e-mail can help you capture events. You’ll receive emails when there are problems with the compliance center, or things like that.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
$ApplicationId = 'AppID'
$ApplicationSecret = 'AppSecret'
$RefreshToken = 'RefreshToken'
#
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, ($ApplicationSecret | ConvertTo-SecureString -AsPlainText -Force))
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal

Write-Host "Connecting to the Graph API to get all tenants." -ForegroundColor Green
$Contractheaders = @{ "Authorization" = "Bearer $($graphToken.accesstoken)" }
$Customers = (Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/contracts?`$top=999" -Method GET -Headers $Contractheaders).value
foreach ($Customer in $Customers) {
    $ClientToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $Customer.customerId
    $headers = @{ "Authorization" = "Bearer $($ClientToken.accesstoken)" }
    Write-Host "Processing $($customer.DefaultDomainName)"
    $ConsentBody = @"
{
  "marketingNotificationEmails" : ["marketing@contoso.com"],
  "privacyProfile" :
    {
      "contactEmail":"alice@contoso.com",
      "statementUrl":"https://contoso.com/privacyStatement"
    },
  "securityComplianceNotificationMails" : ["security@contoso.com"],
  "securityComplianceNotificationPhones" : ["(123) 456-7890"],
  "technicalNotificationMails" : ["tech@contoso.com"]
}
"@
    (Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/organization/$($customer.customerId)" -ContentType "application/json" -Body $ConsentBody -Method PATCH -Headers $headers)

}

And that’s it! As always, Happy PowerShelling.

All blogs are posted under AGPL3.0 unless stated otherwise
comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy