1

A couple of years ago, we made a provisioning script which creates a unified group with PnPPowerShell. While there was no other way to disable the welcome message for new group members, we had to connect with Exchange and disable the welcome message with Exchange Online PowerShell using Set-UnifiedGroup -UnifiedGroupWelcomeMessageEnabled.

Due to changed requirements of the customer as a result of the status of the legacy auth at Microsoft, legacy authentication will no longer be available soon and should be disabled on our customer's environment asap.

And now the trouble begins. As we have an older environment with Exchange Online PowerShell V2 running on PowerShell 5, we can't connect with -ManagedIdentity but we would have to connect with a certificate to run the unattended script.

Now we encountered the next problem: according to this documentation at Microsoft Learn, the commandlet Set-UnifiedGroup will not work with app-only authentication for unattended scripts in Exchange Online PowerShell V2.

So we had a look into the MS Graph API documentation to update groups to find out if there is a property to achieve the disabling of the welcome messgae, but it seems that there is none.

Long story short, is there any way to update the group through an unattended script without legacy authentication, using Exchange Online PowerShell V2 on PowerShell 5? Upgrading PowerShell and the Exchange module would affect a bunch of other provisioning scripts where we are currently already able to connect with the -ManagedIdentity parameter.

MarcoK
  • 21
  • 4

1 Answers1

0

It seems to me that resourceBehaviorOptions property on group resource object is what you are looking for.

It specifies the group behaviors that can be set for a Microsoft 365 group during creation. This can be set only as part of creation (POST) (New-MgGroup powershell cmdlet).

One of possible values for resourceBehaviorOptions is WelcomeEmailDisabled. If the value is specified then welcome emails are not sent to new members.

Example:

Import-Module Microsoft.Graph.Groups

$params = @{
    Description = "My new group"
    DisplayName = "Groupxxx"
    GroupTypes = @(
        "Unified"
    )
    MailEnabled = $true
    MailNickname = "library"
    SecurityEnabled = $false
    ResourceBehaviorOptions = @(
        "WelcomeEmailDisabled"
    )
}

New-MgGroup -BodyParameter $params
user2250152
  • 14,658
  • 4
  • 33
  • 57
  • 1
    You can only set the `resourceBehaviourOptions` when creating the group via Graph. But then, no teams team will be created, according to the [official documentation](https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=powershell). After some experiments and reading lots of documentation, we decided to authenticate with a certificate because there would be no need to install and use additional modules, upgrade existing ones or to change the code at all, just the "connect" method. – MarcoK Jan 23 '23 at 12:09