Backup your Entra ID configuration, zip the output and move to a Team or network share with PowerShell

I came across a blogpost over at https://o365reports.com on how to backup your Entra ID configuration.

The EntraExporter tool is a nifty PowerShell module designed to export details of an Entra ID tenant's configuration. It generates JSON files containing information on various objects within the tenant, such as groups, policies, and users.

This tool is useful for capturing point-in-time snapshots of an Entra ID (Azure AD) configuration, which can be invaluable for restoration or analysis purposes. Although it does not support replaying data to recreate objects, having detailed information on hand provides a solid foundation for any necessary recovery operations.

The EntraExporter tool represents a significant step forward in managing and backing up Entra ID configurations, streamlining the process for administrators and IT professionals.

You can find the tool here: entra-exporter-tool-effortlessly-backup-microsoft-entra-id-configurations

The tool itself creates a lot of files and folders depending on the size of the tenant.
To makes this easier to manage and backup I created a script to write to a temp folder, compress all the output files and move the file to a Teams or file share location.

And here it is:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

# Install-Module EntraExporter -Scope AllUsers -Force # https://o365reports.com/2023/08/24/entra-exporter-tool-effortlessly-backup-microsoft-entra-id-configurations/ $Module=Get-InstalledModule -Name EntraExporter if($Module.count -eq 0) { Write-Host EntraExporter module module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install the EntraExporter module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module -Name EntraExporter -AllowClobber -Scope AllUsers -Force } else { Write-Host EntraExporter module is required.Please install module using Install-Module EntraExporter cmdlet. } } Import-Module -Name EntraExporter Connect-EntraExporter -TenantId yourtenantid Get-MgOrganization # Get the current date $currentDate = Get-Date -Format "yyyy-MM" # Change to working dir CD "C:\Temp" $DestinationPath = "C:\Temp" $MoveToPath = "C:\Users\Username\Company\Microsoft Entra\Backup\Entra-Export" # Create a folder with the current date $folderPath = Join-Path -Path $DestinationPath -ChildPath $currentDate # Check if the folder already exists if (-not (Test-Path $folderPath)) { New-Item -ItemType Directory -Path $folderPath Write-Host "Folder '$currentDate' created successfully." } else { Write-Host "Folder '$currentDate' already exists." } Export-Entra -Path "$folderpath" -All $compress = @{ Path = "$folderPath" CompressionLevel = "Optimal" DestinationPath = "$folderPath.zip" } Compress-Archive @compress Move-Item -Path "$folderPath.zip" -Destination $MoveToPath Remove-item $folderPath -recurse -Confirm:$false

Adding a SharePoint Site Administrator Group to all Sites

In this blog post, we're talking about a PowerShell script designed to add a group as site collection administrators across all SharePoint Online sites.

Let's break down the PowerShell script:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

# Tenant name $TenantUrl = "https://yourtenant-admin.sharepoint.com/" # Get the group ID for the Entra ID group you want to add $Group = "C:0t.c|tenant|99033653-dxch-4912-83sw-e90117886144" # Connect to Sharepoint Online Admin site Connect-SPOService -Url $TenantUrl # Get all Sharepoint sites $SPOSites = Get-SPOSite # Add the group to all sites foreach ($SPOSite in $SPOSites) { Set-SPOUser -Site $SPOSite.Url -LoginName $Group -IsSiteCollectionAdmin $true -WarningAction Stop Write-Host "Added group $Group as Site Collection Administrator to $($SPOSite.Url)" }

After this all users added to the group you specified are added as a site collection admin

Of course this can also be done with individual users:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

# Tenant name $TenantUrl = "https://yourtenant-admin.sharepoint.com/" # Add a single user as siteadmin to all SPO sites $User = "username@domain.com" # Connect to Sharepoint online Connect-SPOService -Url $TenantUrl # Get all Sharepoint Online sites $SPOSites = Get-SPOSite # Add the user to all sites foreach ($SPOSite in $SPOSites) { Set-SPOUser -Site $SPOSite.Url -LoginName $User -IsSiteCollectionAdmin $true }

Adjust the following values in the Script:

1. $TenantUrl: Specifies the URL of the SharePoint Online admin site.

2. $Group: Represents the unique identifier of the group (in this case, "Entra ID group") to be added as a site collection administrator.

And there you go, now you can easily switch admins and site admins within all your SharePoint Online sites within one group.

Or add a single user in a fast and consistent way.