SCCM Rookie

Home » Azure, Powershell, Teams, » Powershell Script to retrieve Teams/Exchange Policies

Powershell Script to retrieve Teams/Exchange Policies

Monitoring policy assignments in Microsoft Teams can be challenging as your organization grows. To simplify this, I’m sharing a professional PowerShell script that generates a comprehensive report (both CSV and HTML) of all major Teams policies assigned to your user accounts.

Note: You must have the MicrosoftTeams and ExchangeOnlineManagement modules installed and connected before running this script.

The PowerShell Script

This script fetches all Teams users, identifies their specific policy assignments (Messaging, Meeting, App Setup, etc.), and highlights whether they are using a custom policy or the "Tenant Default".

# ReportTeamsPolicyAssignments.PS1
# Generate a report about major Teams policies assigned to user accounts
# Source: Office365itpros GitHub

$ModulesLoaded = Get-Module | Select-Object Name
If (!($ModulesLoaded -match "MicrosoftTeams")) {Write-Host "Please connect to the Microsoft Teams module and then restart the script"; break}
If (!($ModulesLoaded -match "ExchangeOnlineManagement")) {Write-Host "Please connect to the Exchange Online management module and then restart the script"; break}

[array]$Users = Get-CsOnlineUser -ResultSize 5000

# Filter the set to get Teams users
$Users = $Users | Where-Object {$_.InterpretedUserType -eq "PureOnlineTeamsOnlyUser" -or $_.InterpretedUserType -eq "PureOnlineTeamsOnlyUserFailedPublishingToAAD"} | Sort-Object DisplayName

If (!($Users)) {Write-Host "No users found - exiting"; break }

$Report = [System.Collections.Generic.List[Object]]::new()

# Process each user to fetch their policy assignments
ForEach ($User in $Users) {
    $TenantDefaultString = "Tenant Default" 
    $TeamsMeetingPolicy = $TenantDefaultString
    $TeamsMessagingPolicy = $TenantDefaultString
    $TeamsAppSetupPolicy = $TenantDefaultString
    $TeamsAppPermissionsPolicy = $TenantDefaultString
    $TeamsEncryptionPolicy = $TenantDefaultString
    $TeamsUpdatePolicy = $TenantDefaultString
    $TeamsChannelsPolicy = $TenantDefaultString
    $TeamsFeedbackPolicy = $TenantDefaultString
    $TeamsLiveEventsPolicy = $TenantDefaultString

    If ($User.TeamsMeetingPolicy) {$TeamsMeetingPolicy = $User.TeamsMeetingPolicy}
    If ($User.TeamsMessagingPolicy) {$TeamsMessagingPolicy = $User.TeamsMessagingPolicy}
    If ($User.TeamsAppSetupPolicy) {$TeamsAppSetupPolicy = $User.TeamsAppSetupPolicy}
    If ($User.TeamsAppPermissionPolicy) {$TeamsAppPermissionsPolicy = $User.TeamsAppPermissionPolicy}
    If ($User.TeamsEnhancedEncryptionPolicy) {$TeamsEncryptionPolicy = $User.TeamsEnhancedEncryptionPolicy}
    If ($User.TeamsUpdateManagementPolicy) {$TeamsUpdatePolicy = $User.TeamsUpdateManagementPolicy}
    If ($User.TeamsChannelsPolicy) {$TeamsChannelsPolicy = $User.TeamsChannelsPolicy}
    If ($User.TeamsFeedbackPolicy) {$TeamsFeedbackPolicy = $User.TeamsFeedbackPolicy}
    If ($User.TeamsMeetingBroadcastPolicy) {$TeamsLiveEventsPolicy = $User.TeamsMeetingBroadcastPolicy}

    # Output a report line
    $ReportLine = [PSCustomObject][Ordered]@{  
        User                         = $User.DisplayName
        UPN                          = $User.UserPrincipalName
        "Messaging Policy"           = $TeamsMessagingPolicy
        "Meeting Policy"             = $TeamsMeetingPolicy
        "App Setup Policy"           = $TeamsAppSetupPolicy
        "App Permissions Policy"     = $TeamsAppPermissionsPolicy
        "Enhanced Encryption Policy" = $TeamsEncryptionPolicy
        "Update Policy"              = $TeamsUpdatePolicy
        "Channels Policy"            = $TeamsChannelsPolicy
        "Feedback Policy"            = $TeamsFeedbackPolicy
        "Live Events"                = $TeamsLiveEventsPolicy
        "InterpretedUserType"        = $User.InterpretedUserType
    }

    $Report.Add($ReportLine) 
}

$CSVOutput = "c:\temp\TeamsPolicyAssignments.CSV"
$ReportFile = "c:\temp\TeamsPolicyAssignments.html"

# Create the HTML report
$OrgDisplayName = (Get-OrganizationConfig).DisplayName
$CreationDate = Get-Date -format g
$Version = "1.0"

$htmlhead="<html><style>
    BODY{font-family: Arial; font-size: 8pt;}
    H1{font-size: 22px; font-family: Verdana,Arial,Helvetica,sans-serif;}
    TABLE{border: 1px solid black; border-collapse: collapse; font-size: 8pt;}
    TH{border: 1px solid #969595; background: #dddddd; padding: 5px; color: #000000;}
    TD{border: 1px solid #969595; padding: 5px; }
    </style><body>
    <div align=center><h1>Teams Policy Assignment Report</h1>
    <h2>For the $OrgDisplayName organization</h2>
    <h3>Generated: $CreationDate</h3></div>"

$htmlbody1 = $Report | ConvertTo-Html -Fragment
$htmltail = "<p>Number of Teams users found: " + $Users.Count + "</p></body></html>"

# Generate the HTML file
$htmlreport = $htmlhead + $htmlbody1 + $htmltail
$htmlreport | Out-File $ReportFile -Encoding UTF8

Write-Host "All done! Report available at $ReportFile"
$Report | Export-CSV -NoTypeInformation $CSVOutput

Key Features of the Report

This script is particularly useful for audits because it covers:

  • Messaging & Meeting Policies: Ensure users have the correct permissions for chat and calls.
  • App Management: Verify which App Setup and Permission policies are active.
  • Compliance: Check Enhanced Encryption and Channels policies across the tenant.
IT Pro Tip: Run this script monthly and store the HTML reports in a secure SharePoint folder to maintain a historical record of your Teams governance state.