M365 Entra – Insufficient Privileges – You do not have access

If you have multiple M365 tenants you may encounter an issue when logging into Microsoft Entra. You may get errors such as “You do not have access.” or “Insufficient privileges to complete the option.” or “No subscriptions, You do not have any Azure subscriptions in the (tenant name) directory. Click here to switch to another directory” or “Error Code: 403. “You may see this occurs even when you log into M365 in a new browser or in incognito/private mode. Common sense would dictate this was a cookie or session issue, but the issue persists across browsers and sessions.

You Do Not Have Access Entra

To resolve, you’ll want to click the “Bell/Alert” icon in the upper left corner of the screen and “Click here” to switch. Or click the Account icon (usually your initials in the upper right corner of the screen) and choose “Switch Directory.”

Switch Directory

Now we will see a Portal Settings page with Directories and Subscriptions. Here we can switch to the tenant we want to manage. Do this by clicking the “Switch” button on the tenant we want to manage with Entra.

Portal Settings Directories Subscriptions

That should do it, let me know if you find a cause or reason for this issue occurring in the first place.

How to upload Office365 user Contact Information with Powershell and csv file

If you have employees who change phone extensions, names, departments, address, or titles a lot, HR or management may want to have this contact information data updated in Office365. Oftentimes these little changes can add up and we want to make a lot of changes in bulk with a single command. Instead of updating manually, we can make the changes to an Excel csv file and upload the changes all at once.

Ok in order to import/update the contact information for employees in the Office 365 tenant using a csv file and PowerShell, do the following:

Edit the attached CSV file with information that needs to be imported into O365. **Note: the UserPrincipleName and DisplayName columns are required.** FYI, screenshot below is how I exported the required data from O365 and copied the required columns into the attached file.

Export Users O365 Admin

Next, start a (hybrid) PowerShell session into your O365 tenant.

Run the following command, replacing the path in the script to the location of the .csv file on your computer.

Import-Csv "C:\Users\jcoltrin\Desktop\o365Users\contact_details_powershell_upload.csv" | foreach {Set-MsolUser -UserPrincipalName $_.UserPrincipalName -FirstName $_.FirstName -LastName $_.LastName -DisplayName $_.DisplayName -Title $_.Title -Department $_.Department -Office $_.Office -PhoneNumber $_.PhoneNumber -fax $_.fax -MobilePhone $_.MobilePhone -StreetAddress $_.StreetAddress -city $_.City -State $_.State -PostalCode $_.PostalCode -Country $_.Country

That’s it!

Solved – Office 365 Room Calendar Not Auto Processing or Accepting Meeting Requests

After having created a Resource Room in the Office365 Admin console (with an Enterprise E1 license,) you may find that meetings which are created in Outlook and which are sent, are not automatically processing and sending verification confirmations back to the person that created the event. Nor will new events populate the event in the new room’s Outlook calendar. In this case, there are a few things we can check to ensure the room behaves as intended.

  1. First, after creating the room, ensure that you, as an admin, are set as an owner of the room. Under O365 > Admin Center > Rooms and Resources > place a checkmark next to the room in question. Ensure that Allow repeating meetings and Automatic Processing is On. Then, click on Edit Exchange Settings:

2. In this example, we don’t use booking delegates. In the Exchange Settings for the new resource room, make sure Booking requests are accepted automatically. 

3. Edit the booking options, contact information, email address, and mailtip settings to your preferences and then click on Mailbox Delegation. Here, add yourself under Full Access so that we can go on to our next step.

4. Next, log into your own OWA admin Outlook online inbox. In Outlook, click your profile photo in the upper right corner and click “Open another mailbox.” Type the address of the room and open the webmail for the room.

5. Here you may see some emails of previous attempts to book events like the following with the error “Your calendar couldn’t be checked to see whether this event conflicts with other events.“:

6. This error lets us know that automatic processing is not working even though we have it set to “On” in our first step. Had the processing worked correctly, we wouldn’t even see this event email in the mailbox of the room in question. 

7. In the upper right corner, click the Gear icon, then under Your app settings, click Calendar.

8. In the calendar resource scheduling settings, ensure that under the scheduling options, “Automatically process event invitations and cancellations” is checked, and then click Save. 

9. In theory, these settings should be enough to get the calendar to auto process and verify, however, your results may vary. Test by creating a meeting event in outlook with the new room. When you send the meeting, you should receive a verification email in your inbox in less than a minute. If you don’t receive the verification, check the inbox of the calendar again. You’ll probably find more emails with the “Your calendar couldn’t be checked…” errors.

10. Time to open PowerShell and connect to your O365 Exchange. If you’ve enabled MFA (two-factor authentication) use the guide on how to connect to Exchange with Hybrid/Modern Authentication here. If you don’t use Modern 2FA authentication, use the following commands:

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange-ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

11. Run the following command to get the calendar processing conditions:

Get-CalendarProcessing -Identity "[email protected]" | Format-List

12. It’s helpful to first get a list of all calendar processing objects of a room that already works correctly to refer to when editing your new room’s permissions. If you don’t already have a room that you can reference, below is a list of my room that is not behaving normally:

13. Notice that ProcessExternalMeetingMessages is set to False. Let’s change this to True with the following command:

Set-CalendarProcessing [email protected] -ProcessExternalMeetingMessages $True

14. After making this and a few other changes displayed in the following screenshot, go ahead and try creating another test meeting and see if the autoprocessing behaves as it should. If you’re still having trouble, try referring to the screenshot below as an example, and use the “Set-CalendarProcessing” command to edit the values.

15. Once you successfully receive verifications and the calendar populates with events as it should, you may want to set the calendar to display the owner of the event and details of the event (rather than the event is listed in the calendar as only “Busy”.) To do so, follow the instructions I wrote in my article here

How to set an Office365 user Password to never expire with PowerShell

Occasionally we’ll be required to set a user account on Office365 to never expire. It’s not advisable to perform this action, as a compromised account who’s passwords never expires can be a liability. However, in some cases a utility account such as a scanner/copier or kiosk account may require a password that does not change. The following tutorial will show you how to set an Office365 password to never expire using PowerShell.

First, we’ll want to ensure that the account password is not already set to expire and we want to confirm it’s status. Using PowerShell we can get information about an Office365 user account password expiration status.

1. Connect to Microsoft Online Services with PowerShell by running the following commands:

Import-Module MSOnline
Connect-MsolService

2. Next, replace <UserID> with the user account (email address) of the user’s properties we want to get with the following command:

Get-MsolUser -UserPrincipalName <user ID> | Select PasswordNeverExpires

Our result should look like the following:

3. Because we get the message returned that the property PasswordNeverExpires = False, we want set it to $True and set the account password to never expire with the following command:

Set-MsolUser -UserPrincipalName <[email protected]> -PasswordNeverExpires $true

Again, change the <[email protected]> identifier to the email address of the account you want to change. Our result will not produce an output:

4. To verify the account password will no longer expire, we’ll run our first command again to see the result:

Get-MsolUser -UserPrincipalName <user ID> | Select PasswordNeverExpires

Our result should look similar to the following:

Because our PasswordNeverExpires property is now set to True, our task is complete. Disconnect from Office365 and close powershell by entering the command: exit.