Re-create expired Client Secret for a SharePoint Addin

There are moments when PHA’s client secrets expire.
If you generated the ClientId and ClientSecret using the /appregnew.aspx, then the secret will expire in 1 year.
The script below removes the current secrets and creates new ones valid for max. 3 years.

#Requires -RunAsAdministrator
if (!(get-module MSOnline)) {install-module MSOnline} else {Write-Host "MSOnline module already installed"}
Connect-MsolService #use your Office 365 account
$clientID = "12345678-1234-1234-1234-1234567890AB" #replace this with your client ID
$keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId -ReturnKeyValues $true
Remove-MsolServicePrincipalCredential -KeyIds @($keys[0].KeyId.Guid,$keys[1].KeyId.Guid,$keys[2].KeyId.Guid) -AppPrincipalId $clientId
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
Write-Host "The ClientID $clientID has the new Client Secret $newClientSecret"

 

Remove Yammer, Power Apps and Flow licenses from all users in Office365

There are organizations that don’t need or are not allowed to use certain services provided by Office365, such as:

  • FLOW_O365_P3
  • POWERAPPS_O365_P3
  • TEAMS1
  • ADALLOM_S_O365
  • EQUIVIO_ANALYTICS
  • LOCKBOX_ENTERPRISE
  • EXCHANGE_ANALYTICS
  • SWAY
  • ATP_ENTERPRISE
  • MCOEV
  • MCOMEETADV
  • BI_AZURE_P2
  • INTUNE_O365
  • PROJECTWORKMANAGEMENT
  • RMS_S_ENTERPRISE
  • YAMMER_ENTERPRISE
  • OFFICESUBSCRIPTION
  • MCOSTANDARD
  • EXCHANGE_S_ENTERPRISE
  • SHAREPOINTENTERPRISE
  • SHAREPOINTWAC

Bellow you may find a script that removes Yammer, Sway, Power Apps and Flow plans from all the licenses assigned to all the users in Office365.
Just fill in the $UndesiredPlans variable with plan names excerpts.

Connect-MsolService
#Get All Licensed Users
$users = Get-MsolUser | Where-Object {$_.isLicensed -eq $true}
$users.Count
$UndesiredPlans = "YAMMER", "SWAY", "FLOW", "POWERAPPS" #this assumes that the rest of the plans are desired within the license
#Loop through each user
foreach ($user in $users){
    Write-Host "Checking " $user.UserPrincipalName -foregroundcolor "Cyan"
    $CurrentSku = $user.Licenses.Accountskuid
    #If more than one SKU, Have to check them all!
    if ($currentSku.count -gt 1){
        Write-Host $user.UserPrincipalName "Has more than one license assigned. Looping through all of them." -foregroundcolor "White"
        for($i = 0; $i -lt $currentSku.count; $i++){
            #Loop through Each SKU to see if one of their services has the keywords inside
            $CurrentServicesInCurrentSKU = $null #make sure it's fresh for new content
            $CurrentServicesInCurrentSKU = $user.Licenses[$i].ServiceStatus.ServicePlan.ServiceName #get all the services
            #build an exact list of services to be disabled as defined in the current plan
            $CurrentServicesInCurrentSKUToBeDisabled = $null
            $CurrentServicesInCurrentSKUToBeDisabled = @()
            foreach ($UndesiredPlan in $UndesiredPlans){
                    if ($CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"){
                        $CurrentServicesInCurrentSKUToBeDisabled += $CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"
                    }
            }
            Write-Host "Disabling:" ([system.String]::Join(", ", $CurrentServicesInCurrentSKUToBeDisabled)) "from:" $user.Licenses[$i].AccountSkuId -ForegroundColor Green
            $NewSkU = $null
            $NewSkU = New-MsolLicenseOptions -AccountSkuId $user.Licenses[$i].AccountSkuid -DisabledPlans $CurrentServicesInCurrentSKUToBeDisabled
            Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $NewSkU
        }
    }
    #Otherwise, just disable the functionality from the only existing SKU.
    else{
        $CurrentServicesInCurrentSKU = $null #make sure it's fresh for new content
        $CurrentServicesInCurrentSKU = $user.Licenses.ServiceStatus.ServicePlan.ServiceName #get all the services
        #build an exact list of services to be disabled as defined in the current plan
        $CurrentServicesInCurrentSKUToBeDisabled = $null
        $CurrentServicesInCurrentSKUToBeDisabled = @()
        foreach ($UndesiredPlan in $UndesiredPlans){
                if ($CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"){
                    $CurrentServicesInCurrentSKUToBeDisabled += $CurrentServicesInCurrentSKU -like "*$UndesiredPlan*"
                }
        }
        Write-Host "Disabling:" ([system.String]::Join(", ", $CurrentServicesInCurrentSKUToBeDisabled)) "from:" $user.Licenses.AccountSkuId -ForegroundColor Green
        $NewSkU = $null
        $NewSkU = New-MsolLicenseOptions -AccountSkuId $user.Licenses.AccountSkuid -DisabledPlans $CurrentServicesInCurrentSKUToBeDisabled
        Set-MsolUserLicense -UserPrincipalName $user.UserPrincipalName -LicenseOptions $NewSkU
    }
Write-host "----------------"
}