powershell icon indicating copy to clipboard operation
powershell copied to clipboard
verified publisher icon pnp

[FEATURE] Extend capabilities to get M365 tenant settings

Open tmaestrini opened this issue 6 months ago • 4 comments

Hello team

I am actually working on my easyGovernance project. In this context I'm often facing the fact that common M365 tenant settings cannot be retrieved via PnP.Powershell.

As I have implemented an "M365 admin center" connector in order to get:

  • common M365 tenant settings
  • common M365 security and privacy settings
  • common M365 org profile settings
  • common M365 licensing settings

(see https://github.com/tmaestrini/easyGovernance/blob/56-new-baseline-microsoft-teams/src/utilities/M365AdminCenter.psm1 for insights).

PnP.Powershell "only" provides access to SPO tenant settings, there's no way to make use of it for common M365 administration tasks (most probably because there's no officially documented API). My question is related to the common M365 settings: would you be interested to bring these M365 related capabilities into PnP.Powershell? I would bring them into the project.

Thanks for your feedback and best regards, Toby

tmaestrini avatar Sep 11 '25 21:09 tmaestrini

@gautamdsheth What do you think about my request?

tmaestrini avatar Sep 21 '25 10:09 tmaestrini

Are you able to try Set-PnPTenant ? Sets organization-level tenant properties which impact the entire tenant. https://pnp.github.io/powershell/cmdlets/Set-PnPTenant.html

There are a lot of settings available. Not sure if licensing is included.

Or - can look at the GRAPH PowerShell - perhaps that might include the settings you need ? https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/update-mgorganization?view=graph-powershell-1.0

kachihro avatar Sep 27 '25 11:09 kachihro

@tmaestrini - do you know if you some of these settings might be available via Graph API ? If so, we can get it to work. Quick googling tells me that we have some SharePoint settings via Graph, but not sure about others.

gautamdsheth avatar Oct 01 '25 18:10 gautamdsheth

Hi @gautamdsheth! To answer your question: I haven't tested enough yet to make a broader statement on Graph availability.

What I can say for sure (based on reverse engineering 😝) is that couple of settings requests …

  • use a proxy API that is based on Graph requests; see example: https://github.com/tmaestrini/easyGovernance/blob/5939a03e7a3220651103c47627e81a7b16406dd0/src/utilities/M365AdminCenter.psm1#L178
  • while others do rely on "internal" (and "undocumented") APIs; see example: https://github.com/tmaestrini/easyGovernance/blob/5939a03e7a3220651103c47627e81a7b16406dd0/src/utilities/M365AdminCenter.psm1#L85

Either Graph-based or "internal", from a M365 management perspective it would definitely be worth implementing according modules that bring up (as I've suggested in my initial post):

  • common M365 tenant settings
  • common M365 security and privacy settings
  • common M365 org profile settings
  • common M365 licensing settings

What's your opinion? What do you think?

tmaestrini avatar Oct 07 '25 14:10 tmaestrini