In Part 1 I went through installing an OWA manifest file either through the ECP, or via the Exchange Management Shell that wasn't part of the Office Store. In this part I wanted to cover how to push an App out to selected users as well as scripting deployment .
Restricting Apps to a Distribution Group via 'SpecificUsers'
1. Get the Distribution Group, and then in the Exchange Management Shell run the following
Get-DistributionGroup "Group Here"
Get-DistributionGroup "Group Here"
2. Once you have confirmed the DL, run the following
$group= Get-DistributionGroupMember "All Users Security Group Name"
Note we have changed the command to "Get-DistributionGroupMember"
$group= Get-DistributionGroupMember "All Users Security Group Name"
Note we have changed the command to "Get-DistributionGroupMember"
3. To install the App to the the users in the DL run the following command
New-App –OrganizationApp –ProvidedTo SpecificUsers –userlist $group –DefaultStateForUser enabled –url "your manfiest XML file url here"
As mentioned in Part 1, if you want to force the app to be always enabled and disallow the users from disabling it you can set –DefaultStateForUser to –DefaultStateForUser AlwaysEnabled. Similarly if you want the app to be available but only enabled by the user you can set it to Disabled
Alternatively if you have the app already installed you can run:
Set-App –OrganizationApp –ProvidedTo SpecificUsers –UserList $group –DefaultStateForUser Enabled –Identity "App ID (GUID)"
This will change the state of the App to specific users and set it to enabled, again, modify –DefaultStateForUser as you so wish
New-App –OrganizationApp –ProvidedTo SpecificUsers –userlist $group –DefaultStateForUser enabled –url "your manfiest XML file url here"
As mentioned in Part 1, if you want to force the app to be always enabled and disallow the users from disabling it you can set –DefaultStateForUser to –DefaultStateForUser AlwaysEnabled. Similarly if you want the app to be available but only enabled by the user you can set it to Disabled
Alternatively if you have the app already installed you can run:
Set-App –OrganizationApp –ProvidedTo SpecificUsers –UserList $group –DefaultStateForUser Enabled –Identity "App ID (GUID)"
This will change the state of the App to specific users and set it to enabled, again, modify –DefaultStateForUser as you so wish
5. You will find the Distribution Group members now have the app, and all other users do not. There are other ways of selecting users however, we could have for example performed
"Get-Mailbox –OrganizationalUnit "DistinguishedName of OU" instead of "Get-DistributionGroupMember"
Therefore we could use "$users = Get-Mailbox –OrganizationalUnit "DistinguishedName of OU"
"Get-Mailbox –OrganizationalUnit "DistinguishedName of OU" instead of "Get-DistributionGroupMember"
Therefore we could use "$users = Get-Mailbox –OrganizationalUnit "DistinguishedName of OU"
Scripting via Powershell
So pushing an App out to specific users is great, but the delivery method doesn't take into effect new users joining the Distribution Group or Organizational Unit as well as users that are removed. For that we need to use a script. The below scripts can be used as a scheduled task, and will push the App out to the specific users required. One is for DL delivery and the other via OU. The only two I have so far needed.
#Install Office App to single Organizational unit
#SPECIFY OU DISTINGUISHEDNAME HERE
$users = Get-Mailbox -OrganizationalUnit "DistinguishedName of OU here"
$tenant = Get-OrganizationalUnit "DistinguishedName of OU here"
$tenantidentity = $tenant.name
$xmlmanifest = "URL to manfifest file"
#Start
Write-Host The total number of mailbox enabled users found for $tenantidentity is ($users).count -foreground yellow
New-App –OrganizationApp –ProvidedTo SpecificUsers –userlist $users –defaultstateforuser enabled –url $xmlmanifest
Write-Host Office App installation complete for $tenantidentity -foreground yellow
#Install Office App to for Distribution Group
#SPECIFY DISTRIBUTION GROUP HERE
$Group = Get-DistributionGroupMember "Security Group Name here"
$tenant = Get-DistributionGroup "Security Group Name here"
$tenantidentity = $tenant.name
$xmlmanifest = "URL to manfifest file"
#Start
Write-Host The total number of mailbox enabled users found for $tenantidentity is ($Group).count -foreground yellow
New-App –OrganizationApp –ProvidedTo SpecificUsers –userlist $Group –defaultstateforuser enabled –url $xmlmanifest
Write-Host Office App installation complete for $tenantidentity -foreground yellow
No comments:
Post a Comment