IT

PowerShell – Getting M365 Tenant ID From Domain List

It’s been a while since I’ve broken out PowerShell to solve a problem, but a scenario came up where I thought I could automate something I needed to do – look up a bunch of Microsoft 365 Tenant IDs based on domain names. Here’s how I tackled it:

First, I actually had a list of email addresses and just wanted the domain of each one. The list was in Excel so that’s easy enough – using the Text to Columns feature I selected the data, used the ‘Delimited’ option under Original data type then pressed Next:

Then on the next step, changed the Delimiters from the default ‘Tab’ to ‘Other’ and put the @ symbol on, and as you can see in the Data preview it takes the alias off the email address for the first column, and leaves the domain in the second:

Clicking ‘Finish’ gave me a column full of domains. From this, I created a header for each row (alias and domain):

And then in Excel went to File > Save As > and called the file ‘addresses’ while picking CSV from the dropdown:

Easy enough. From here, I knew I’d need to feed this data into PowerShell using the Import-CSV command, but first I wanted to work out what the one liner command was to get a M365 Tenant ID…. except I couldn’t find one. All the examples were how to find your own M365 Tenant ID after authenticating. I knew it was public and easily accessible since sites like https://whatismytenantid.com/ work great but only accept one domain at a time.

I ended up finding a Function written by Daniel Bradley which was fairly simple and using an API, with the core of it being this one line:

Invoke-RestMethod -UseBasicParsing -Uri "https://odc.officeapps.live.com/odc/v2.1/federationprovider?domain=$domain"

Swapping the $domain variable with an actual domain and piping to just selecting tenantid

Invoke-RestMethod -UseBasicParsing -Uri "https://odc.officeapps.live.com/odc/v2.1/federationprovider?domain=microsoft.com" | select tenantid

tenantId
--------
72f988bf-86f1-41af-91ab-2d7cd011db47

Alright, we should be able to put this all together. Set the $file variable as the imported CSV file, then for each domain record run the Invoke-RestMethod command using the current $record.

Except that didn’t work because I forgot the $record is the entire object and not just the domain membertype. To specify that, we just use $record.domain so the pure domain is used.

Except that didn’t work either and I don’t know why. Instead, I just made a new variable from the $record.domain and called that $newdomain, then referenced THAT in the Invoke-Restmethod line.

That did work, so I could then echo out the results of both the current $newdomain variable, and the newly looked up $result and again specifying the membertype of tenantid (as a bunch of other info gets looked up with that command).

I also then wanted to export this data back out to a new CSV, in this case one called ‘myfile.csv’. Again, I have to work around membertypes so just make a new variable containing the single tenantid line, and use the >> operator to create/append to a file:

$file = import-csv c:\temp\addresses.csv

foreach ($record in $file){
        $newdomain = $record.domain
    $result = Invoke-RestMethod -UseBasicParsing -Uri "https://odc.officeapps.live.com/odc/v2.1/federationprovider?domain=$newdomain"
$newtenantid= $result.tenantid
echo $newdomain $result.tenantid
"$newdomain,$newtenantid" >> c:\temp\myfile.csv
}

Works perfectly and I end up with a CSV that has a column of domains, and a column of Tenant IDs. If a domain had no Tenant ID then that value will be blank.

I’m sure this could be written better, but for quick occasional tasks for yourself, you just need something that works.

ChatGPT’s version of an Adam Fowler Blog Post

I’ve seen some chatter around generative AI being able to write in the style of writers. I’ve written a few things but didn’t really consider that these systems probably crawled my public data – I expected that some of it was being used in answers, but didn’t realise it’s also able to recognise and replicate my stylings.

As an example, I used the free tier of ChatGPT with the simple prompt:
“Can you write a blog post about the deprecation of WSUS based on the stylings of Adam Fowler?”

ChatGPT obliged:
Sure! Based on Adam Fowler’s style—informal, practical, and often addressing IT professionals directly with a mix of technical explanation and real-world experience—here’s a blog post about the deprecation of WSUS (Windows Server Update Services):

A ChatGPT Generated article proceeded. Reading it, it was definitely in my styling including my overuse of dashes, a conclusion at the end, starting a sentence with ‘So’ even though I know I shouldn’t do that, and trying to share a real world view. Except, the content itself is not what I would have written. I’ve added notes to the below; anything in brackets and italics are my editorial notes:


WSUS Deprecation: What You Need to Know (and What to Do Next)
by Your Name

So, it’s happening. WSUS (Windows Server Update Services) is officially getting the axe (ehh sort of, being announced as depricated as per the title with at least 10 years left I wouldn’t exactly call ‘getting the axe’, more of a ‘beginning of the end’). If you’ve been in IT long enough, you’ve probably had a love-hate relationship with WSUS—keeping it running smoothly can feel like a victory, but man, when it breaks… well, you know the pain (I wouldn’t make an implication like this without a real example as it sounds like I don’t really know what I’m talking about and covered it up). But with Microsoft slowly phasing out WSUS in favor (I’d write in Australian English but then my articles get posted by non-Australian companies so that’s probably fair) of more modern solutions, it’s time to face the inevitable: what does this mean for you and your organization?

Why Deprecate WSUS?

To be blunt, WSUS has been showing its age. The service, first introduced back in 2003, has become increasingly difficult to maintain (no it hasn’t, it’s stayed the same for so long!) and less capable of meeting the demands of modern environments (again it hasn’t, it pushes out updates from a central point still, you can even update VMs in Azure from WSUS), especially as organizations scale and update frequency skyrockets (no, update frequency has decreased. We get monthly rollups, yearly feature updates – this is much more organised and less frequent than old ways).

WSUS has always been prone to database corruption, content synchronization issues, and inconsistent reporting. It’s manageable, but only with the right amount of care and feeding—and plenty of frustrated late nights (late night work to me indicates work that can’t be done during the day, and WSUS can definitely be taken offline or worked on at any time). Plus, the lack of native support for cloud-based infrastructures makes WSUS feel a little like trying to use a flip phone in 2024 (we still have new flip phones like the Samsung Galaxy Z Flip 6).

Microsoft sees the future as cloud-first, and with tools like Windows Update for Business (WUfB) and Microsoft Intune, the writing was on the wall. If you’ve been dragging your feet on moving to a cloud-based update management solution, this is your nudge (or push) (I’d class it as a consideration rather than a nudge or push with WSUS being around for a long time still and being fine for those with an on-premises leaning).

What Are Your Alternatives?

1. Windows Update for Business (WUfB)

WUfB is the go-to recommendation from Microsoft for managing updates across devices, especially in modern environments where cloud integration is key. With WUfB, you can control when updates roll out to your devices and minimize downtime (you can do this with WSUS/Group Policy). Plus, you get the advantage of leveraging the vast cloud resources for faster deployments (I don’t know what’s faster about it, WSUS syncs at frequently as you want, as does the end devices and it’s faster to get the update from a local source than somewhere in the world) without having to babysit a local WSUS server.

The key to WUfB’s appeal is its simplicity and native integration with cloud-based tools like Microsoft Endpoint Manager (a.k.a. Intune). It’s perfect for organizations already committed to a hybrid or cloud-first model.

2. Microsoft Intune

For those who need more granular control over device management, Intune is the powerhouse. While WSUS focused just on updates, Intune goes beyond that, giving you full MDM (Mobile Device Management) capabilities. It also integrates seamlessly with WUfB, offering even more control over update policies while managing compliance, security, and configuration profiles—all from a single interface.

And if you’re worried about transitioning from an on-premise solution, don’t be. The cloud-native approach might be daunting, but Microsoft has made the tools easy to work with and deploy. Sure, there will be a learning curve, but the benefits of modern management are worth it. (I almost agreed with this entire section, but I’d say ‘may be worth it’ because there’s a lot to do to migrate to Intune and still doesn’t have feature parity with Microsoft Endpoint Manager, but also has new features that aren’t available on-prem).

3. Third-Party Tools

WSUS’s retirement might make you nervous about vendor lock-in, and that’s understandable. If you’re not fully on board with Microsoft’s ecosystem or want more flexibility, third-party patch management tools like PDQ Deploy, ManageEngine Patch Manager, or Ivanti offer robust alternatives (I know nothing about these solutions so hopefully they’re good ones??). These can sometimes (sometimes? either they do or they don’t) integrate with cloud services but still give you the local control WSUS provided. The added benefit is that some of these platforms are more reliable and easier to use than the aging WSUS (WSUS isn’t that hard to use in my opinion – there’s a reason (of many) it’s still around and widely used).

The Next Steps for IT Pros

If your WSUS server is still going strong (miraculously) (calm down, again if it was that bad nobody would use it), don’t panic. WSUS isn’t disappearing overnight, and Microsoft will likely support it with patches for a while (it’s not just likely, they have this documented and contractual obligations to support it for 5 + ~5 years). However, it’s clear they aren’t investing in any major updates (again it’s not just ‘clear’ they’ve annonced it’s deprecation and plainly said there will be no new features), so treating this as a “grace period” would be wise.

Here’s what you should do next:

  • Evaluate your environment: Is it hybrid, on-prem, or fully cloud? This will guide your next move. If you’re hybrid or cloud-first, consider WUfB and Intune. (and if you’re on-prem?)
  • Start testing now: Don’t wait until WSUS is completely dead to start playing with its replacements. Start small—pilot a group of devices using WUfB or Intune and see how the process goes.
  • Plan your migration: Migrating to cloud-based solutions like Intune might take some time, depending on your environment’s complexity. Start planning how you’re going to phase out WSUS without disrupting your business.
  • Keep an eye on security: Patch management is critical, and the last thing you want is to slack off during a transition period. Ensure that however you’re updating devices, it’s airtight from a security standpoint.

Conclusion: Don’t Wait Until It’s Too Late

We’ve all been guilty of sticking with what works—until it doesn’t. WSUS has had a good run, but it’s clear that its time is up (if you call at least 10 years left it’s time being up). If you want to avoid the panic of your patching system going belly up, the time to act is now (now = in the next 10 years, so no it’s not) .

Make a plan, test your options, and start transitioning. It’s going to be worth it when you’re no longer troubleshooting WSUS sync failures at 2 a.m. (This is very much my style making a callback to a previous comment in the closing line, but again get some sleep you don’t need to be troubleshooting WSUS sync at 2 a.m. – if WSUS breaks and there’s a zero day to get out, you can work around this in several other easy ways and before it gets to 2 a.m.)


What I’m trying to demonstrate in the above that although generative AI can match the stylings of someone, it doesn’t mean the views and information itself will also match. It will give you inspiration for a layout or an approach you could take in writing something, but you still have to read the contents thoroughly, adjust, and research items you don’t already know from your experience.

I thought I should check that it was basing it off me, rather than one of those other Adam Fowlers out there and it seems to have the right one (from my point of view anyway):

ChatGPT:
Does this style fit what you had in mind for a blog post in Adam Fowler’s tone?

Me:
yes but can you confirm which Adam Fowler this was?

ChatGPT:
This is based on Adam Fowler from Adelaide, Australia, who is an IT professional and well-known for his work in IT blogging, particularly around practical solutions and insights for IT management. His style is often informal, direct, and highly technical, aimed at helping IT administrators navigate complex changes in technology. Does that match your expectation?

Rolling out new Windows Versions Concepts

Windows 11 24H2 is slowly starting it’s rollout, and you might be wondering if you should update yet. Here’s some high level information to help you decide, control rollout, and be kept up to date with any issues. For those who haven’t needed to keep across how Windows Updates work, you might be wondering what would be difficult about it. Read on and learn :)

The starting point I’d recommend is https://learn.microsoft.com/en-us/windows/release-health/windows11-release-information which will show you Windows Servicing channels:

This will show you what the current Generally Available (GA) version of Windows is (there’s sections for Windows 11, Windows 10, and Windows Server) along with relevant dates. 24H2 has only been GA for a few weeks, which is quite early in it’s cycle. If you’ve overseen the rollout of Windows Updates before, you want to understand and be across any potential issues before even piloting.

Although this has changed a few times over the last few years, right now we see an annual feature update which upgrades the Windows version released in the second half of the year. Each feature update/version has 3 years of support for Enterprise, and 2 years for Home/Pro as you can see in the table above.

To understand currently known issues in a feature update, you can use the same section of Microsoft Learn to jump to the Version 24H2 > Known issues and notifications which is kept up to date with statuses and details:

You can also see this same information in the Microsoft 365 admin center under Health > Windows release health:

The content is the same on both – but I’d suggest going to the Microsoft 365 admin center version to at least turn on ‘Send me email notifications about Windows release health’ which is under the ‘Preferences’ button in the above screenshot. Once enabling, you can decide which versions of Windows you want to be notified of, and to what email addresses it should be sent to.

This will keep you across any new issues that may arise which is always useful information to know when managing a Windows environment.

Assuming you’re now ready to start testing, the rollout process starts with what tool you’re currently using for update management. You could be using:

Native Windows Update unconfigured – this may make sense for small companies that don’t really have any management in place, and you’re at the mercy of when Microsoft’s services decide your devices should receive the update. Microsoft uses a lot of telemetry and device information to make that call, for example if a driver is detected on the device that has a known issue, Windows Update may block or hold back the install.

Feature update methods:

Windows Server Update Services (WSUS) – which despite getting some news lately, will still be around for probably 10+ years. This is the on-premises way of having a central point to download Windows Updates and has many inbuilt controls that let an administrator decide how they want to roll things out, which can either be automated or manual.

Servicing Channels – These options let you choose which channel a device sits in, which by default the General Availability channel. Unless you have a LTSC edition of Windows, your only other option is the Insider Program which will get feature updates ahead of general availability. Might be good to have a VM around enrolled in the Insider Program to get things early and have a play.

Windows Update for Business / Autopatch – these products have recently been joined together, to provide a cloud based way of controlling what updates go to a device.

Whichever path you use, you should be incorporating Update Rings to stagger any update rollout and avoid any big bang issues from your entire fleet updating overnight and hitting a business-stopping issue.

To find out how your feature update rollout is going, each method has it’s own way of reporting:

Intune has inbuilt reports for feature updates which is the same way Autopatch does it

Windows Update for Business also has it’s own reports which has a few options on how to present, including via the Microsoft 365 admin center Software Updates > Windows area. Alternatively, you can create an Azure workbook.

WSUS has inbuilt reporting options that can be built based on your requirements and can be exported, and supports using APIs if you want to roll your own solution there.

I’ve tried to give a high level overview of what’s involved and considerations on rolling out Windows versions, there’s a lot to it and many points depend on your approach.

Office365Concepts also has a great video on covering Feature Update Policies in Intune and how it fits in the larger picture of updates generally:

I’d also recommend these two articles on the deprecation of WSUS:

https://oofhours.com/2024/09/24/microsoft-deprecated-wsus-should-you-care/

https://www.theregister.com/2024/09/23/microsoft_wsus_deprecation

Overview of Copilot in OneDrive Updates

As part of the Microsoft 365 Copilot Wave 2 changes, Copilot in OneDrive became available for all commercial customers on 8th October 2024. Let’s check it out and see what it can do.

When first logging onto https://www.office.com/onedrive I was greeted with two prompts, the notice that Copilot is now there, as well as the reminder that you need to verify the results that Copilot provides – just like any LLM AI.

From the front Onedrive page, I do see the Copilot icon as indicated:

Using a draft of an article I recently wrote on TechTarget – Microsoft Purview Audit helps IT flush out bad behavior, the Copilot icon shows the following options: Summarize, Create an FAQ, and Ask a question.

The Summarize option does as you’d expect, providing a less than 1 pager with key points that Copilot has found out from the document:

The ‘Ask a question’ button will break out a Copilot side window which will then provide answers based on the content of the document, and show the reference of the document itself as the source of the answers it generates:

‘Create an FAQ’ is quite a handy one-click option. I can see this being useful in many scenarios – any documentation being shared that could be a lot to take on, and the question/answer format can be a better way for people to absorb information compared to a summary.

If you select two files, Copilot in the top bar will have the option ‘Compare files’:

I made a copy of the above file and changed 3 words, let’s see if the changes are picked up when using the ‘Compare files’ option:

This is a good expectation setter. If you wanted to actually compare differences between two documents and see what’s exactly different, use Word’s native Compare option. Copilot on the other hand will give a summary. It’s picked up that there’s possibly minor differences in wording or formatting

If I make another copy of the original, make no changes, and run another ‘Compare files’, the results come back suggesting that the content is most likely identical:

I can see this contextual Copilot being useful when you target the file or files you want summarised, or want to ask questions about. Contextual questions relating to a project or a piece of work is where this would shine.

It’s still early days for Microsoft 365 Copilot, but it’s good to see the product’s feature set expand as we all learn what large language models can actually do and how they can help us be more efficient in our jobs and lives.

Note: After writing the above, I then found this article summarising similar content https://support.microsoft.com/en-au/office/get-started-with-copilot-in-onedrive-7fc81e10-e0cf-4da8-af2e-9876a2770e5d but did not read or use any of it for my own post. This link may be useful for communicating the changes to end users.

Three-Finger TrackPad Gestures on Windows

There’s several useful gestures you can use when you’re without a mouse and relying on a laptop’s touchpad. If you’re not on a touchpad all the time, you may not be aware of these methods of quickly performing functions – I know I wasn’t until I re-discovered one and then wanted to refresh myself on the lot!

Swiping down with 3 fingers will take you straight to the desktop, the same way WinKey + D does.

Swiping up with 3 fingers will bring back the minimised windows from the above command. If your windows are already on screen, you’ll instead see the task view (like holding alt-tab or pressing the task view button in the Windows bar) but it will stay on screen, so you can use 1 finger to move the cursor around to select the window you want.

Swiping left or right with 3 fingers will do the same as alt-shift-tab or alt-tab – toggling between open windows in the same direction you swiped.

There’s also a 4 finger gesture for those of you who use multiple desktops via the task bar – swipe left or right to switch between each one. If you don’t have a second desktop open then your whole screen will slide around a bit but it won’t do anything.

What’s even better is that these gestures are configurable in Windows 11. Under Settings > Bluetooth & Devices > Touchpad (which won’t show if you don’t have a Touchpad!) you’ll have a three-finger gestures section. The defaults are as I described above:

You can change these defaults so left and right switch desktops rather than apps:

Or if you’re not an app/desktop switcher, change the lot to control audio:

There’s also the option to change what the Three-finger tap does:

If you don’t like the out of the box options, you can go into the ‘Advanced gestures’ section and under ‘Configure three-finger gestures’ change it to any key combination you like:

And you can configure the 4 swipe directions to perform one of the listed functions:

If you’re like me and feel much less productive when using a trackpad compared to a proper mouse, then spend a bit of time looking at what you can do and change with three-fingered and even four-fingered gestures in Windows 11.