In my recent post about managing change in Office 365 I talked about the role of Message Center notifications in keeping you up to date with changes occurring in the cloud. One of the weaknesses of the Message Center is the lack of email notifications, requiring admins to visit the Office 365 admin portal regularly to keep up with new messages. That’s not very convenient since many admins rarely visit that portal, either due to an infrequent need to perform the tasks that portal makes available (such as license management), or because they’ve done the right thing and automated most of those tasks.
For me personally, email notifications are a must. I prefer sitting at my desk in the morning and scanning through a series of email reports telling me the most important things I need to know, or looking at a single monitoring dashboard to see them, rather than logging into a bunch of different portals to find alerts. The lack of Message Center notifications has bothered me for a long time, and so for the last few months I’ve been using a PowerShell script to check the Message Center every day and email me a digest of new or changed messages.
As I prepared to release the script publicly, my co-author Tony Redmond showed me a Message Center digest email that he’d received for his Office 365 tenant directly from Microsoft. It seems that Message Center email notifications are going to be available, although there’s no mention on the Office 365 road map, and the functionality hasn’t appeared in any of my own tenants yet. As such, I figure I may as well share the script I’ve already written, in case the roll-out to other tenants is slow, and because my script can be scheduled to run as often as you like, whereas the Office 365 email seems to only be a weekly notification.
Installation
This script has a dependency on the following functions and modules:
To install the script:
- Add the New-StoredCredential & Get-StoredCredential functions to your PowerShell profile
- Install the O365ServiceCommunications module:
PS> Install-Module -Name O365ServiceCommunications
- Download the latest release from the TechNet Script Gallery.
- Unzip the files to a folder on the workstation or server where you want to run the script.
- Rename Get-MessageCenterDigest.xml.sample to Get-MessageCenterDigest.xml
- Edit Get-MessageCenterDigest.xml with appropriate email settings for your environment. If you exclude the SMTP server, the script will send the report email to the first MX record for the domain of the To address.
- Create a new stored credential by running New-StoredCredential
- Run the script using the usage examples below.
The script will store information about the Message Center messages for a tenant in a file named MessageCenterArchive-tenantdomain.xml, located in the same folder as the script. The first time you run the script, all messages will be reported as “New”. On subsequent runs, the script will use the previous results to determine which messages are new or changed since the last time the script was run. If you delete the XML file or move the script to a different folder, it will report all messages as new again.
If there are no new or changed messages in the Message Center, then no email is sent.
Usage Examples
Run the script in a PowerShell console.
.\Get-MessageCenterDigest.ps1 -UseCredential admin@tenantname.onmicrosoft.com
Run the script with verbose output.
.\Get-MessageCenterDigest.ps1 -UseCredential admin@tenantname.onmicrosoft.com -Verbose
Run the script with manual SMTP settings that override the Get-MessageCenterDigest.xml configuration.
.\Get-MessageCenterDigest.ps1 -MailFrom reports@contoso.com -MailTo you@contoso.com -MailSubject "Your custom subject" -SmtpServer mail.contoso.com
Run the script, suppressing the email report, and generating a HTML file instead.
.\Get-MessageCenterDigest.ps1 -UseCredential admin@tenantname.onmicrosoft.com -NoEmail
Scheduled Task
You can run the script as a scheduled task as often as you need it to check for new messages. Mine runs daily at 6:45am so that the report is waiting for me when I get to my desk. My scheduled task settings are:
- Run whether use is logged on or not (the user account you use for the scheduled task must be the same as the user you were logged on with when you generated the stored credentials, otherwise the stored credentials can’t be decrypted)
- Action: Start a program
- Program: powershell.exe
- Arguments: -file “D:\Scripts\Office365-Message-Center-Digest\Get-MessageCenterDigest.ps1” -UseCredential admin@tenantname.onmicrosoft.com
If your Office 365 tenant is already receiving the weekly email digests from Message Center, and you’re happy with it, then you probably don’t need this script. Otherwise, please feel free to try this script for yourself, and if you have any questions or feedback please leave a comment below.
Hi Paul ,
Can you please suggest powershell command to remove weekly email digest, emails for major updates, emails for data privacy messages for a user who has admin privileges.
is the api closed/deprecated ???
Invoke-RestMethod : The remote name could not be resolved: ‘api.admin.microsoftonline.com’
At C:\Program Files\WindowsPowerShell\Modules\O365ServiceCommunications\1.5.12\functions\New-SCSession.ps1:60 char:22
+ Cookie = Invoke-RestMethod @Splat | Select-Object -Expand …
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Invoke-RestMethod : The remote name could not be resolved: ‘office365servicehealthcommunications.cloudapp.net’
At C:\Program Files\WindowsPowerShell\Modules\O365ServiceCommunications\1.5.12\functions\Get-SCEvent.ps1:79 char:3
+ Invoke-RestMethod @Splat | Select-Object -ExpandProperty Even …
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Hi Paul
Thank you for the script it worked like beauty.
My Concern is, -PastDays Parameter not working in the program. If I tried “Get-SCEvent -SCSession $Session -PastDays 7” its generating only 7 days results. However if I added the -PastDays in your script its not considering it. Its genrating the reports from 2018 April.
Any thoughts.
Great script Paul. I managed to get this run successfully.
.\Get-MessageCenterDigest.ps1 -UseCredential admin@tenantname.onmicrosoft.com -NoEmail
however no HTML file is generating instead. Please could you point me in rights directions where
i would be able to output html file .
Thanks for your helps
Patrick
Great script Paul. I managed to get this run successfully. One thing i feel not working is the update. I am running the script twice around the same time. I expect the second output as null, but I still get old updates as new changes. Is there any way to get only the recent updates after the last run.
This script is working without any issues. Thank you a lot for saving my time. i am gettting service unavailable for API https://api.admin.microsoftonline.com/shdtenantcommunications.svc for some times. Does any one having information when Microsoft is going to retire this API https://api.admin.microsoftonline.com/shdtenantcommunications.svc.
I followed all steps and it worked like a charm!
And the most interesting: I discovered New-StoredCredential and Get-StoredCredential functions, really useful for many other admin tasks.
Thanks for your help,
David
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Glad you liked it David, thanks for the feedback.
Pingback: Important Change to Intune Device Compliance Policies
Pingback: Managing Change in Office 365
Pingback: Nova experiência de login no Office 365 para usuários finais – Office 365
I’m getting the digests, but that’s not enough. I wish Microsoft offered a simple Flow recipe. Whenever there’s a new message, email it to me or post it on Yammer for my admins and I to discuss.
Is it possible to set this up to send mail to several users when a report is created?
Is it as easy as just to add another line in the XML for each additonal users that wants to recieve the digest?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Create a distribution group. Add the SMTP address of the distribution group to the XML file.
Hi Paul,
Do you know, how to disable the feature
?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
If you’re receiving the weekly digest from Office 365 itself, you need to login to the admin portal with your admin account, go to Message Center, and look for the link to set your Message Center preferences. There’s an option to disable the digest email there.
Thanks a lot for your reply.
That’s the issue, the setting to disable the digest email not working, although it is switched Off. this still keeps on working.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
One digest will be sent per admin account. So if your email address is the secondary/backup email for another admin account, you’ll get that account’s digest email as well. Look at the email addresses that the digest is being sent to so that you can identify which admin account it is for. I had to turn of 3-4 of them per tenant.
Hi Paul,
The script is able to create the XML file, but it fails to send the email. When I run it in verbose mode, it says: “WARNING: No credentials are available in the security package”.
VERBOSE: There were 31 new messages.
VERBOSE: There were 0 changed messages.
VERBOSE: There were 0 unchanged messages.
VERBOSE: Writing current events to XML file.
WARNING: No credentials are available in the security package
VERBOSE: Email report not sent.
Thanks.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Are you running it with the same account you used to create the stored credential?
Paul,
Sorry for taking so long to reply. I got side-tracked and it took me a bit to get back to looking at this. Your question pointed me in the right direction. Yes, I was running it with the same account I used to create the stored credential, but that account was not a domain account. I got it working now. Thanks a bunch.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Glad to hear it.
Oh you legend! I’ll give this a try tomorrow.