Reporting

How to Delete Recurring Planner Tasks with PowerShell

July 30, 2025 by ClaytonT Leave a Comment

Are you using PowerShell and Microsoft Planner? I feel it doesn’t get the love it deserves, and to be honest, I hadn’t used PowerShell with Planner in a while, but wanted to get back into it. I first starting using the Microsoft.Graph.Planner and found some limitations that were possible if you used the Graph API directly. One of the things that stood out was you couldn’t call a Plan or Bucket by its real name, only by its ID. Yes, I could have added some logic to make it so, but realized that it also couldn’t remove recurring tasks. I thought it was going to be a quick fix, but found out hours later that wasn’t the case.. hence this post!

Let’s get into the process now.

First, we are going to go to planner.microsoft.cloud and click on the task you want or click on the plan, then on the task you want.

Once you are there you will find the ID in the URL

Below you will see in bold the “TaskId.” The “PlanId” is right after ‘plan/’. They will always be in these locations.

<https://planner.cloud.microsoft/webui/plan/1L__9CleiAwPwqMXDEPEALPQKPa9/view/board/task/1Peq3A7__1EXqot27RoV53QYBZuS?tid=26my427d-m317-83y1-63r0-4suv1pe421y8>

Next we will create a $TaskId variable, where you will put the TaskId inside of it

$TaskId = "1Peq3A7__1EXqot27RoV53QYBZuS"

Before we go farther, lets connect to Microsoft Graph (beta) with these scopes

Connect-MgGraph -Scopes 'Tasks.ReadWrite','Group.ReadWrite.All'

Then you’ll want to get the Task information and save it to the $Task variable to use later. This is important as this will store the ETAG value that you will need to delete the task, as this value changes anytime something changes with that task.

$task = Invoke-MgGraphRequest -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>"

Now here is the fun part, there is no way as of right now to delete a recurring meeting in one call. The best way I found to do it is to first cancel the recurrence then delete it. After doing more research I found later on that it does say you have to ‘$null’ out “Schedule” from Microsoft Learn. I figured it out the hard way when I was using “Developer Tools” to see the API requests it was doing on each click.

Let’s cancel the recurrence, first we have to build out the body to null out schedule and we do that like below.

$body = @{
    recurrence = @{
        schedule = $null
    }
} | ConvertTo-Json -Depth 3

After the body, we create the the “Header” for the request. We do that by below. This is very important because if you don’t Graph won’t know the exact task you are trying to change.

$headers = @{ 
    "If-Match" = $task.'@odata.etag'
    "Content-Type" = "application/json"
}

Now that we have TaskID, Body, and Header we can update(PATCH) the recurring task to a non recurring task.

Invoke-MgGraphRequest -Method PATCH -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>" -Body $body -Headers $headers

Perfect, you have canceled the recurring task and can now delete it. This may seem repetitive, but as of right now it’s the only way to do it. You have to get the task information again because it will now have a new ETAG, and will fail if you try to use the previous one.

$task = Invoke-MgGraphRequest -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>"

And we will have to put the updated ETAG in the header

$headers = @{ 
    "If-Match" = $task.'@odata.etag'
    "Content-Type" = "application/json"
}

We could have done this part in the beginning, but didn’t want to throw too much at you in the beginning, but here we will create the URI as a variable to make the API request shorter and easier to read.

$Uri = "<https://graph.microsoft.com/beta/planner/tasks/$taskId”>

The moment is finally here, where we actually get to delete the task…

Invoke-MgGraphRequest -uri $Uri -Method Delete -Headers $Headers

That’s it! Now go back to planner and confirm that is has been deleted.

Congrats on deleting your first recurring task! Below, I’ve put the whole script so you can see it all together and you can update the TaskId then run it to to delete recurring tasks.

If you’re interested in learning more about Planner and PowerShell, stay tuned as I may have some ideas to make using them together even easier.

$taskId = "1Peq3A7__1EXqot27RoV53QYBZuS"

$task = Invoke-MgGraphRequest -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>"

# Cancel the recurrence by setting schedule to null
$body = @{
    recurrence = @{
        schedule = $null
    }
} | ConvertTo-Json -Depth 3

$headers = @{ 
    "If-Match" = $task.'@odata.etag'
    "Content-Type" = "application/json"
}

Invoke-MgGraphRequest -Method PATCH -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>" -Body $body -Headers $headers

$task = Invoke-MgGraphRequest -Uri "<https://graph.microsoft.com/beta/planner/tasks/$taskId>"

$headers = @{ 
    "If-Match" = $task.'@odata.etag'
    "Content-Type" = "application/json"
}

$Uri = "<https://graph.microsoft.com/beta/planner/tasks/$taskId”>

Invoke-MgGraphRequest -uri $uri -Method Delete -Headers $headers

Let me know if you have any questions or feedback, have a great day!

Why does my 365 Admin Audit Log sometime say it’s disabled, but other times enabled? Am I being compromised?

July 16, 2025 by ClaytonT Leave a Comment

Let me first start this off with I’m 99% sure you aren’t being compromised, but read on to see what I mean.

I first ran into this when I was running Maester and I saw that it said my test failed for having Unified Audit Log enabled. I then went to my Purview Portal and saw that it was enabled. Next I ran the command:

Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled

And received this output:

UnifiedAuditLogIngestionEnabled : False

It got me worried, as why is the PowerShell version saying it failed, but the GUI isn’t. Honestly, I usually trust the PowerShell output before the GUI. Then I run the PowerShell command to set it to “True.”

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

And received this output:

WARNING: The command completed successfully but no settings of 'Admin Audit Log Settings' have been modified.

Are you scratching your head like I was? I thought, maybe it’s because on the portal it shows it’s enabled, it is seeing it there and not changing it. Why not put that in the warning message though?

I did a little research and found Audit Log Enable Disable | MSFT which is where this little gem is located

Important

Be sure to run the previous command in Exchange Online PowerShell. Although the Get-AdminAuditLogConfig cmdlet is also available in Security & Compliance PowerShell, the UnifiedAuditLogIngestionEnabled property is always False, even when auditing is turned on.

And that is when it clicks, I connect to ExchangeOnlineManagement first then IPPSSession which must be causing the issue! I then disconnect with “Disconnect-ExhangeOnline”, and reconnect using “Connect-ExchangeOnline.” Now for the moment of truth:

Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled

UnifiedAuditLogIngestionEnabled : True

Success! But now the “why does this happen and why haven’t more people reported this?” I asked my buddy Sam Erde, had he seen this before? And he was perplexed as I was. Then he started digging a bit, and saw that you couldn’t use -NoClobber as it is from the same module.

The crazy part is, if you export both versions, they are the exact same code! What could it be? Is it how the IPPSSession connects to the API? If so, why not put a message saying you are connecting with IPPSSession, please disconnect and use connect-exchangeonline?

The mystery still continues, but I know Sam is working on a fix to handle this more consistently and hopefully have a fix shortly!

Have you been burned by this before?

Cliff notes version:

You weren’t compromised (unless you see it being changed in the logs and/or you ensure you are checking it correctly)
Make sure when checking for AuditLog is enabled through PS that your not using IPPSSession for the command
Sam Erde is working on a fix for Maester

Hope this saves you some headaches and have a great day!

Custom Maester Tests: Validate Full Addresses Now and Cleaned Up Wording

February 7, 2025 by ClaytonT Leave a Comment

Added 3 new tests which I think the first two will be game changers. The first 2 are tests for validating locations, in which the user must have street, city, state, postal code, country, business phone, and company name the same as the valid location in the json. If you have 3 different addreses that your company uses, you can put each in there, and they are seen as 3 different addresses so it will only pass the location test if they have all the correct values for 1 location. The 2nd test is the same as the first, but I removed business phone in case your company doesn’t have standard for it for all employees. The last test is formatting for user email accounts that should be formatted as all lower case and its first name period last name. Also I cleaned up some of the wording in all the different tests to keep them as similar as possible. Feel free to change in your tests though!

ENTRA.UV.1010.L01 – All location information

Test-ContosoUsersAllowedLocations.ps1
Test-ContosoUsersAllowedLocations.Tests.ps1
Test-ContosoUsersAllowedLocations.md

ENTRA.UV.1010.L02 – All location information minus business phone

Test-ContosoUsersAllowedLocationsNoBusinessPhones.ps1
Test-ContosoUsersAllowedLocationsNoBusinessPhones.Tests.ps1
Test-ContosoUsersAllowedLocationsNoBusinessPhones.md

ENTRA.UF.1003.T03.Email – All lower case first name period last name

Test-ContosoUsersFormattingFirstLastLowerCase.ps1
Test-ContosoUsersFormattingFirstLastLowerCase.Tests.ps1
Test-ContosoUsersFormattingFirstLastLowerCase.md

Are there any other tests you’d like to see sooner than later?

GitHub: https://github.com/DevClate/Custom-Maester-Tests
Website: https://devclate.github.io/Custom-Maester-Tests/
Maester: https://maester.dev

Have a great day!

Now you can use your own company standards with Maester custom tests

February 3, 2025 by ClaytonT Leave a Comment

I thought checking to see if they were filled in or even formatted correctly wasn’t enough.. now you can config the validation.json file in the Validating folder with your company standards to make only those values pass. Here are the fields so far, and will be adding more!

ENTRA.UV.1001 – Company Name
ENTRA.UV.1002 – Street Address
ENTRA.UV.1003 – City
ENTRA.UV.1004 – State
ENTRA.UV.1005 – Postal Code
ENTRA.UV.1006 – Country
ENTRA.UV.1007 – Business Phone Number
ENTRA.UV.1008 – Job Title
ENTRA.UV.1009 – Department

Hope you like this new update and let me know if you run into any issues or want to see any other updates. Please don’t forget to star the repo and share to get the word out so more people can add theirs.

Have a great day!

GitHub: Custom Maester Tests
Website: Custom Maester Tests
Website: Offical Maester Website

If Maester couldn’t get any better…Custom Test Collection now available

January 27, 2025 by ClaytonT Leave a Comment

The time has finally come. I have created a public repository to store custom Maester tests for everyone. As well as a website for deeper understanding where needed. I haven’t seen anyone else do it yet, and worse case scenario, people can just use the ones that I create, but I envision others adding theirs to this too. Yes, you will have to create the function, test, and the markdown file (I and/or others can help), so that we can have a collection of tests that anyone can pick and choose which ones they want to add to their Maester and customize it to their needs. They don’t need to be 365 related either, as they could be checks for Windows 11 settings, server configs, or check that a certain OU should only has these mentioned users or computers and to make sure that doesn’t change.

This is still in its early stages and would love any feedback to make it better while still showing that it is a companion to Maester. I wanted to get the framework started to that we can start gaining the benefits from the repository while still making it easy to use.

I hope you are excited about this as I am, and we can create a large community collection of tests.

Please star and share the repo. Open issues for tests that you want to see and if you already have one or can make it, put that in the issue. Let’s make all our IT lives easier and safer.

Thank you for taking the time to read this and hope you find value in this and can share your knowledge as well.

Website: https://devclate.github.io/Custom-Maester-Tests/
GitHub: https://github.com/DevClate/Custom-Maester-Tests

I’m also working on a module for the Entra attribute fields that will fix any issues by either manually typing in the correct value or only allow company standard values.

v0.0.13 EntraFIDOFinder is out

December 2, 2024 by ClaytonT Leave a Comment

New Version of EntraFIDOFinder is out and i’ve added a better way to find out which version of FIDO they are using too. I’ve updated it for the PowerShell version and the webversion.

Enhancements

Filter by FIDO version from FIDO Alliance (PowerShell and Web Version)
- Using ValidateSet for versions (“FIDO U2F”, “FIDO 2.0”, “FIDO 2.1”, “FIDO 2.1 PRE”)
Added -AllProperties
- Default to terminal shows basic fields, but added -AllProperties that I’ll add more of the useful fields first
Show-FIDODbVersion now shows you your current version and if it needs to be updated

I did notice that there is a difference for AAGUID 30b5035e-d297-4ff7-b00b-addc96ba6a98 where on Microsofts website it says it should be compatible with BLE, but mine script isn’t seeing that. I’m going to check this week and see why its doing that. Hopefully it is a quick fix.
UPDATE: Same day Microsoft updated their webpage to show that it isn’t compatible with BLE, making mine correct again.

Let me know your thoughts and what you would like to see and or not see…

PowerShell Gallery: https://www.powershellgallery.com/packages/EntraFIDOFinder/0.0.13
GitHub: https://github.com/DevClate/EntraFIDOFinder

Hope you have a great day!