4 min to read

Block a user from deleting tasks not created by themselves

Featured image

Microsoft has introduced a significant feature recently to block a user from deleting Planner tasks that they didn’t create. The admin can confidently create tasks without having the fear of being removed as this feature judiciously protects the accidental removal of the task.

Pre-requisites

Download Planner Tenant Admin Powershell Commands

Download the zip Planner Tenant Admin PowerShell File and Unzip it to a location that you can access from PowerShell.

Unblock script files

The files that have to be unblocked are

Please follow the below steps to unblock the files.

  1. Go to File Explorer and navigate to location where you unzipped the files.
  2. Right click on the above noted files, and click Properties.
  3. On the General tab, select Unblock.

How to load the Planner Tenant Admin PowerShell Module

  1. Start Windows PowerShell. In PowerShell, type the following command to enable running scripts downloaded from the internet for this session only. It may prompt you to confirm by typing “Y”.
Powershell

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
  1. Enter the following command to execute the plannertenantadmin PowerShell script, this will import a module with all available cmdlets.
Powershell

Import-module "<location of the plannertenantadmin.psm1 file you unzipped>"

For example: If your file is stored in C:\Users\jijiUser

Powershell

Import-module "C:\Users\jijiUser\plannertenantadmin.psm1”

How to Block the user from deleting task

Block Single User

  1. Use the Set-PlannerUserPolicy cmdlet to block the user from deleting Planner tasks that they didn’t create.
Powershell

Set-PlannerUserPolicy -UserAadIdOrPrincipalName <user's AADId or UPN> -BlockDeleteTasksNotCreatedBySelf $true

For example:

Powershell

Set-PlannerUserPolicy -UserAadIdOrPrincipalName johannal@jiji.onmicrosoft.com -BlockDeleteTasksNotCreatedBySelf $true
  1. When you’re prompted to authenticate, sign in as the global admin, not the user you want to block.

User Experience

When the blocked user tries to delete the Planner task that is not created by them, the user gets a warning message - “Only members of the Microsoft 365 Group are allowed to delete tasks”.

Block Multiple Users

Using Set-PlannerUserPolicy cmdlet in an iterative manner, we can block a bunch of users from deleting Planner tasks that they didn’t create in a single shot as below. The list of users has to feed in through a CSV.

#Block-Users-from-Deleting-Task

function Set-Block-Users-from-Deleting-Task
 {
    param (
    $ImportcsvFilePath
    )
    process
    {
        #Set-PlannerUserPolicy
        Import-module "<location of the plannertenantadmin.psm1 file>"
        $AllUsers = Import-Csv -Path $ImportcsvFilePath
        foreach($Users in $AllUsers)
        {   
        Set-PlannerUserPolicy -UserAadIdOrPrincipalName $Users.UserPrincipalName -BlockDeleteTasksNotCreatedBySelf $true
        }
    }
}
Set-Block-Users-from-Deleting-Task -ImportcsvFilePath "<Path of CSV file containing users to Block>"

Sample CSV file:

UserPrincipalName
JoniS@jiji.onmicrosoft.com
AllanD@jiji.onmicrosoft.com
AlexW@jiji.onmicrosoft.com

How to Get a user’s current policy

Single User

Check a user’s current policy with the Get-PlannerUserPolicy cmdlet.

Powershell

Get-PlannerUserPolicy -UserAadIdOrPrincipalName "<User's AAD ID or UPN>"

For example, the following cmdlet depicts the view of a user’s current policy

Powershell

Get-PlannerUserPolicy -UserAadIdOrPrincipalName jonis@jiji.onmicrosoft.com | fl

Result
 @odata.context                   : https://tasks.office.com/taskApi/
tenantAdminSettings/$metadata#UserPolicy/$entity
 id                               : jonis@jiji.onmicrosoft.com
 blockDeleteTasksNotCreatedBySelf : False

Multiple Users

Check the current policy for a bunch of users using the Get-PlannerUserPolicy cmdlet in an iterative manner. The check is performed against all the licensed users of the domain.

#Install-Module MSOnline : Pre-requisite
function Get-Blocked-Users-from-Deleting-Task
 {
    param (
    $ExportcsvFilePath
    )
    process
    {
        $UserPolicyDetails = @()
        #ConnectMsolservice
        Connect-MsolService
        #GetMsolusers
        $LicensedUsers = Get-MsolUser -All | Where-Object {$_.IsLicensed -eq $true } |select UserPrincipalName
        foreach($LicUsers in $LicensedUsers)
        {   
        $value = Get-PlannerUserPolicy -UserAadIdOrPrincipalName 
        $LicUsers.UserPrincipalName | select id,blockDeleteTasksNotCreatedBySelf
        $UserDetails = "" | Select "UserName","IsblockDeleteTasksNotCreatedBySelf"
        $UserDetails.UserName = $value.id
        $UserDetails.IsblockDeleteTasksNotCreatedBySelf = $value.blockDeleteTasksNotCreatedBySelf
        $UserPolicyDetails+= $UserDetails
        }
        $UserPolicyDetails
        $UserPolicyDetails | Export-csv $ExportcsvFilePath -NoTypeInformation
    }
}
Get-Blocked-Users-from-Deleting-Task -ExportcsvFilePath "<Path of CSV file where the output has to be written>"

The final output will be written to a CSV file with the list of all licensed users of the domain in the below format.

UserName IsblockDeleteTasksNotCreatedBySelf
JoniS@jiji.onmicrosoft.com true
AllanD@jiji.onmicrosoft.com true
DebraB@jiji.onmicrosoft.com false
AlexW@jiji.onmicrosoft.com true
LidiaH@jiji.onmicrosoft.com false

How to Unblock the user from deleting task

  1. Use the Set-PlannerUserPolicy cmdlet to unblock the user from deleting Planner tasks that they didn’t create.
Powershell

Set-PlannerUserPolicy -UserAadIdOrPrincipalName <user's AADId or UPN> -BlockDeleteTasksNotCreatedBySelf $false

For example:

Powershell

Set-PlannerUserPolicy -UserAadIdOrPrincipalName johannal@jiji.onmicrosoft.com -BlockDeleteTasksNotCreatedBySelf $false
  1. When you’re prompted to authenticate, sign in as the global admin, not the user you want to unblock.
#Office 365 #Office365 #Office 365 Planner #Planner