Automate Setting Work Location in Teams/Outlook [PoC] (2024)

Warning: This is another one of those proof of concept “because I can” kind of things. I’m going to do some things which shouldn’t be done in production. It was just for the fun of it.

Microsoft recently released the new Work location feature in Teams and the new Outlook/Outlook on the web. This allows users to set their work location so co-workers can see if their colleagues are working in the office or remotely on any specific day. You can find more information here and here.

I was extremely disappointed when I learned that there is no support for Microsoft Graph or Power Automate yet, so we could automatically set this each day based on e.g., an IP address or even through geo-fencing on a mobile device.

Off I went to try and find a way to do it anyway. First, I opened Teams in Microsoft Edge and used the browser dev tools to see what kind of requests are sent to which APIs when the work location is changed.

Here we can see that a PUT request is made to https://presence.teams.microsoft.com/v1/me/workLocation when the location is edited.

Automate Setting Work Location in Teams/Outlook [PoC] (2)

In this case the location was cleared with the following JSON payload.

Automate Setting Work Location in Teams/Outlook [PoC] (3)

The value 0 clears the location. 1 is used to set it to Office and 2 will map to Remote.

Next, I inspected the token needed for this request with the help of jwt.ms.

{
"typ": "JWT",
"nonce": "xxxxxxxxxxxxxxxxxxxxxxxxx",
"alg": "RS256",
"x5t": "-xxxxxxxxxxxxxxxxxxxxxxxxx",
"kid": "-xxxxxxxxxxxxxxxxxxxxxxxxx"
}.{
"aud": "https://presence.teams.microsoft.com/",
"iss": "https://sts.windows.net/4bffbf87-53a0-4fce-b58b-4179cb3a3b7d/",
"iat": 1688763565,
"nbf": 1688763565,
"exp": 1688841846,
"acr": "1",
"aio": "xxxxxxxxxxxxxxxxxxxxxxxxx",
"amr": [
"pwd",
"mfa"
],
"appid": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
"appidacr": "0",
"family_name": "Mozz",
"given_name": "Mozzie",
"ipaddr": "xxx.xxx.xxx.xxx",
"name": "Mozzism Admin",
"oid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"puid": "10032000330C6A66",
"rh": "xxxxxxxxxxxxxxxxxxxxxxxxx",
"scp": "user_impersonation",
"sub": "xxxxxxxxxxxxxxxxxxxxxxxxx",
"tid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"unique_name": "mozzie@mozzism.ch",
"upn": "mozzie@mozzism.ch",
"uti": "xxxxxxxxxxxxxxxxxxxxxxxxx",
"ver": "1.0",
"xms_cc": [
"CP1"
],
"xms_ssm": "1"
}.[Signature]

AADInternals

Copying the token from the browser and using it to make a web request with PowerShell is easy. The hard thing was to figure out how I can obtain that token programmatically. Luckily, there’s this awesome PowerShell module called AADInternals by one Dr. Nestori Syynimaa. This is an amazing resource to test almost anything related to Azure AD and Graph authentication.

The documentation for this module can be found here. I discovered that the following command would give me a token for Teams.

$teamsToken = Get-AADIntAccessTokenForTeams

What’s really cool is that now, with PowerShell 7 the whole login process can be done through the CLI without any browser pop-ups! Even MFA is supported!

Automate Setting Work Location in Teams/Outlook [PoC] (4)

Even though the audience for this token is https://api.spaces.skype.com and not https://presence.teams.microsoft.com it still works to change the work location in Teams.

Because everything can be done through the CLI I wondered if I could pass the credentials and the MFA secret to the AADInternals functions so that the login process could be automated to be 100% unattended.

After some trial and error, I had that figured out too. Not all functions of the AADInternals module are exposed to the user so the key is to make them available to your current PowerShell session by dot sourcing some of the *.ps1 files included in the module.

$functions = Get-ChildItem -Path "C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.9.0" -Filter "*.ps1"

$functions = $functions | Where-Object {$_.Name -match "Teams" -or $_.Name -match "AccessToken" -or $_.Name -match "CommonUtils"}

foreach ($function in $functions) {

. $function.FullName

}

By executing this code which uses some of the not exposed functions from AADInternals, we can pass a credential object (and MFA secret) and then get an access token to write Teams presence.

$teamsPresenceToken = Prompt-Credentials -ClientId $ClientId -Resource "https://presence.teams.microsoft.com" -Credentials $secureCreds -OTPSecretKey $passwordDecrypted

Credentials

I’ve put together a script which does everything for you. However, you must install the AADInternals module first and you also need to clone the repo from my GitHub account since it has dependencies on other functions.

git clone https://github.com/mozziemozz/TeamsPhoneAutomation.git

Even though this was all part of some good Friday night hacking, we obviously don’t want to store the credentials and especially the MFA secret as plain text on our machines. Therefore, I’ve added a couple of functions to help handle encrypted credentials. We want to be better than UBER.

When encrypted credentials are stored on a Windows PC, they can only be decrypted using the same account and the same machine because of security identifiers (SID).

If you don’t trust me, see for yourself. Here’ I’m retrieving the password I encrypted on my main PC using my user account.

Automate Setting Work Location in Teams/Outlook [PoC] (5)

I copied the file to a virtual machine where I’m logged in with the same user. This code will let you decrypt the password if the key matches.
(I found this code years ago, unfortunately I don’t have the source anymore…)

[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((Get-Content -Path .\.local\SecureCreds\mozzie@mozzism.ch.txt | ConvertTo-SecureString))) | Out-String

When I run this on another machine with the same logged in user, I get an error that the Key is invalid. Which is good.

Automate Setting Work Location in Teams/Outlook [PoC] (6)

My Function Get-MzzSecureCreds will automatically create a PS Credential Object when -AdminUser "user@domain.com" is specified. The username will be set as file name, and it will also be used as the username of the credential object.

The Final Script

Here’s the script to change your work location in Teams.

If you run it for the first time, you’ll need to provide the username and password and possibly the MFA secret of the user for which you want to change the work location.

At this point I want to make clear again that this is a proof of concept. Even though the credentials are encrypted, you should not store production passwords on the device and most importantly, you shouldn’t store the MFA secret in the same place as the password.

You can determine if you’re working remotely or in the office by specifying either your local or public home/remote IP address.

Since my private IP is 192.168.127.117, and I specified 192.168.1.10 my work location is set to Office.

Automate Setting Work Location in Teams/Outlook [PoC] (7)

When I change the IP address to 192.168.127.117 the work location is set to remote because that matches my local subnet.

Automate Setting Work Location in Teams/Outlook [PoC] (8)

In case your office and your home network both use the same private address space, you can use -IpType Public and specify your home/remote public IP.

The Result

The updated work location is then visible in both Teams and Outlook.

Automate Setting Work Location in Teams/Outlook [PoC] (9)
Automate Setting Work Location in Teams/Outlook [PoC] (10)

Even though I won’t be using this in production, I had great fun developing this and I also learned a thing or two about AADInternals, Json Web Tokens and encrypted credentials in PowerShell.

Automate Setting Work Location in Teams/Outlook [PoC] (2024)

FAQs

How to automatically set work location in Teams? ›

Work location states in Teams

Work location states can be set as a recurring schedule in an Outlook calendar. If a user is setting up recurring work hours and location schedules, it will automatically be set in Teams for those periods of time.

How do I set my work location in Outlook? ›

Select Settings > Calendar > Work hours and location.

How to set location as Teams meeting in Outlook? ›

Create or schedule an online meeting in Outlook for Windows
  1. From the calendar, select New Event.
  2. Add a title for your meeting.
  3. Select. ...
  4. Select a suggested time slot for the meeting, or manually enter a date and start and end times.
  5. Enter a meeting location, and Slide the Teams meeting toggle left or right as appropriate:

How do I set up an automatic reply in Outlook and Teams? ›

Schedule an out of office from your profile picture
  1. Select your profile picture at the top of Teams and choose Set status message .
  2. Select Schedule out of office at the bottom of the options.
  3. Turn on the toggle next to Turn on automatic replies.
  4. Type an out of office message in the text box.

How to permanently set work location on Teams? ›

Set your work location
  1. Select the account manager at the top right of Teams.
  2. Next to your status, choose your work location from the location dropdown menu. If you are working in the office and you want to set your building location, select Add a building. Only buildings in your organization can be added.

Can my boss track my location on Teams? ›

By setting up your work location, anyone in your organization can view this information. Microsoft Places location services in Teams is available as part of the public preview program and might undergo further changes before being released publicly.

How to set working elsewhere in Outlook? ›

Select the Calendar icon from the bottom left corner of the screen. Select New Appointment from the options ribbon at the top of the calendar screen. Enter a Subject (optional) such as "Working Remotely". Enter the Date (select all day) or Date and Time for when you will be working remotely.

Can Outlook give your location? ›

Hello, If your work is managing your device then they could see your location. If not, then no, they can only see your IP address (which does not actually give your location, but they could potentially see what city you are in).

How to set availability in Teams? ›

The little dot on your profile indicates if you're available or not. To change your status, select your profile picture at the top right of Teams. Select your current status to choose another status from the list. Teams will automatically set the status in some cases, like when you're on a call.

How do I change the location of a Teams meeting? ›

Update or cancel a meeting you organized
  1. Double-click the meeting on your calendar to open it.
  2. Change the location, start and end times, attendees, message, or other options.
  3. On the Organizer Meeting or Meeting tab, click Send Update.

Where do Teams pull work hours from? ›

Your Teams status. Next available time to meet according to your scheduled meetings in Outlook or Teams. Work hours according to the work hours you've set in Outlook. Hours are shown according to the viewer's time zone.

Where is Microsoft Teams File location? ›

Here's how to find it: Press the Windows Key + R to open the Run dialog. Type in %localappdata%\Microsoft\Teams\Current\ (including the backslashes) and press Enter. This path uses an environment variable (%localappdata%) that points to your local application data folder.

How do I automate email responses in Outlook? ›

Select File > Automatic Replies. In the Automatic Replies box, select Send automatic replies. Optionally, set a date range for your automatic replies. This will turn off automatic replies at the date and time you enter for the end time.

How do I set up an automatic reply in Outlook for a specific mailbox? ›

Sign in to the Microsoft 365 admin portal by using administrator credentials. Expand Admin Centers, and then select Exchange. Under Recipients > Mailboxes, select the mailbox that you want to change. Select Others, and then select Manage automatic replies under Automatic replies.

How do I automatically set status in Microsoft Teams? ›

The little dot on your profile indicates if you're available or not. To change your status, select your profile picture at the top right of Teams. Select your current status to choose another status from the list. Teams will automatically set the status in some cases, like when you're on a call.

How to use Microsoft Teams to track employees? ›

Monitor MS Teams to track employee activities
  1. Navigate to the Reports tab.
  2. Go to Teams Reports in the left pane.
  3. Select Teams Usage Reports > Daily Teams User Count by Activity or any other report as per your requirement.
  4. Enter the Tenant,Domain,and Period of search.
  5. Click Generate Now.

How do I turn on location services in Teams? ›

Enable location services on mobile

Teams will prompt you to allow location sharing the first time you open the app on your mobile device. To turn location sharing on or off after Teams has already been installed, go to Teams Settings on your device and Allow location access.

What is the default location of Microsoft Teams? ›

The new Teams executable is stored within a hidden folder under your user profile. Here's how to find it: Press the Windows Key + R to open the Run dialog. Type in %localappdata%\Microsoft\Teams\Current\ (including the backslashes) and press Enter.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Margart Wisoky

Last Updated:

Views: 5555

Rating: 4.8 / 5 (78 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Margart Wisoky

Birthday: 1993-05-13

Address: 2113 Abernathy Knoll, New Tamerafurt, CT 66893-2169

Phone: +25815234346805

Job: Central Developer

Hobby: Machining, Pottery, Rafting, Cosplaying, Jogging, Taekwondo, Scouting

Introduction: My name is Margart Wisoky, I am a gorgeous, shiny, successful, beautiful, adventurous, excited, pleasant person who loves writing and wants to share my knowledge and understanding with you.