Get 365 Service Health status using PowerShell and MS-Graph

We have all been there, you’re working on something (Microsoft Endpoint Manager for example) and things don’t work like they are supposed to. Strange errors, you’re starting to doubt yourself… And then you see something in your newsfeed (Twitter, LinkedIN, etc.) that there’s an issue and that Microsoft is working on it… You lost a few hours troubleshooting your issue, wouldn’t it be nice to get notified when starting PowerShell if there’s an issue that you should be aware of? This blog post will cover just that 🙂


In order to retrieve Health Status events, you need to consent ServiceHealth.Read.All permissions in Graph Explorer. To do so, follow these steps:

(Self-Signed) Certificate

For authenticating Microsoft Graph, you can use a self-signed certificate which you can create running the following lines in PowerShell. The certificate file will be in c:\temp and its name will be like the $certname variable, in this case, “365HealthStatus.cer”. Note: For testing/personal use, it’s ok to use a Self-Signed certificate but I strongly advise using a corporate certificate.

$certname = "365HealthStatus"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:\Temp\$certname.cer"

Azure App Registration

  • Browse to App registrations (Login as a Global Admin)
  • Select New Registration
  • Enter “Service Health Status” as Name (Or whatever name you want to give it) and click Register, other fields can be left default/empty
  • Select API Permissions on the left side and select Add a Permission
  • Select Microsoft Graph from the Microsoft APIs list
  • Select Application Permissions
  • Search for “Service“, expand “ServiceHealth and “ServiceMessage
  • Select ServiceHealth.Read.All and ServiceMessage.Read.All
  • Click on Add Permissions
  • Select Grant admin consent for … in the API permissions screen and click Yes
  • The Configured permissions should look like this:
  • Select Overview on the left side and make a note of Directory (tenant) ID and Application (client) ID because you will need those IDs later
  • Select Certificates & Secrets on the left side
  • Select the Certificates tab and select Upload Certificate
  • Select the folder icon and browse to the certificate file which we created earlier, in this case, “C:\Temp\365HealthStatus.cer”, and select it
  • Click Add, the Certificate tab should look like this:
  • Make note of the Thumbprint, you will need it later

The script

The script below connects to your tenant and retrieves any open/not resolved issues, replace ClientID, TenantId, and Certificate Thumbprint with your own values that you noted from the steps above.

#Connect to MgGraph using ClientID, TenantID and Certificate Thumbprint
#(Retrieve these ID's from the Azure App Registration)
#Install the Graph.Authentication module if not installed
try {
    Connect-MgGraph -ClientId d52e60f2-xxxx-4cd3-xxxx-27b7da3xxxx -TenantId 9f7xxxa0-xxxx-454c-8500-04df1f0xxxx -CertificateThumbprint BFFE739D4B8C272DF8BF0FF9Fxxxxxxxxx -ContextScope CurrentUser -Environment Global | Out-Null
catch {
    install-module Microsoft.Graph.Authentication
    Connect-MgGraph -ClientId d52e60f2-xxxx-4cd3-xxxx-27b7da3xxxx -TenantId 9f7xxxa0-xxxx-454c-8500-04df1f0xxxx -CertificateThumbprint BFFE739D4B8C272DF8BF0FF9Fxxxxxxxxx -ContextScope CurrentUser -Environment Global | Out-Null
#Install the ServiceAnnouncement module if not installed
try {
    Import-Module Microsoft.Graph.Devices.ServiceAnnouncement -ErrorAction Stop    
catch {
    install-module Microsoft.Graph.Devices.ServiceAnnouncement
#Display non-resolved Issues sorted on StartDateTime, display error when unable to retrieve
try {
    $issues = Get-MgServiceAnnouncementIssue | Where-Object IsResolved -ne True | Select-Object StartDateTime, Id, ImpactDescription, Feature, Classification, Status | Sort-Object StartDateTime
catch {
    Write-Warning ("Error retrieving Announcements, try again later...")

#Display the issues if found, display no issues found it not
if ($issues.count -gt 0) {
else {
    Write-Host ("No 365 Service Health Issues found!") -Foregroundcolor Green


After running the script, it will output the results like this: (Two issues found regarding Exchange)

If no issues were found, the output will be like this:

Add it to your PowerShell profile

If you want to see open issues when starting PowerShell, you can save the contents of the script to a directory on your system and run from there. To edit your profile, you can use the following steps in a PowerShell prompt:

  • Notepad $profile
  • Add a line at the end, for example, c:\scripts\365healthstatus.ps1
  • Quit/Save the profile in notepad, close and start a new PowerShell session and it will retrieve the open issues and display them if found

Download the script(s) from GitHub here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.