Get 365 Service Health status using PowerShell and MS-Graph

We have all been there, you’re working on something (Microsoft Endpoint Manager, for example), and things don’t work like they are supposed to. Strange errors, you’re starting to doubt yourself… And then you see something in your newsfeed (Twitter, LinkedIn, etc.) that there’s an issue and that Microsoft is working on it… You lost a few hours troubleshooting your issue. Wouldn’t it be nice to get notified when starting PowerShell if there’s an issue you should be aware of? This blog post will cover just that 🙂


To retrieve Health Status events, you need to consent ServiceHealth.Read.All permissions in Graph Explorer. To do so, follow these steps:

(Self-Signed) Certificate

For authenticating Microsoft Graph, you can use a self-signed certificate to create by running the following lines in PowerShell. The certificate file will be in c:\temp, and its name will be like the $certname variable, in this case, “365HealthStatus.cer”. Note: For testing/personal use, using a Self-Signed certificate is okay, but I strongly advise using a corporate certificate.

$certname = "365HealthStatus"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
Export-Certificate -Cert $cert -FilePath "C:\Temp\$certname.cer"

Azure App Registration

  • Browse to App registrations (Login as a Global Admin)
  • Select New Registration
  • Enter “Service Health Status” as Name (Or whatever name you want to give it) and click Register. Other fields can be left default/empty.
  • Select API Permissions on the left side and select Add a Permission
  • Select Microsoft Graph from the Microsoft APIs list
  • Select Application Permissions
  • Search for “Service“, expand “ServiceHealth and “ServiceMessage
  • Select ServiceHealth.Read.All and ServiceMessage.Read.All
  • Click on Add Permissions
  • Select Grant admin consent for … in the API permissions screen and click Yes
  • The Configured permissions should look like this:
  • Select Overview on the left side and make a note of the Directory (tenant) ID and Application (client) ID because you will need those IDs later
  • Select Certificates & Secrets on the left side
  • Select the Certificates tab and select Upload Certificate
  • Select the folder icon and browse to the certificate file which we created earlier, in this case, “C:\Temp\365HealthStatus.cer”, and select it
  • Click Add, and the Certificate tab should look like this:
  • Please make a note of the Thumbprint because you will need it later.

The script

The script below connects to your tenant, retrieving any open/unresolved issues. Replace ClientID, TenantId, and Certificate Thumbprint with the values that you noted from the steps above.

#Connect to MgGraph using ClientID, TenantID and Certificate Thumbprint
#(Retrieve these ID's from the Azure App Registration)
#Install the Graph.Authentication module if not installed
try {
    Connect-MgGraph -ClientId d52e60f2-xxxx-4cd3-xxxx-27b7da3xxxx -TenantId 9f7xxxa0-xxxx-454c-8500-04df1f0xxxx -CertificateThumbprint BFFE739D4B8C272DF8BF0FF9Fxxxxxxxxx -ContextScope CurrentUser -Environment Global | Out-Null
catch {
    install-module Microsoft.Graph.Authentication
    Connect-MgGraph -ClientId d52e60f2-xxxx-4cd3-xxxx-27b7da3xxxx -TenantId 9f7xxxa0-xxxx-454c-8500-04df1f0xxxx -CertificateThumbprint BFFE739D4B8C272DF8BF0FF9Fxxxxxxxxx -ContextScope CurrentUser -Environment Global | Out-Null
#Install the ServiceAnnouncement module if not installed
try {
    Import-Module Microsoft.Graph.Devices.ServiceAnnouncement -ErrorAction Stop    
catch {
    install-module Microsoft.Graph.Devices.ServiceAnnouncement
#Display non-resolved Issues sorted on StartDateTime, display error when unable to retrieve
try {
    $issues = Get-MgServiceAnnouncementIssue | Where-Object IsResolved -ne True | Select-Object StartDateTime, Id, ImpactDescription, Feature, Classification, Status | Sort-Object StartDateTime
catch {
    Write-Warning ("Error retrieving Announcements, try again later...")

#Display the issues if found, display no issues found it not
if ($issues.count -gt 0) {
else {
    Write-Host ("No 365 Service Health Issues found!") -Foregroundcolor Green


After running the script, it will output the results like this: (Two issues found regarding Exchange)

If no issues are found, the output will be like this:

Add it to your PowerShell profile

If you want to see open issues when starting PowerShell, save the script’s contents to a directory on your system and run from there. To edit your profile, you can use the following steps in a PowerShell prompt:

  • Notepad $profile
  • Add a line at the end, for example, c:\scripts\365healthstatus.ps1
  • Quit/Save the profile in Notepad, close and start a new PowerShell session and it will retrieve the open issues and display them if found.

Download the script(s) from GitHub here

3 thoughts on “Get 365 Service Health status using PowerShell and MS-Graph

  1. in my case i have one result but this one wasnt displayed because of the .count problem.
    (shows only more then one …)

    I changed “if ($issues.count -gt 0)” to “f (($issues | Measure-Object).count -gt 0)
    This fix it for me.

  2. Pingback: PowerShell is fun :)PowerShell Profile

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.