-
Notifications
You must be signed in to change notification settings - Fork 572
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from 12Knocksinna/Development
Development
- Loading branch information
Showing
4 changed files
with
166 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # FindInactiveDls | ||
| # Find inactive distribution lists based on the message trace informnation, which means we can only go back 7 days... | ||
| # | ||
| $EndDate = Get-Date | ||
| $StartDate = $EndDate.AddDays(-10) | ||
| $Messages = $null | ||
| $Page = 1 | ||
| Write-Host "Collecting message trace data for the last 10 days" | ||
| Do | ||
| { | ||
| $CurrMessages = (Get-MessageTrace -Status Expanded -PageSize 5000 -Page $Page -StartDate $StartDate -EndDate $EndDate | Select Received, RecipientAddress) | ||
| $Page++ | ||
| $Messages += $CurrMessages | ||
| } | ||
| Until ($CurrMessages -eq $Null) | ||
|
|
||
| $MessageTable = @{} | ||
| $Messagetable = ($Messages | Sort RecipientAddress -Unique | Select RecipientAddress, Received) | ||
| $DLs = Get-DistributionGroup -ResultSize Unlimited | ||
| Write-Host "Processing" $DLs.Count "distribution lists..." | ||
| $Results = ForEach ($DL in $DLs) { | ||
| If ($MessageTable -Match $DL.PrimarySMTPAddress) { | ||
| [pscustomobject]@{Name = $DL.DisplayName ; Active = "Yes"} | ||
| Write-Host $DL.DisplayName "is active" -Foregroundcolor Yellow } | ||
| Else { | ||
| [pscustomobject]@{Name = $DL.DisplayName ; Active = "No"} | ||
| Write-Host $DL.DisplayName "inactive" -Foregroundcolor Red } | ||
| } | ||
|
|
||
| $Results | Export-CSV c:\Temp\ListofDLs.csv -NoTypeInformation | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # LastLoggedInByExternalUsers | ||
| # Find the last time that external users (guest accounts) logged into our Office 365 tenant | ||
| # | ||
|
|
||
| $Guests = (Get-AzureADUser -Filter "UserType eq 'Guest'" -All $True| Select Displayname, Mail, RefreshTokensValidFromDateTime | Sort RefreshTokensValidFromDateTime) | ||
| Write-Host $Guests.Count "guest accounts found. Checking last connections..." | ||
| $StartDate = (Get-Date).AddDays(-90) | ||
| $StartDate2 = (Get-Date).AddDays(-10) | ||
| $EndDate = (Get-Date).AddDays(+1) | ||
| $Active = 0 | ||
| $EmailActive = 0 | ||
| $Inactive = 0 | ||
| $TeamsSpo = 0 | ||
|
|
||
| ForEach ($G in $Guests) { | ||
| Write-Host "Checking" $G.DisplayName | ||
| $Recs = $Null | ||
| $UserId = $G.Mail | ||
| # Handle account whose guest invitation is not redeemed | ||
| If ($Userid -eq $Null) {$UserId = "NullString"} | ||
| $Recs = (Search-UnifiedAuditLog -UserIds $UserId -Operations UserLoggedIn, TeamsSessionStarted -StartDate $StartDate -EndDate $EndDate) | ||
| If ($Recs -eq $Null) { | ||
| Write-Host "No connections found in the last 90 days for" $G.DisplayName "created on" $G.RefreshTokensValidFromDateTime -Foregroundcolor Red | ||
| # Check email tracking logs because guests might receive email from Groups. Account must be fully formed for the check. We can only go back 10 days | ||
| If ($UserId -ne "NullString") { | ||
| $EmailRecs = (Get-MessageTrace –StartDate $StartDate2 –EndDate $EndDate -Recipient $G.Mail) | ||
| If ($EmailRecs.Count -gt 0) { | ||
| Write-Host "Email traffic found for " $G.DisplayName "at" $EmailRecs[0].Received -foregroundcolor Yellow | ||
| $Active++ | ||
| $EmailActive++ }} | ||
| } | ||
| Elseif ($Recs[0].CreationDate -ne $Null) { | ||
| Write-Host "Last connection for" $G.DisplayName "on" $Recs[0].CreationDate "as" $Recs[0].Operations -Foregroundcolor Green | ||
| $Active++ | ||
| $TeamsSpo++ } | ||
|
|
||
| } | ||
| Write-Host "" | ||
| Write-Host "Statistics" | ||
| Write-Host "----------" | ||
| Write-Host "Guest Accounts " $Guests.Count | ||
| Write-Host "Active Guests " $Active | ||
| Write-Host "Active on Teams and SPO " $TeamsSPO | ||
| Write-Host "Active on Email " $EmailActive | ||
| Write-Host "InActive Guests " ($Guests.Count - $Active) | ||
|
|
||
|
|
||
| $Mbx = (Get-Mailbox -RecipientTypeDetails UserMailbox | Select PrimarySmtpAddress, DisplayName, UserPrincipalName) | ||
| $StartCheckDate = (Get-Date).AddDays(-90) | ||
| ForEach ($M in $Mbx) { | ||
| $AuditRecs = (Search-UnifiedAuditLog -StartDate $StartCheckDate -EndDate (Get-Date) -UserIds $M.UserPrincipalName -Operations UserLoggedIn, MailboxLogin -SessionCommand ReturnNextPreviewPage ) | ||
| If ($AuditRecs.Count -gt 0) { | ||
| Write-Host "Last Login date for" $M.DisplayName "is" $AuditRecs[0].CreationDate } | ||
| Else { | ||
| Write-Host "No logins found for" $M.DisplayName "since" $StartCheckDate } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # MFAReportMailboxes.ps1 | ||
| # List mailboxes and the last time MFA processed each mailbox | ||
| $Mbx = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited | ||
| $Report = @() | ||
| ForEach ($M in $Mbx) { | ||
| $LastProcessed = $Null | ||
| Write-Host "Processing" $M.DisplayName | ||
| $Log = Export-MailboxDiagnosticLogs -Identity $M.Alias -ExtendedProperties | ||
| $xml = [xml]($Log.MailboxLog) | ||
| $LastProcessed = ($xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ELCLastSuccessTimestamp*"}).Value | ||
| $ItemsDeleted = $xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ElcLastRunDeletedFromRootItemCount*"} | ||
| If ($LastProcessed -eq $Null) { | ||
| $LastProcessed = "Not processed"} | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| User = $M.DisplayName | ||
| LastProcessed = $LastProcessed | ||
| ItemsDeleted = $ItemsDeleted.Value} | ||
| $Report += $ReportLine | ||
| } | ||
| $Report | Select User, LastProcessed, ItemsDeleted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,68 +1,59 @@ | ||
| # A script to display details of the retention policies applying to SharePoint and OneDrive for Business sites in an Office 365 tenant. | ||
| # Uses the Security and Compliance Center PowerShell module | ||
|
|
||
| $Report = @() | ||
| $RetentionPolicies = (Get-RetentionCompliancePolicy -ExcludeTeamsPolicy -DistributionDetail | ? {$_.SharePointLocation -ne $Null}) | ||
| # Now exclude all the retention policies that publish labels | ||
| $Policies = @() | ||
| ForEach ($P in $RetentionPolicies) { | ||
| $Rule = Get-RetentionComplianceRule -Policy $P.Name | ||
| If ([string]::IsNullOrWhiteSpace($Rule.RetentionDuration) -and [string]::IsNullOrWhiteSpace($Rule.ApplyComplianceTag)) { | ||
| Write-Host "Policy" $P.Name "publishes retention labels to workloads - excluded from this report" } | ||
| Else { | ||
| $Policies += $P } | ||
| } | ||
| # Now we have a cleansed set of retention policies that apply to SharePoint | ||
| ForEach ($P in $Policies) { | ||
| $Duration = $Null | ||
| Write-Host "Processing retention policy" $P.Name | ||
| $Rule = Get-RetentionComplianceRule -Policy $P.Name | ||
| $Settings = "Simple" | ||
| $Duration = $Rule.RetentionDuration | ||
| # Check whether a rule is for advanced settings - either a KQL query or sensitive data types | ||
| If (-not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery)) { | ||
| $Settings = "Advanced/KQL" } | ||
| Elseif (-not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation)) { | ||
| $Settings = "Advanced/Sensitive Data" } | ||
| # Handle retention policy using advanced settings (keyword search or sensitive data type) | ||
| If ($Rule.RetentionDuration -eq $Null -and $Rule.ApplyComplianceTag -ne $Null) { | ||
| $Duration = (Get-ComplianceTag -Identity $Rule.ApplyComplianceTag | Select -Expandproperty RetentionDuration) } | ||
| $RetentionAction = $Rule.RetentionComplianceAction | ||
| If ([string]::IsNullOrEmpty($RetentionAction)) { | ||
| $RetentionAction = "Retain" } | ||
| If ($P.SharePointLocation.Name -eq "All") { | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = "All SharePoint Sites" | ||
| SiteURL = "All SharePoint Sites" | ||
| RetentionTime = $Rule.RetentionDurationDisplayHint | ||
| RetentionDuration = $Duration | ||
| RetentionAction = $RetentionAction | ||
| Settings = $Settings} | ||
| $Report += $ReportLine } | ||
| If ($P.SharePointLocationException -ne $Null) { | ||
| $Locations = ($P | Select -ExpandProperty SharePointLocationException) | ||
| ForEach ($L in $Locations) { | ||
| $Exception = "*Exclude* " + $L.DisplayName | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = $Exception | ||
| SiteURL = $L.Name } | ||
| $Report += $ReportLine } | ||
| } | ||
| ElseIf ($P.SharePointLocation.Name -ne "All") { | ||
| $Locations = ($P | Select -ExpandProperty SharePointLocation) | ||
| ForEach ($L in $Locations) { | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = $L.DisplayName | ||
| SiteURL = $L.Name | ||
| RetentionTime = $Rule.RetentionDurationDisplayHint | ||
| RetentionDuration = $Duration | ||
| RetentionAction = $RetentionAction | ||
| Settings = $Settings} | ||
| $Report += $ReportLine } | ||
| } | ||
| } | ||
| $Report | Sort SiteName| Format-Table PolicyName, SiteName, RetentionDuration, RetentionAction, Settings -AutoSize | ||
|
|
||
| # A script to display details of the retention policies applying to SharePoint and OneDrive for Business sites in an Office 365 tenant. | ||
| # Uses the Security and Compliance Center PowerShell module | ||
|
|
||
| $Report = @() | ||
| # Fetch a set of retention policies that apply to SharePoint and aren't to publish labels | ||
| $Policies = (Get-RetentionCompliancePolicy -ExcludeTeamsPolicy -DistributionDetail -RetentionRuleTypes | ? {$_.SharePointLocation -ne $Null -and $_.RetentionRuleTypes -ne "Publish"}) | ||
| ForEach ($P in $Policies) { | ||
| $Duration = $Null | ||
| Write-Host "Processing retention policy" $P.Name | ||
| $Rule = Get-RetentionComplianceRule -Policy $P.Name | ||
| $Settings = "Simple" | ||
| $Duration = $Rule.RetentionDuration | ||
| # Check whether a rule is for advanced settings - either a KQL query or sensitive data types | ||
| If (-not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery)) { | ||
| $Settings = "Advanced/KQL" } | ||
| Elseif (-not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation)) { | ||
| $Settings = "Advanced/Sensitive Data" } | ||
| # Handle retention policy that simply retains and doesn't do anything else | ||
| If ($Rule.RetentionDuration -eq $Null -and $Rule.ApplyComplianceTag -ne $Null) { | ||
| $Duration = (Get-ComplianceTag -Identity $Rule.ApplyComplianceTag | Select -Expandproperty RetentionDuration) } | ||
| $RetentionAction = $Rule.RetentionComplianceAction | ||
| If ([string]::IsNullOrEmpty($RetentionAction)) { | ||
| $RetentionAction = "Retain" } | ||
| If ($P.SharePointLocation.Name -eq "All") { | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = "All SharePoint Sites" | ||
| SiteURL = "All SharePoint Sites" | ||
| RetentionTime = $Rule.RetentionDurationDisplayHint | ||
| RetentionDuration = $Duration | ||
| RetentionAction = $RetentionAction | ||
| Settings = $Settings} | ||
| $Report += $ReportLine } | ||
| If ($P.SharePointLocationException -ne $Null) { | ||
| $Locations = ($P | Select -ExpandProperty SharePointLocationException) | ||
| ForEach ($L in $Locations) { | ||
| $Exception = "*Exclude* " + $L.DisplayName | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = $Exception | ||
| SiteURL = $L.Name } | ||
| $Report += $ReportLine } | ||
| } | ||
| ElseIf ($P.SharePointLocation.Name -ne "All") { | ||
| $Locations = ($P | Select -ExpandProperty SharePointLocation) | ||
| ForEach ($L in $Locations) { | ||
| $ReportLine = [PSCustomObject][Ordered]@{ | ||
| PolicyName = $P.Name | ||
| SiteName = $L.DisplayName | ||
| SiteURL = $L.Name | ||
| RetentionTime = $Rule.RetentionDurationDisplayHint | ||
| RetentionDuration = $Duration | ||
| RetentionAction = $RetentionAction | ||
| Settings = $Settings} | ||
| $Report += $ReportLine } | ||
| } | ||
| } | ||
| $Report | Sort SiteName| Format-Table PolicyName, SiteName, RetentionDuration, RetentionAction, Settings -AutoSize | ||
|
|