Professionals are always finding out ways to report M365 or Azure environments, automating activities or remediating threats.
There is insane amount of content available to achieve these goals but I want to list some of my favorites in this post.
Table of Contents
Connect all O365 service with or without MFA
Save script and just run it if You don’t have MFA in our account (Why You wouldn’t?) or with -MFA switch if You do (of course You do!)
Old modules?
Using the old modules as the new ones (Azure Active Directory PowerShell for Graph) don’t completely replace the old ones.
Access tokens
There is also an option for Access tokens but some of the services don’t support it the same way and Teams CS* commands will brake, so I will go with the “easiest” solution here.
Here is more information on the access tokens from Andrés Gorzelany and how to generate them. I will also do some experiments in my future blogs about these.
The script
With this script You can disconnect all sessions with -disconnect switch or choose the ones You want with -services switch
The script will install all the newest versions (not previews) of the modules available in PowerShell gallery.
You can use this script with PowerShell 6 not above and this is also stated inside Microsoft documentation.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 |
# Original script from AdminDroid, modified by Harri Jaakkonen @24032022 # Original script can be downloaded from https://admindroid.sharepoint.com/:u:/s/external/ETYww6L3LJFJooEb5MOwjrkBJrHNhGb-EUK5ZBFPiMfm_A?e=Hb9fb4 Param ( [Parameter(Mandatory = $false)] [switch]$Disconnect, [ValidateSet('AzureAD','MSOnline','ExchangeOnline','SharePoint','SharePointPnP','SecAndCompCenter','Teams','MSGraph')] [string[]]$Services=("AzureAD","MSOnline","ExchangeOnline",'SharePoint','SharePointPnP','SecAndCompCenter','Teams','MSGraph'), [string]$SharePointHostName, [Switch]$MFA, [string]$UserName, [string]$Password ) Clear-Host '' write-host "This script will connect the following services: AzureAD,MSOnline,ExchangeOnline,SharePoint,SharePointPnP,SecAndCompCenter,Teams,MSGraph" write-host "You switch to MFA-based by adding -MFA to end of the script. You can also limit service with -SERVICES swithc and" write-host "adding one of the above ones or disconnect all sessions with -DISCONNECT switch" '' #Disconnecting Sessions if($Disconnect.IsPresent) { #Disconnect Exchange Online,Skype and Security & Compliance center session Get-PSSession | Remove-PSSession #Disconnect Teams connection Disconnect-MicrosoftTeams #Disconnect SharePoint connection Disconnect-SPOService #Disconnect MsGraph connection Disconnect-Graph Write-Host All sessions in the current window has been removed. -ForegroundColor Yellow } else { if(($UserName -ne "") -and ($Password -ne "")) { $SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force $Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword } #Getting credential for non-MFA account elseif(!($MFA.IsPresent)) { $Credential=Get-Credential -Credential $null } $ConnectedServices="" if($Services.Length -eq 8) { $RequiredServices=$Services } else { $RequiredServices=$PSBoundParameters.Services } #Loop through each required services Foreach($Service in $RequiredServices) { Write-Host Checking connection to $Service... Switch ($Service) { #Module and Connection settings for Exchange Online module ExchangeOnline { $Module=Get-InstalledModule -Name ExchangeOnlineManagement -MinimumVersion 2.0.5 if($Module.count -eq 0) { Write-Host Required Exchange Online'(EXO V2)' module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module ExchangeOnlineManagement -MinimumVersion 2.0.5 -force Import-Module ExchangeOnlineManagement } else { Write-Host EXO V2 module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet. } Continue } if($mfa.IsPresent) { Connect-ExchangeOnline -UserPrincipalName $UserFQDN } else { Connect-ExchangeOnline -Credential $Credential } If($null -ne (Get-EXOMailbox -ResultSize 1)) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" Exchange Online" } } #Module and Connection settings for AzureAD V1 (MSOnline module) MSOnline { $Module=Get-Module -Name MSOnline -ListAvailable if($Module.count -eq 0) { Write-Host MSOnline module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module MSOnline -force Import-Module MSOnline } else { Write-Host MSOnline module is required to connect AzureAD.Please install module using Install-Module MSOnline cmdlet. } Continue } if($mfa.IsPresent) { Connect-MsolService } else { Connect-MsolService -Credential $Credential } If($null -ne (Get-MsolUser -MaxResults 1)) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" MSOnline" } if(($RequiredServices -contains "SharePoint") -eq "true") { $SharePointHostName=((Get-MsolDomain) | Where-Object {$_.IsInitial -eq "True"} ).name -split ".onmicrosoft.com" $SharePointHostName=($SharePointHostName).trim() } } #Module and Connection settings for AzureAD V2 (AzureAD module) AzureAD { $Module=Get-Module -Name AzureAD -ListAvailable if($Module.count -eq 0) { Write-Host AzureAD module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module AzureAD -MinimumVersion 2.0.2.140 -force Import-Module AzureAD } else { Write-Host AzureAD module is required to connect AzureAD.Please install module using Install-Module AzureAD cmdlet. } Continue } if($mfa.IsPresent) { '' $UserFQDN = Read-Host -Prompt 'Input Your FQDN username' '' Connect-AzureAD -AccountId $UserFQDN } else { Connect-AzureAD -Credential $Credential } If($null -ne (Get-AzureADUser -Top 1)) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" AzureAD" } } #Module and Connection settings for SharePoint Online module SharePoint { $Module=Get-installedModule -Name Microsoft.Online.SharePoint.PowerShell if($Module.count -eq 0) { Write-Host SharePoint Online PowerShell module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module Microsoft.Online.SharePoint.PowerShell -scope AllUsers -MinimumVersion 16.0.22208.12000 -force } else { Write-Host SharePoint Online PowerShell module is required.Please install module using Install-Module Microsoft.Online.SharePoint.PowerShell cmdlet. Continue } } if(!($PSBoundParameters['SharePointHostName']) -and ([string]$SharePointHostName -eq "") ) { Write-Host SharePoint organization name is required.`nEg: Contoso for admin@Contoso.Onmicrosoft.com -ForegroundColor Yellow $SharePointHostName= Read-Host "Please enter SharePoint organization name" } if($MFA.IsPresent) { Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$SharePointHostName-admin.sharepoint.com } else { Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking Connect-SPOService -Url https://$SharePointHostName-admin.sharepoint.com -credential $credential } if($null -ne (Get-SPOTenant)) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+"SharePoint Online" } } #Module and Connection settings for Sharepoint PnP module SharePointPnP { $Module=Get-InstalledModule -Name SharePointPnPPowerShellOnline if($Module.count -eq 0) { Write-Host SharePoint PnP module module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module -Name SharePointPnPPowerShellOnline -MinimumVersion 3.29.2101.0 -AllowClobber -force } else { Write-Host SharePoint Pnp module is required.Please install module using Install-Module SharePointPnPPowerShellOnline cmdlet. } Continue } if(!($PSBoundParameters['SharePointHostName']) -and ([string]$SharePointHostName -eq "") ) { Write-Host SharePoint organization name is required.`nEg: Contoso for admin@Contoso.com -ForegroundColor Yellow $SharePointHostName= Read-Host "Please enter SharePoint organization name" } if($MFA.IsPresent) { Import-Module SharepointpnpPowerShellOnline -DisableNameChecking Connect-PnPOnline -Url https://$SharePointHostName.sharepoint.com -UseWebLogin -WarningAction Ignore } else { Import-Module SharepointpnpPowerShellOnline -DisableNameChecking Connect-PnPOnline -Url https://$SharePointHostName.sharepoint.com -credential $credential -WarningAction Ignore } If ($? -eq $true) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+"SharePoint PnP" } } #Module and Connection settings for Security & Compliance center SecAndCompCenter { $Module=Get-InstalledModule -Name ExchangeOnlineManagement if($Module.count -eq 0) { Write-Host Exchange Online'(EXO V2)' module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module ExchangeOnlineManagement -MinimumVersion 2.0.5 -force Import-Module ExchangeOnlineManagement } else { Write-Host EXO V2 module is required to connect Security and Compliance PowerShell.Please install module using Install-Module ExchangeOnlineManagement cmdlet. } Continue } if($mfa.IsPresent) { Connect-IPPSSession -WarningAction SilentlyContinue -UserPrincipalName $UserFQDN } else { Connect-IPPSSession -Credential $Credential -WarningAction SilentlyContinue } $Result=Get-RetentionCompliancePolicy If(($?) -eq $true) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" Security & Compliance Center" } } #Module and Connection settings for Teams Online module Teams { $Module=Get-InstalledModule -Name MicrosoftTeams if($Module.count -eq 0) { Write-Host Required MicrosoftTeams module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module MicrosoftTeams -MinimumVersion 4.0.0 -AllowClobber -force Import-Module MicrosoftTeam } else { Write-Host MicrosoftTeams module is required.Please install module using Install-Module MicrosoftTeams cmdlet. } Continue } if($mfa.IsPresent) { Connect-MicrosoftTeams -AccountId $UserFQDN } else { Connect-MicrosoftTeams -Credential $Credential if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" Microsoft Teams" } } #Module and Connection settings for MS Graph module MSGraph { $Module=Get-InstalledModule -Name Microsoft.Graph if($Module.count -eq 0) { Write-Host Required Microsoft Graph module is not available -ForegroundColor yellow $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No if($Confirm -match "[yY]") { Install-Module -Name Microsoft.Graph -MinimumVersion 1.9.3 -AllowClobber -force Import-Module Microsoft.Graph } else { Write-Host Microsoft Graph module is required.Please install module using Install-Module Microsoft.Graph cmdlet. } Continue } if($mfa.IsPresent) { Connect-Graph -Scopes "User.Read.all","Application.Read.All" } else { Connect-Graph -Scopes "User.Read.all","Application.Read.All" } If($null -ne (Get-MgUser -top 1)) { if($ConnectedServices -ne "") { $ConnectedServices=$ConnectedServices+"," } $ConnectedServices=$ConnectedServices+" Microsoft Graph" } } } } if($ConnectedServices -eq "") { $ConnectedServices="-" } Write-Host `n`nConnected Services $ConnectedServices -ForegroundColor DarkYellow } |
Office 365 for IT Pros GitHub
One repository that has excellent scripts is Office 365 for IT Pros PowerShell examples.
GitHub – 12Knocksinna/Office365itpros: Office 365 for IT Pros PowerShell examples
Office 365 for IT Pros PowerShell examples. Contribute to 12Knocksinna/Office365itpros development by creating an account on GitHub.
For guest users
Azure AD Access reviews
For access reviews I really like this one.
This PowerShell sample script is meant to create a high-level overview over external identity use in a tenant, outlining if and where external identities are used:
- group membership
- application assignment
- assignment to privileged roles
- membership through rules in a dynamic group
The script is enumerating membership and assignments in Azure AD. It does not reach out to services that keep membership or role assignments outside of Azure AD (e.g. SharePoint Online with direct user-to-role assignment outside of group membership).
access-reviews-samples/ExternalIdentityUse at master · microsoft/access-reviews-samples
This repo contains sample code that demonstrates programmatic access to Azure AD Access Reviews. Sample code includes reading and managing Access Reviews, as well as working on decisions and result…
Admindroid version
Or this one from Admindroid.
It will generate a csv-file that has information from the guest accounts.
Export Office 365 Guest User Report with their Membership
This PowerShell script exports Office 365 guest user report along with guest user’s group membership info.You can also get stale guests using this script.
If You are using AzureADPreview instead of AzureAD module, You can just switch the AzureAD to the preview one.
And all the rest of Admindroid scripts are conveniently in this repo, all in one.
GitHub – admindroid-community/powershell-scripts: Office 365 Reporting PowerShell Scripts
Office 365 Reporting PowerShell Scripts. Contribute to admindroid-community/powershell-scripts development by creating an account on GitHub.
Teams reporting
Teams users
This one will generate TeamsUserReport.csv for users and their settings.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
Connect-microsoftteams $TeamsUser = Get-CsOnlineUser | Select-Object DisplayName,Identity,UserPrincipalName, ` SipAddress,Enabled,WindowsEmailAddress,LineURI,HostedVoiceMail,OnPremEnterpriseVoiceEnabled,OnPremLineURI,SipProxyAddress, ` OnlineDialinConferencingPolicy,TeamsUpgradeEffectiveMode,TeamsUpgradePolicy,HostingProvider $TeamsReporting = @() Foreach ($User in $TeamsUser) { $Info = "" | Select "DisplayName","Identity","UserPrincipalName","SipAddress","Enabled","LineURI", ` "WindowsEmailAddress","HostedVoiceMail","OnPremEnterpriseVoiceEnabled","OnPremLineURI","SipProxyAddress", ` "OnlineDialinConferencingPolicy","TeamsUpgradeEffectiveMode","TeamsUpgradePolicy","HostingProvider", ` "VoicePolicy","MeetingPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsAppSetupPolicy", ` "TeamsCallingPolicy","VoicePolicySource","MeetingPolicySource","TeamsMeetingPolicySource", ` "TeamsMessagingPolicySource","TeamsAppSetupPolicySource","TeamsCallingPolicySource" Write-Host "Getting information for" $User.DisplayName -ForegroundColor Green $UserPolicies = Get-CsUserPolicyAssignment -Identity $User.identity $Info.DisplayName = $User.DisplayName $Info.Identity = $User.identity $Info.UserPrincipalName = $User.UserPrincipalName $Info.SipAddress = $User.SipAddress $Info.Enabled = $User.Enabled $Info.LineURI = $User.LineURI $Info.WindowsEmailAddress = $User.WindowsEmailAddress $Info.HostedVoiceMail = $User.HostedVoiceMail $Info.OnPremEnterpriseVoiceEnabled = $User.OnPremEnterpriseVoiceEnabled $Info.OnPremLineURI = $User.OnPremLineURI $Info.SipProxyAddress = $User.SipProxyAddress $Info.OnlineDialinConferencingPolicy = $User.OnlineDialinConferencingPolicy $Info.TeamsUpgradeEffectiveMode = $User.TeamsUpgradeEffectiveMode $Info.TeamsUpgradePolicy = $User.TeamsUpgradePolicy $Info.HostingProvider = $User.HostingProvider $Info.VoicePolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "VoicePolicy"}).PolicyName $Info.VoicePolicy = (($UserPolicies | Where-Object {$_.PolicyType -eq "VoicePolicy"}).PolicySource).AssignmentType $Info.MeetingPolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "MeetingPolicy"}).PolicyName $Info.MeetingPolicySource = (($UserPolicies | Where-Object {$_.PolicyType -eq "MeetingPolicy"}).PolicySource).AssignmentType $Info.TeamsMeetingPolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsMeetingPolicy"}).PolicyName $Info.TeamsMeetingPolicySource = (($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsMeetingPolicy"}).PolicySource).AssignmentType $Info.TeamsMessagingPolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsMessagingPolicy"}).PolicyName $Info.TeamsMessagingPolicySource = (($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsMessagingPolicy"}).PolicySource).AssignmentType $Info.TeamsAppSetupPolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsAppSetupPolicy"}).PolicyName $Info.TeamsAppSetupPolicySource = (($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsAppSetupPolicy"}).PolicySource).AssignmentType $Info.TeamsCallingPolicy = ($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsCallingPolicy"}).PolicyName $Info.TeamsCallingPolicySource = (($UserPolicies | Where-Object {$_.PolicyType -eq "TeamsCallingPolicy"}).PolicySource).AssignmentType $TeamsReporting += $Info $Info = $null } $TeamsReporting | Export-Csv .\TeamsUserReport.csv -nti -enc utf8 |
Teams configs
Backup-TeamsConfig is a PowerShell script allowing you to backup various parts of Microsoft Teams configuration and package it up in to a single file for safe keeping – this includes policies, configurations and voice applications (inc. audio files).
GitHub – leeford/Backup-TeamsConfig: Backup-TeamsConfig is a script allowing you to backup various parts of Microsoft Teams configuration and package it up in to a single file
Backup-TeamsConfig is a script allowing you to backup various parts of Microsoft Teams configuration and package it up in to a single file – GitHub – leeford/Backup-TeamsConfig: Backup-TeamsConfig …
Microsoft365DSC
DSC is still work in progress but it getting there. New versions popping up all the time.
Basically 365DSC is for getting Your tenant config and keeping the config up-to-date with a pipeline or just to compare the config to another tenant for auditing purposes.
So make baselines for different scenarios and compare them against tenants. You will get a verbose report about the differences You have. All isn’t in the report but like said it’s getting there.
Get Started – Microsoft365DSC – Your Cloud Configuration
This article is a complete guide to installing, deploying and using Microsoft365DSC. Microsoft365DSC is an open-source solution that’s available for free on GitHub. It is led by Microsoft engineers and maintained by the community. Official documentation for the solution is available on the official…
Exchange Online and Azure
Crowdstrike
There is a lot different scripts for EXO but I really like this from Crowdstrike.
It will get the following information:
Exchange Online (O365):
- Federation Configuration
- Federation Trust
- Client Access Settings Configured on Mailboxes
- Mail Forwarding Rules for Remote Domains
- Mailbox SMTP Forwarding Rules
- Mail Transport Rules
- Delegates with ‘Full Access’ Permission Granted
- Delegates with Any Permissions Granted
- Delegates with ‘Send As’ or ‘SendOnBehalf’ Permissions
- Exchange Online PowerShell Enabled Users
- Users with ‘Audit Bypass’ Enabled
- Mailboxes Hidden from the Global Address List (GAL)
- Collect administrator audit logging configuration settings.
Azure AD:
- Service Principal Objects with KeyCredentials
- O365 Admin Groups Report
- Delegated Permissions & Application Permissions
GitHub – CrowdStrike/CRT: Contact: CRT@crowdstrike.com
Contact: CRT@crowdstrike.com. Contribute to CrowdStrike/CRT development by creating an account on GitHub.
Azure AD Exporter
The Azure AD Exporter is a PowerShell module that allows you to export your Azure AD and Azure AD B2C configuration settings to local .json files.
GitHub – microsoft/azureadexporter: PowerShell module to export a local copy of all Azure Active Directory configuration settings and objects.
PowerShell module to export a local copy of all Azure Active Directory configuration settings and objects. – GitHub – microsoft/azureadexporter: PowerShell module to export a local copy of all Azur…
DCToolbox
DCToolbox is made by Daniel Chronlund. The PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.
This is an excellent swiss knife toolbox but especially I like these four.
Export-DCConditionalAccessPolicyDesign
This CMDlet uses Microsoft Graph to export all Conditional Access policies in the tenant to a JSON file. This JSON file can be used for backup, documentation or to deploy the same policies again with Import-DCConditionalAccessPolicyDesign.
Import-DCConditionalAccessPolicyDesign
This CMDlet uses Microsoft Graph to automatically create Conditional Access policies from a JSON file. The JSON file can be created from existing policies with Export-DCConditionalAccessPolicyDesign or manually by following the syntax described in the Microsoft Graph documentation.
New-DCConditionalAccessPolicyDesignReport
Automatically generate an Excel report containing your current Conditional Access policy design.
New-DCConditionalAccessAssignmentReport
Automatically generate an Excel report containing your current Conditional Access assignments.
GitHub – DanielChronlund/DCToolbox: Tools for Microsoft cloud fans
Tools for Microsoft cloud fans. Contribute to DanielChronlund/DCToolbox development by creating an account on GitHub.
Azure infrastructure
Azure Visualizer, aka ‘AzViz’
PowerShell module to automatically generate Azure resource topology diagrams by just typing a PowerShell cmdlet and passing the name of one or more Azure Resource Group(s).
It is capable of:
- Finding Resources in a Azure Resource Group and identifying their dependencies.
- Plot nodes and edges to represent Azure Resources and their dependencies on a graph.
- Insert appropriate Azure Icons on basis of resource category/sub-category.
- Label each resource with information like Name, Category, Type etc.
- Generate visualization in formats like: .png and .svg
- Output image can be in ‘light’, ‘dark’ or ‘neon’ theme.
- Can target more than one resource group at once.
- Change direction in which resource groups are plotted, i.e, left-to-right or top-to-bottom.
GitHub – PrateekKumarSingh/AzViz: ⚡ ☁ Azure Visualizer aka ‘AzViz’ : A #powershell module to automatically generate Azure resource topology diagrams by just typing a PowerShell cmdlet and passing the name of one or more Azure Resource groups
⚡ ☁ Azure Visualizer aka 'AzViz' : A #powershell module to automatically generate Azure resource topology diagrams by just typing a PowerShell cmdlet and passing the name of one or more Azu…
ORCA (Office 365 Recommended Configuration Analyzer)
ORCA is a PowerShell module that you can run thru Exchange Online V2 PowerShell module. ORCA will gather your tenants security policy information and compare it against 61 policies from Microsoft best practices.
Then it will write a report saying how compliant your tenant is and what to do to get more compliant.
Installing ORCA
You can install ORCA from PowerShell Gallery.
https://www.powershellgallery.com/packages/ORCA/1.10.6
And you also need Exchange Online PowerShell module V2 as a pre-requisite.
More info from Github
orca/README.md at master · cammurray/orca
The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) – orca/README.md at master · cammurray/orca
That all for today. hopefully these tips will help You to cover some caveats in Your toolbox.
Thanks for reading and stay safe!
RSS - Posts