Merge pull request #3 from 12Knocksinna/Development

12Knocksinna · web-flow · commit c63e035aa451 · 2018-12-17T15:52:20.000Z
Development
diff --git a/FindInactiveDLs.PS1 b/FindInactiveDLs.PS1
@@ -0,0 +1,31 @@
+# FindInactiveDls
+# Find inactive distribution lists based on the message trace informnation, which means we can only go back 7 days...
+#
+$EndDate = Get-Date
+$StartDate = $EndDate.AddDays(-10)
+$Messages = $null 
+$Page = 1 
+Write-Host "Collecting message trace data for the last 10 days"
+Do 
+{ 
+    $CurrMessages = (Get-MessageTrace -Status Expanded -PageSize 5000 -Page $Page -StartDate $StartDate -EndDate $EndDate | Select Received, RecipientAddress)
+    $Page++ 
+    $Messages += $CurrMessages 
+} 
+Until ($CurrMessages -eq $Null) 
+
+$MessageTable = @{}
+$Messagetable = ($Messages | Sort RecipientAddress -Unique | Select RecipientAddress, Received)
+$DLs = Get-DistributionGroup -ResultSize Unlimited
+Write-Host "Processing" $DLs.Count "distribution lists..."
+$Results = ForEach ($DL in $DLs) {
+       If ($MessageTable -Match $DL.PrimarySMTPAddress) {
+          [pscustomobject]@{Name = $DL.DisplayName ; Active = "Yes"}
+          Write-Host $DL.DisplayName "is active" -Foregroundcolor Yellow }
+       Else {
+          [pscustomobject]@{Name = $DL.DisplayName ; Active = "No"}
+          Write-Host $DL.DisplayName "inactive" -Foregroundcolor Red }
+}
+
+$Results | Export-CSV c:\Temp\ListofDLs.csv -NoTypeInformation
+
diff --git a/LastLoggedInByExternalUsers.Ps1 b/LastLoggedInByExternalUsers.Ps1
@@ -0,0 +1,56 @@
+# LastLoggedInByExternalUsers
+# Find the last time that external users (guest accounts) logged into our Office 365 tenant
+#
+
+$Guests = (Get-AzureADUser -Filter "UserType eq 'Guest'" -All $True| Select Displayname, Mail, RefreshTokensValidFromDateTime | Sort RefreshTokensValidFromDateTime)
+Write-Host $Guests.Count "guest accounts found. Checking last connections..."
+$StartDate = (Get-Date).AddDays(-90)
+$StartDate2 = (Get-Date).AddDays(-10)
+$EndDate = (Get-Date).AddDays(+1)
+$Active = 0
+$EmailActive = 0
+$Inactive = 0
+$TeamsSpo = 0
+
+ForEach ($G in $Guests) {
+    Write-Host "Checking" $G.DisplayName  
+    $Recs = $Null
+    $UserId = $G.Mail
+    # Handle account whose guest invitation is not redeemed
+    If ($Userid -eq $Null) {$UserId = "NullString"}
+    $Recs = (Search-UnifiedAuditLog -UserIds $UserId -Operations UserLoggedIn, TeamsSessionStarted -StartDate $StartDate -EndDate $EndDate)
+    If ($Recs -eq $Null) {
+       Write-Host "No connections found in the last 90 days for" $G.DisplayName "created on" $G.RefreshTokensValidFromDateTime -Foregroundcolor Red
+       # Check email tracking logs because guests might receive email from Groups. Account must be fully formed for the check. We can only go back 10 days
+       If ($UserId -ne "NullString") {
+          $EmailRecs = (Get-MessageTrace �StartDate $StartDate2 �EndDate $EndDate -Recipient $G.Mail)
+            If ($EmailRecs.Count -gt 0) {
+            Write-Host "Email traffic found for " $G.DisplayName "at" $EmailRecs[0].Received -foregroundcolor Yellow
+            $Active++ 
+            $EmailActive++ }}
+    }
+    Elseif ($Recs[0].CreationDate -ne $Null) {
+       Write-Host "Last connection for" $G.DisplayName "on" $Recs[0].CreationDate "as" $Recs[0].Operations -Foregroundcolor Green
+       $Active++
+       $TeamsSpo++ }
+    
+}
+Write-Host ""
+Write-Host "Statistics"
+Write-Host "----------"
+Write-Host "Guest Accounts          " $Guests.Count
+Write-Host "Active Guests           " $Active
+Write-Host "Active on Teams and SPO " $TeamsSPO
+Write-Host "Active on Email         " $EmailActive
+Write-Host "InActive Guests         " ($Guests.Count - $Active)
+
+
+$Mbx = (Get-Mailbox -RecipientTypeDetails UserMailbox | Select PrimarySmtpAddress, DisplayName, UserPrincipalName)
+$StartCheckDate = (Get-Date).AddDays(-90)
+ForEach ($M in $Mbx) {
+   $AuditRecs = (Search-UnifiedAuditLog -StartDate $StartCheckDate -EndDate (Get-Date) -UserIds $M.UserPrincipalName -Operations UserLoggedIn, MailboxLogin -SessionCommand ReturnNextPreviewPage )
+   If ($AuditRecs.Count -gt 0) {
+      Write-Host "Last Login date for" $M.DisplayName "is" $AuditRecs[0].CreationDate }
+   Else {
+      Write-Host "No logins found for" $M.DisplayName "since" $StartCheckDate }
+}
diff --git a/MFAReportMailboxes.ps1 b/MFAReportMailboxes.ps1
@@ -0,0 +1,20 @@
+# MFAReportMailboxes.ps1
+# List mailboxes and the last time MFA processed each mailbox
+$Mbx = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
+$Report = @()
+ForEach ($M in $Mbx) {
+   $LastProcessed = $Null
+   Write-Host "Processing" $M.DisplayName
+   $Log = Export-MailboxDiagnosticLogs -Identity $M.Alias -ExtendedProperties
+   $xml = [xml]($Log.MailboxLog)  
+   $LastProcessed = ($xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ELCLastSuccessTimestamp*"}).Value   
+   $ItemsDeleted  = $xml.Properties.MailboxTable.Property | ? {$_.Name -like "*ElcLastRunDeletedFromRootItemCount*"}
+   If ($LastProcessed -eq $Null) {
+      $LastProcessed = "Not processed"}
+   $ReportLine = [PSCustomObject][Ordered]@{
+           User          = $M.DisplayName
+           LastProcessed = $LastProcessed
+           ItemsDeleted  = $ItemsDeleted.Value}      
+    $Report += $ReportLine
+  }
+$Report | Select User, LastProcessed, ItemsDeleted
diff --git a/SPOSitesRetention.ps1 b/SPOSitesRetention.ps1
@@ -1,68 +1,59 @@
-# A script to display details of the retention policies applying to SharePoint and OneDrive for Business sites in an Office 365 tenant.
-# Uses the Security and Compliance Center PowerShell module
-
-$Report = @()
-$RetentionPolicies = (Get-RetentionCompliancePolicy -ExcludeTeamsPolicy -DistributionDetail | ? {$_.SharePointLocation -ne $Null})
-# Now exclude all the retention policies that publish labels
-$Policies = @()
-ForEach ($P in $RetentionPolicies) {
-      $Rule = Get-RetentionComplianceRule -Policy $P.Name 
-      If ([string]::IsNullOrWhiteSpace($Rule.RetentionDuration) -and [string]::IsNullOrWhiteSpace($Rule.ApplyComplianceTag)) {
-        Write-Host "Policy" $P.Name "publishes retention labels to workloads - excluded from this report" }
-      Else  { 
-       $Policies += $P }
-}  
-# Now we have a cleansed set of retention policies that apply to SharePoint   
-ForEach ($P in $Policies) {
-        $Duration = $Null
-        Write-Host "Processing retention policy" $P.Name
-        $Rule = Get-RetentionComplianceRule -Policy $P.Name 
-        $Settings = "Simple"
-        $Duration = $Rule.RetentionDuration
-        # Check whether a rule is for advanced settings - either a KQL query or sensitive data types
-        If (-not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery)) {
-              $Settings = "Advanced/KQL" }
-        Elseif (-not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation)) {
-             $Settings = "Advanced/Sensitive Data" }
-        # Handle retention policy using advanced settings (keyword search or sensitive data type)
-        If ($Rule.RetentionDuration -eq $Null -and $Rule.ApplyComplianceTag -ne $Null) {
-           $Duration = (Get-ComplianceTag -Identity $Rule.ApplyComplianceTag | Select -Expandproperty RetentionDuration) }
-        $RetentionAction = $Rule.RetentionComplianceAction
-        If ([string]::IsNullOrEmpty($RetentionAction)) {
-           $RetentionAction = "Retain" }
-        If ($P.SharePointLocation.Name -eq "All") {
-              $ReportLine = [PSCustomObject][Ordered]@{
-              PolicyName        = $P.Name
-              SiteName          = "All SharePoint Sites"
-              SiteURL           = "All SharePoint Sites"
-              RetentionTime     = $Rule.RetentionDurationDisplayHint
-              RetentionDuration = $Duration
-              RetentionAction   = $RetentionAction 
-              Settings           = $Settings}
-            $Report += $ReportLine } 
-            If ($P.SharePointLocationException -ne $Null) {
-               $Locations = ($P | Select -ExpandProperty SharePointLocationException)
-               ForEach ($L in $Locations) {
-                  $Exception = "*Exclude* " + $L.DisplayName
-                  $ReportLine = [PSCustomObject][Ordered]@{
-                    PolicyName = $P.Name
-                    SiteName   = $Exception
-                    SiteURL    = $L.Name }
-               $Report += $ReportLine }
-        }
-        ElseIf ($P.SharePointLocation.Name -ne "All") {
-           $Locations = ($P | Select -ExpandProperty SharePointLocation)
-           ForEach ($L in $Locations) {
-               $ReportLine = [PSCustomObject][Ordered]@{
-                  PolicyName        = $P.Name
-                  SiteName          = $L.DisplayName
-                  SiteURL           = $L.Name 
-                  RetentionTime     = $Rule.RetentionDurationDisplayHint
-                  RetentionDuration = $Duration
-                  RetentionAction   = $RetentionAction
-                  Settings          = $Settings}
-               $Report += $ReportLine  }                    
-          }
-}
-$Report | Sort SiteName| Format-Table PolicyName, SiteName, RetentionDuration, RetentionAction, Settings -AutoSize
-
+# A script to display details of the retention policies applying to SharePoint and OneDrive for Business sites in an Office 365 tenant.
+# Uses the Security and Compliance Center PowerShell module
+
+$Report = @()
+# Fetch a set of retention policies that apply to SharePoint and aren't to publish labels
+$Policies = (Get-RetentionCompliancePolicy -ExcludeTeamsPolicy -DistributionDetail -RetentionRuleTypes | ? {$_.SharePointLocation -ne $Null -and $_.RetentionRuleTypes -ne "Publish"})
+ForEach ($P in $Policies) {
+        $Duration = $Null
+        Write-Host "Processing retention policy" $P.Name
+        $Rule = Get-RetentionComplianceRule -Policy $P.Name 
+        $Settings = "Simple"
+        $Duration = $Rule.RetentionDuration
+        # Check whether a rule is for advanced settings - either a KQL query or sensitive data types
+        If (-not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentMatchQuery)) {
+              $Settings = "Advanced/KQL" }
+        Elseif (-not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation) -and -not [string]::IsNullOrWhiteSpace($Rule.ContentContainsSensitiveInformation)) {
+             $Settings = "Advanced/Sensitive Data" }
+        # Handle retention policy that simply retains and doesn't do anything else
+        If ($Rule.RetentionDuration -eq $Null -and $Rule.ApplyComplianceTag -ne $Null) {
+           $Duration = (Get-ComplianceTag -Identity $Rule.ApplyComplianceTag | Select -Expandproperty RetentionDuration) }
+        $RetentionAction = $Rule.RetentionComplianceAction
+        If ([string]::IsNullOrEmpty($RetentionAction)) {
+           $RetentionAction = "Retain" }
+        If ($P.SharePointLocation.Name -eq "All") {
+              $ReportLine = [PSCustomObject][Ordered]@{
+              PolicyName        = $P.Name
+              SiteName          = "All SharePoint Sites"
+              SiteURL           = "All SharePoint Sites"
+              RetentionTime     = $Rule.RetentionDurationDisplayHint
+              RetentionDuration = $Duration
+              RetentionAction   = $RetentionAction 
+              Settings           = $Settings}
+            $Report += $ReportLine } 
+            If ($P.SharePointLocationException -ne $Null) {
+               $Locations = ($P | Select -ExpandProperty SharePointLocationException)
+               ForEach ($L in $Locations) {
+                  $Exception = "*Exclude* " + $L.DisplayName
+                  $ReportLine = [PSCustomObject][Ordered]@{
+                    PolicyName = $P.Name
+                    SiteName   = $Exception
+                    SiteURL    = $L.Name }
+               $Report += $ReportLine }
+        }
+        ElseIf ($P.SharePointLocation.Name -ne "All") {
+           $Locations = ($P | Select -ExpandProperty SharePointLocation)
+           ForEach ($L in $Locations) {
+               $ReportLine = [PSCustomObject][Ordered]@{
+                  PolicyName        = $P.Name
+                  SiteName          = $L.DisplayName
+                  SiteURL           = $L.Name 
+                  RetentionTime     = $Rule.RetentionDurationDisplayHint
+                  RetentionDuration = $Duration
+                  RetentionAction   = $RetentionAction
+                  Settings          = $Settings}
+               $Report += $ReportLine  }                    
+          }
+}
+$Report | Sort SiteName| Format-Table PolicyName, SiteName, RetentionDuration, RetentionAction, Settings -AutoSize
+
