Scripting

Display or Export All User Mailbox Holds

UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.

Last week, I was asked by a few people for information on displaying holds applied to mailboxes.

Holds come in several varieties:

  • In-Place Holds created via the Exchange Admin Center or eDiscovery case
  • Retention Policies (either as Retention or Label policies)
  • Litigation Hold set as a mailbox property
  • Legacy Exchange MRM policies

When viewed programmatically from PowerShell, you’ll notice that In-Place Holds and Retention Policies are somewhat inverse relationships like the legacy MRM policies–that is, the various policies in the Security & Compliance Center don’t have lists of objects applied to them. … [ Continue reading ]

Scripting

Update to Wipe Exchange Online Mailbox script

Earlier today, I was asked to make an update to my script to wipe Exchange Online mailboxes to include Archive Mailboxes.  Fortunately, it ended up being much easier than I anticipated:

When I enumerated the mailbox originally, I used:

$Root = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service, [Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root)

In order to access the Archive folder, I just had to change the WellKnownFolderName from Root to ArchiveRoot, after examining the list available at https://msdn.microsoft.com/en-us/library/microsoft.exchange.webservices.data.wellknownfoldername(v=exchg.80).aspx.… [ Continue reading ]

Configuration

Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates:

  • 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
  • 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property

These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]

Configuration

Office 365 Secure Score Script

In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.

For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]