Scripting

Display or Export All User Mailbox Holds

UPDATE: This tool has been updated to include implicit policies created in the Security and Compliance Center.

Last week, I was asked by a few people for information on displaying holds applied to mailboxes.

Holds come in several varieties:

  • In-Place Holds created via the Exchange Admin Center or eDiscovery case
  • Retention Policies (either as Retention or Label policies)
  • Litigation Hold set as a mailbox property
  • Legacy Exchange MRM policies

When viewed programmatically from PowerShell, you’ll notice that In-Place Holds and Retention Policies are somewhat inverse relationships like the legacy MRM policies–that is, the various policies in the Security & Compliance Center don’t have lists of objects applied to them. … [ Continue reading ]

Configuration

Update to Advanced AAD Connect Permissions tool

Since it’s initial creation, I’ve made a few updates to the Advanced AAD Connect permissions tool.  The most recent updates:

  • 2017-10-11 – delegating write permissions to the CN=adminSDHolder,CN=System container
  • 2017-10-05 – delegating write permissions to the ms-DS-ConsistencyGuid property

These two updates should allow for a more complete AAD Connect permissions delegation experience. … [ Continue reading ]

Configuration

Office 365 Secure Score Script

In light of the discovery that a recent comprise involved administrator credentials that were not protected with multi-factor authentication, I thought revisiting http://securescore.office.com might be a good idea.

For the uninitiated, Secure Score is a tool that we provide to examine some configuration items and give guidance on others in respect to creating a more secure operating environment for your Office 365 tenant. … [ Continue reading ]