vanvfields / microsoft-365 Goto Github PK

Scripts to help configure Microsoft 365

License: The Unlicense

PowerShell 100.00%

microsoft-365's Introduction

Microsoft-365

Scripts and other resources to help configure Microsoft 365. Latest and greatest scripts are located in the zip files in this directory: - ZeroTrustScripts.zip: Corresponds to the scripts described in my Zero Trust Guide for the SMB, including Conditional Access baselines. - ThreatDefenseScripts.zip: Corresponds to the scripts described in my Threat Defense Guide for the SMB, including Protection alerts, Exchange Online, Microsoft Defender for Office 365, and more. - DataProtectionScripts.zip: Corresponds to the scripts described in my Data Protection Guide for the SMB.

Azure AD

Legacy; no longer updating this directory.

Exchange Online

Legacy; see ThreatDefenseScripts.zip for latest and greatest versions of these. The Office 365 Email Security Checklist: For anyone with an Exchange Online subscription for Email hosted in Office 365, start here. Scripts from this guide are located in the Exchange Online folder.

Incident Response

These scripts I have found to to be useful during Incident Response.

mggraph-samples

These scripts utilize the newer Graph SDK PowerShell module, and replace the scripts I had previously maintained in this repo.

Setup Intune

Legacy; no longer updating this directory.

Windows 10

Legacy; no longer updating this directory.

microsoft-365's People

Contributors

Stargazers

Watchers

Forkers

sks700 dawander brisso emendoadmin bradleyjmorris gearrington ohendriks-ramit uptakedigital shevan77 rikintrivedi absoblogginlutely ssmbcloud-ops rubicondimitri crazyoz aavdberg neil9bailey ttvert adambovan kiwiitguy johann-smith dytec-technology morebettersecurity albandrod mungo92 robm82 tiagojferreira greenloop-it-solutions martintodorov79 robertdman tech4acc proinsights amolpawar297 caslek techabib sysadmin256 zombie-technology plastiche lamontg aashir-max darrenbradley mwana-wevhu numanm23 xkhahuss rickdemerle tahir7736953 hoggecyber jimparsons jtmaynard ianperrin sysadam mikeyeg switcher05 rid4h davejlong appliedi pjmarcum shevangorky-dev faisal-ijaz ben71fl alwayslearningtech vagelim anonymousdevteam toggenation samotelf madisettisunil enots01 uitdevscripts jebinluke micjedder05 digitalarche theotherjeremy fsch jeremymorel jjonkers blueacets zippyy nicholasdevbr devopsadmins deskflix-clam selvanair jpiterak solreis263 eldanno2004 worldcentral bunzo90 throwawaybean xfixic prydma jjrmilner jfmojica dreadkong carlosamericano wazza22 bweisser chuckrathje linssenjack supxl robkeem henrikhenriksen rhaarhoff

microsoft-365's Issues

Existing "Exclude from CA" group not found

Thanks for the great scripts and blog - awesome work

I've found a potential issue in the Baseline-ConditionalAccessPolicies.ps1 script where it checks for an existing "Exclude from CA" group.

Microsoft-365/Azure AD/Baseline-ConditionalAccessPolicies.ps1

Line 38 in a3eee57

    
           $ExcludeCAGroup = Get-AzureADGroup | Where-Object DisplayName -EQ "Exclude From CA"

I believe this occurs in tenants where there are a large number of groups and the Get-AzureADGroup is limited to returning 100 results.

Therefore, including the -All parameter for this command could solve the issue

$ExcludeCAGroup = Get-AzureADGroup -All $true | Where-Object DisplayName -EQ "Exclude From CA"

Install-AzureADProtectionAlerts.ps1 no longer valid.

Hi there,

I don't believe this script is valid anymore, we should we Azure Monitor \ KQL instead: https://github.com/vanvfields/Microsoft-365/blob/master/Incident%20Response/Install-AzureADProtectionAlerts.ps1

Script fails with a variable error

I am unable to execute the "Setp-Intune.ps1" script. It fails with an error. Is there a specific version of PowerShell required? I'm running version 5.1.19041.610. I have the AzureAD PS module installed. Running Windows 10 Enterprise Version 20H2.

The variable '$global:authToken' cannot be retrieved because it has not been set.
At D:\IntuneScripts\Setup-Intune.ps1:849 char:4
+ if($global:authToken){
+    ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (global:authToken:String) [], RuntimeException
    + FullyQualifiedErrorId : VariableIsUndefined

You cannot call a method on a null-valued expression.
At D:\IntuneScripts\Setup-Intune.ps1:814 char:5
+     $errorResponse = $ex.Response.GetResponseStream()
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At D:\IntuneScripts\Setup-Intune.ps1:896 char:1
+ $Sharepoint = $EnterpriseDomain.Split(".")[0]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Office apps and new Edge - HTTP Bad Request

Add Office apps and the new Edge browser for Windows 10 (Recommended)? Type Y or N and press Enter to continue: Y
Publishing Microsoft 365 Desktop apps - 32 bit
Response content:
{"error":{"code":"BadRequest","message":"{\r\n  \"_version\": 3,\r\n  \"Message\": \"A valid office default file format version must be selected. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 3d474e4d-32bd-4eec-9ee3-132c31ad422c - Url: https://fef.amsua0102.manage.microsoft.com/AppLifecycle_2303/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=5023-02-18\",\r\n  \"CustomApiErrorPhrase\": \"\",\r\n  \"RetryAfter\": null,\r\n  \"ErrorSourceService\": \"\",\r\n  \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-03-31T13:52:27","request-id":"3d474e4d-32bd-4eec-9ee3-132c31ad422c","client-request-id":"3d474e4d-32bd-4eec-9ee3-132c31ad422c"}}}
Add-MDMApplication : Request to https://graph.microsoft.com/Beta/deviceAppManagement/mobileApps failed with HTTP
Status BadRequest Bad Request
At C:\Users\MHammett\Downloads\Setup-Intune.ps1:5847 char:1
+ Add-MDMApplication -JSON $Office32
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-MDMApplication

Windows 10 Install Security Profiles Script wrong minimum Win ver

Install-Windows10SecurityProfiles.ps1
Windows 10 Baseline Compliance policy, description says minimum 1903 (10.0.18362) Windows version, however under device properties it is set to 1909 (10.0.18363).

In the script the description 1903 is set on line 1615 and the device properties 1909 is on line 1627

Redirect URIs with urn: schemes are prohibited

Hello there! Thank you for these great IR scripts. When I run Start-AzureADIRCollection.ps1 I get the following error when trying to authenticate:

azureadir AADSTS500119: Redirect URIs with urn: schemes are prohibited. Use a different scheme, or https://login.microsoftonline.com/common/oauth2/nativeclient

I have installed and imported AzureADIncidentResponse and I have tried your other scripts and several others seem to run OK, such as Start-UnifiedAuditLogIRCollection.ps1.

Any ideas how to correct this? Thank you!

Suggestion: Modify all script to check for existing policy (etc.) before creating

First of all, will start by saying this is a great library of script to get up and running with the various Microsoft 365 Business Premium components. Regrettably, I only found the scripts after I'd already manually created most of the same kind of things so wasted a lot of time I could have saved! Anyway...

I would be great if the scripts could be run multiple times without doubling-up on creating the same set of policies over and over again. Especially when tweaking to a specific tenant's requirements, would be great when you make a mess of a specific policy if you could just delete that single policy then re-run the script again to re-create (the now missing) policy only.

Http bad request error

Getting the following error for any of the imports attempted. Does the URL need to be adjusted or something?

Do you want to import WIP policies for Windows 10 (Optional)? Type Y or N and press Enter to continue: y
Adding Windows Information Protection policies...
Response content:
{"error":{"code":"BadRequest","message":"Request not applicable to target tenant.","innerError":{"date":"2022-09-26T22:06:05","request-id":"29be1316-f2ef-4018-a9dc-96f95c91f99a","client-request-id":"29be1316-f2ef-4018-a9dc-96f95c91f99a"}}}
Add-MDMWindowsInformationProtectionPolicy : Request to https://graph.microsoft.com/Beta/deviceAppManagement/mdmWindowsInformationProtectionPolicies failed with HTTP Status BadRequest Bad Request
At C:\Users\Jason\Desktop\setup-Intune.ps1:5803 char:1
+ Add-MDMWindowsInformationProtectionPolicy -JSON $APP_WIP_MDM
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Add-MDMWindowsInformationProtectionPolicy

Safe Links Tracking there is already a default policy

Skydrive update to onedrive?

I noticed a few of the scripts have links to

                 "id":  "com.microsoft.skydrive.android",
                 "version":  "1887770705",
                 "mobileAppIdentifier":  {
                                             "@odata.type":  "#microsoft.graph.androidMobileAppIdentifier",
                                             "packageId":  "com.microsoft.skydrive"

Does this need to be updated to com.microsoft.onedrive?

Or are they still actively using the skydrive subdomain for mobile apps?
skydrive.microsoft.com will respond, but it's responding from a different IP than onedrive.microsoft.com

vanvfields / microsoft-365 Goto Github PK

microsoft-365's Introduction

Microsoft-365

Azure AD

Exchange Online

Incident Response

mggraph-samples

Setup Intune

Windows 10

microsoft-365's People

Contributors

Stargazers

Watchers

Forkers

microsoft-365's Issues

Recommend Projects

Recommend Topics

Recommend Org