This page will always be in progress...
OneDrive
I get this task a lot of times, legal/hr/security team comes to me with an escalation because sensitive files were inadvertently being shared across the whole company. I initially had this coded before using PnP, but I have updated it here with Microsoft Graph. This is to scan OneDrive accounts and look for shares with "Everyone except external users".
https://github.com/panoy86/sysadmin/blob/main/graphAPI/get-onedrive-overshareditems.ps1I'll update this page soon with a version for SharePoint sites...
Exchange Online
Another one is finding the total unique recipients from a Distribution List (or a number of DLs). HR/Legal is my typical requestor here.
https://github.com/panoy86/sysadmin/blob/main/Get-DLMembers.ps1And a variation where business units like corporate communications would like to send an org-wide email, but in large organizations where the org-wide dl may contain several hundred DLs (even thousands in a company I used to work for), manually checking each one to ensure that the sender is allowed to send to is not feasible. This checks both the accept and reject list from each DL found.
https://github.com/panoy86/sysadmin/blob/main/get-nested-dls-with-restrictions.ps1This one took a while - this stems from niche requests where multiple groups needed to be combined to a single group, and updated daily. Example scenario is a Microsoft Teams' membership from members of several distribution lists (or plus security groups or even other Teams). Another one is to maintain a distribution list based on several groups, but remove members if they belong to another set of groups.
I had multiple versions of these to deal with the different type of groups: distribution list, mail-enabled security group, 365 group or Teams, security group. Here's the unified version.
https://github.com/panoy86/sysadmin/blob/main/graphAPI/sync-groups.ps1Conditional Access Policy
If your tenant has a good number of named locations, then trying to troubleshoot an IP address or Country/Region associated with a CAP (and using the portal) is tedious, hence I coded this script to list out all the named location in an easy to read table (it also saves the results in a CSV file).
https://github.com/panoy86/sysadmin/blob/main/graphAPI/get-cap-named-locations.ps1And this outputs all policies in a text file, not a pretty one but helpful if you don't want to wade thru each policy when troubleshooting.
https://github.com/panoy86/sysadmin/blob/main/graphAPI/get-cap.ps1
No comments:
Post a Comment