External/powershell-scripts
1
0
Fork 0
mirror of https://github.com/admindroid-community/powershell-scripts.git synced 2025-12-17 08:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Find Who Sent Email From the Shared Mailbox

Browse Source 
Added support for certificate based auth and extended audit log retrieval from 90 days to 180 days
This commit is contained in:
AdminDroid 2024-09-18 16:02:24 +05:30
parent 9bd4fe74d2
commit 0a43922756
1 changed files with 75 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
Find who Sent Emails from Shared Mailboxes/FindWhoSentEmailFromSharedMailbox.ps1
View File

@ -2,21 +2,29 @@
============================================================================================= =============================================================================================
Name: Find who sent email from shared mailbox Name: Find who sent email from shared mailbox
Description: This script finds who sent emails from shared mailbox Description: This script finds who sent emails from shared mailbox
Version: 1.0 Version: 3.0
Website: o365reports.com Website: o365reports.com
Change Log
~~~~~~~~~~
V1 (11/5/22) - Initial version
V2 (9/28/23) - Minor changes
V2 (9/18/24) - Added support for certificate-based authentication and extended audit log retrieval perid from 90 to 180 days
Script Highlights: Script Highlights:
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
1.The script uses modern authentication to retrieve audit logs. 1.Helps to generate audit reports for custom periods.
2.The script can be executed with an MFA-enabled account too. 2.Tracks email sent activities from a specific shared mailbox.
3.Exports report results to CSV file. 3.Allows to audit send as activities separately.
4.Helps to generate audit reports for custom periods. 4.Allows to track send on behalf activities separately. The script uses modern authentication to retrieve audit logs.
5.Tracks email sent activities from a specific shared mailbox. 5.Exports report results to CSV file.
6.Allows to audit send as activities separately. 6.Automatically installs the EXO module (if not installed already) upon your confirmation.
7.Allows to track send on behalf activities separately. 7.The script can be executed with an MFA-enabled account too.
8.Automatically installs the EXO V2 (if not installed already) upon your confirmation. 8.Supports Certificate-based Authentication (CBA) too
9.The script is scheduler-friendly.i.e., Credentials can be passed as a parameter. 9.The script is scheduler-friendly.
For detailed script execution: https://o365reports.com/2022/05/11/find-who-sent-email-from-shared-mailbox-in-office-365-using-powershell For detailed script execution: https://o365reports.com/2022/05/11/find-who-sent-email-from-shared-mailbox-in-office-365-using-powershell
============================================================================================ ============================================================================================
@ -29,58 +37,28 @@ Param
[string]$SharedMBIdentity, [string]$SharedMBIdentity,
[switch]$SendAsOnly, [switch]$SendAsOnly,
[Switch]$SendOnBehalfOnly, [Switch]$SendOnBehalfOnly,
[string]$Organization,
[string]$ClientId,
[string]$CertificateThumbprint,
[string]$UserName, [string]$UserName,
[string]$Password [string]$Password
) )
Function Connect_Exo $MaxStartDate=((Get-Date).AddDays(-179)).Date
{
#Check for EXO v2 module inatallation
$Module = Get-Module ExchangeOnlineManagement -ListAvailable
if($Module.count -eq 0)
{
Write-Host Exchange Online PowerShell V2 module is not available -ForegroundColor yellow
$Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No
if($Confirm -match "[yY]")
{
Write-host "Installing Exchange Online PowerShell module"
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force
Import-Module ExchangeOnlineManagement
}
else
{
Write-Host EXO V2 module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet.
Exit
}
}
Write-Host Connecting to Exchange Online...
#Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account
if(($UserName -ne "") -and ($Password -ne ""))
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
Connect-ExchangeOnline -Credential $Credential
}
else
{
Connect-ExchangeOnline
}
}
$MaxStartDate=((Get-Date).AddDays(-89)).Date
#Getting SendAs emails for past 90 days #Retrive audit log for the past 180 days
if(($StartDate -eq $null) -and ($EndDate -eq $null)) if(($StartDate -eq $null) -and ($EndDate -eq $null))
{ {
$EndDate=(Get-Date).Date $EndDate=(Get-Date).Date
$StartDate=$MaxStartDate $StartDate=$MaxStartDate
} }
#Getting start date to audit sendas emails report #Getting start date to audit export report
While($true) While($true)
{ {
if ($StartDate -eq $null) if ($StartDate -eq $null)
{ {
$StartDate=Read-Host Enter start time for report generation '(Eg:04/28/2021)' $StartDate=Read-Host Enter start time for report generation '(Eg:12/15/2023)'
} }
Try Try
{ {
@ -91,7 +69,7 @@ While($true)
} }
else else
{ {
Write-Host `nAudit can be retrieved only for past 90 days. Please select a date after $MaxStartDate -ForegroundColor Red Write-Host `nAudit can be retrieved only for the past 180 days. Please select a date after $MaxStartDate -ForegroundColor Red
return return
} }
} }
@ -102,12 +80,12 @@ While($true)
} }
#Getting end date to audit sendas emails report #Getting end date to export audit report
While($true) While($true)
{ {
if ($EndDate -eq $null) if ($EndDate -eq $null)
{ {
$EndDate=Read-Host Enter End time for report generation '(Eg: 04/28/2021)' $EndDate=Read-Host Enter End time for report generation '(Eg: 12/15/2023)'
} }
Try Try
{ {
@ -125,7 +103,46 @@ While($true)
} }
} }
$OutputCSV=".\AuditWhoSentEmailsFromSharedMailbox_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
Function Connect_Exo
{
#Check for EXO module inatallation
$Module = Get-Module ExchangeOnlineManagement -ListAvailable
if($Module.count -eq 0)
{
Write-Host Exchange Online PowerShell module is not available -ForegroundColor yellow
$Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No
if($Confirm -match "[yY]")
{
Write-host "Installing Exchange Online PowerShell module"
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force
}
else
{
Write-Host EXO module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet.
Exit
}
}
Write-Host Connecting to Exchange Online...
#Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account
if(($UserName -ne "") -and ($Password -ne ""))
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
Connect-ExchangeOnline -Credential $Credential -ShowBanner:$false
}
elseif($Organization -ne "" -and $ClientId -ne "" -and $CertificateThumbprint -ne "")
{
Connect-ExchangeOnline -AppId $ClientId -CertificateThumbprint $CertificateThumbprint -Organization $Organization -ShowBanner:$false
}
else
{
Connect-ExchangeOnline -ShowBanner:$false
}
}
$Location=Get-Location
$OutputCSV="$Location\AuditWhoSentEmailsFromSharedMailbox_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)' $IntervalTimeInMinutes=1440 #$IntervalTimeInMinutes=Read-Host Enter interval time period '(in minutes)'
$CurrentStart=$StartDate $CurrentStart=$StartDate
$CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes) $CurrentEnd=$CurrentStart.AddMinutes($IntervalTimeInMinutes)
@ -166,6 +183,7 @@ else
} }
} }
#Check for SendAs and SendOnBehalf filter #Check for SendAs and SendOnBehalf filter
if($SendAsOnly.IsPresent) if($SendAsOnly.IsPresent)
{ {
@ -278,10 +296,15 @@ while($true)
If($OutputEvents -eq 0) If($OutputEvents -eq 0)
{ {
Write-Host No records found Write-Host No records found
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
} }
else else
{ {
Write-Host `nThe output file contains $OutputEvents audit records `n Write-Host `nThe output file contains $OutputEvents audit records `n
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
if((Test-Path -Path $OutputCSV) -eq "True") if((Test-Path -Path $OutputCSV) -eq "True")
{ {
Write-Host " The Output file availble in:" -NoNewline -ForegroundColor Yellow Write-Host " The Output file availble in:" -NoNewline -ForegroundColor Yellow
@ -298,5 +321,4 @@ else
#Disconnect Exchange Online session #Disconnect Exchange Online session
Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue Disconnect-ExchangeOnline -Confirm:$false -InformationAction Ignore -ErrorAction SilentlyContinue
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n