From 3147e5b89c7354e51122b5825a9cce8999116347 Mon Sep 17 00:00:00 2001 From: AdminDroid <49208841+admindroid-community@users.noreply.github.com> Date: Wed, 22 Jan 2020 14:32:11 +0530 Subject: [PATCH] Create EnableMBAuditLogging.ps1 Enables mailbox auditing in Office 365 mailboxes --- .../EnableMBAuditLogging.ps1 | 126 ++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 Enable Mailbox Auditing for Office 365 Users/EnableMBAuditLogging.ps1 diff --git a/Enable Mailbox Auditing for Office 365 Users/EnableMBAuditLogging.ps1 b/Enable Mailbox Auditing for Office 365 Users/EnableMBAuditLogging.ps1 new file mode 100644 index 0000000..dfd9a50 --- /dev/null +++ b/Enable Mailbox Auditing for Office 365 Users/EnableMBAuditLogging.ps1 @@ -0,0 +1,126 @@ +<# Purpose : Enable mailbox audit logging for all Office 365 mailboxes + Last updated : Jan 20, 2020 + Website : https://O365reports.com + For execution steps and usecases: https://o365reports.com/2020/01/21/enable-mailbox-auditing-in-office-365-powershell +#> + +#Accept input paramenters +param( +[Parameter(Mandatory = $false)] +[string]$UserName, +[string]$Password, +[ValidateSet('ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItem','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules','MailboxLogin')] +[string[]]$Operations=('ApplyRecord','Copy','Create','FolderBind','HardDelete','MessageBind','Move','MoveToDeletedItem','RecordDelete','SendAs','SendOnBehalf','SoftDelete','Update','UpdateCalendarDelegation','UpdateFolderPermissions','UpdateInboxRules','MailboxLogin'), +[switch]$MFA +) + #Remove existing sessions + Get-PSSession | Remove-PSSession + + #Authentication using MFA + if($MFA.IsPresent) + { + $MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1) + If ($MFAExchangeModule -eq $null) + { + Write-Host `nPlease install Exchange Online MFA Module. -ForegroundColor yellow + Write-Host You can install module using below blog: https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/ `n `nOR you can install module directly by entering "Y"`n + $Confirm= Read-Host Are you sure you want to install module directly? [Y] Yes [N] No + if($Confirm -match "[y]") + { + Write-Host Yes + Start-Process "iexplore.exe" "https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application" + } + else + { + Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/' + Exit + } + $Confirmation= Read-Host Have you installed Exchange Online MFA Module? [Y] Yes [N] No + + if($Confirmation -match "[y]") + { + $MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1) + If ($MFAExchangeModule -eq $null) + { + Write-Host Exchange Online MFA module is not available -ForegroundColor red + Exit + } + } + else + { + Write-Host Exchange Online PowerShell Module is required + Start-Process 'https://o365reports.com/2019/04/17/connect-exchange-online-using-mfa/' + Exit + } + } + + #Importing Exchange MFA Module + Write-Host `nConnecting to Exchange Online... + . "$MFAExchangeModule" + Connect-EXOPSSession -WarningAction SilentlyContinue + + } + + #Authentication using non-MFA + else + { + #Storing credential in script for scheduling purpose/ Passing credential as parameter + if(($UserName -ne "") -and ($Password -ne "")) + { + $SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force + $Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword + } + else + { + $Credential=Get-Credential -Credential $null + } + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credential -Authentication Basic -AllowRedirection + Write-Host `nConnecting to Exchange Online... + Import-PSSession $Session -AllowClobber -DisableNameChecking| Out-Null + } + $MBCount=0 + $AuditAdmin="ApplyRecord","Copy","Create","FolderBind","HardDelete","MessageBind","Move","MoveToDeletedItem","RecordDelete","SendAs","SendOnBehalf","SoftDelete","Update","UpdateCalendarDelegation","UpdateFolderPermissions","UpdateInboxRules" + $AuditDelegate ="ApplyRecord","Create","FolderBind","HardDelete","Move","MoveToDeletedItems","RecordDelete","SendAs","SendOnBehalf","SoftDelete","Update","UpdateFolderPermissions","UpdateInboxRules" + $AuditOwner="ApplyRecord","Create","HardDelete","MailboxLogin","Move","MoveToDeletedItems","RecordDelete","SoftDelete","Update","UpdateCalendarDelegation","UpdateFolderPermissions","UpdateInboxRules" + +if($Operations.Length -eq 17) +{ + $RequiredOperations=$Operations + Get-Mailbox -ResultSize Unlimited | Select PrimarySmtpAddress,DisplayName | ForEach { + $DisplayName=$_.Displayname + Write-Progress -Activity "`n Processed mailbox count: $MBCount "`n" Currently Processing: $DisplayName" + $MBCount++ + Set-Mailbox -Identity $_.PrimarySmtpAddress -AuditEnabled $true -AuditAdmin $AuditAdmin -AuditDelegate $AuditDelegate -AuditOwner $Auditowner + } +} +else +{ + $RequiredOperations=$PSBoundParameters.Operations + [System.Collections.ArrayList]$EnableAuditAdmin=@() + [System.Collections.ArrayList]$EnableAuditDelegate=@() + [System.Collections.ArrayList]$EnableAuditOwner=@() + Foreach($Operation in $RequiredOperations) + { + if($AuditAdmin -match $Operation) + { + $EnableAuditAdmin += $Operation + } + if($AuditDelegate -match $Operation) + { + $EnableAuditDelegate += $Operation + } + if($AuditOwner -match $Operation) + { + $EnableAuditOwner += $Operation + } + } + + Get-Mailbox -ResultSize Unlimited | Select PrimarySmtpAddress,DisplayName | ForEach { + $DisplayName=$_.Displayname + Write-Progress -Activity "`n Processed mailbox count: $MBCount "`n" Currently Processing: $DisplayName" + $MBCount++ + Set-Mailbox -Identity $_.PrimarySmtpAddress -AuditEnabled $true -AuditAdmin $EnableAuditAdmin -AuditDelegate $EnableAuditDelegate -AuditOwner $EnableAuditowner + } +} +Write-Host `nMailbox Audit logging enabled for $MBCount mailboxes -ForegroundColor Green +Write-Host "Mailbox Audit Logging enabled following operation(s):" $RequiredOperations