External/powershell-scripts
1
0
Fork 0
mirror of https://github.com/admindroid-community/powershell-scripts.git synced 2025-12-17 16:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Find Non-audited Mailbox Actions

Browse Source
This commit is contained in:
AdminDroid 2024-06-19 15:38:52 +05:30
parent ceaa7ea581
commit ae9a8b76cb
1 changed files with 42 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Export Non-audited Mailbox Actions/GetMB_NonAuditedActions.ps1
View File

@ -22,40 +22,53 @@ Param
( (
[Parameter(Mandatory = $false)] [Parameter(Mandatory = $false)]
[string]$UserName = $NULL, [string]$UserName = $NULL,
[string]$Password = $NULL [string]$Password = $NULL,
[string]$Organization,
[string]$ClientId,
[string]$CertificateThumbprint
) )
$AuditAdmin = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "Send", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateComplianceTag" , "UpdateInboxRules") $AuditAdmin = @("ApplyRecord", "Copy", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "Send", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateComplianceTag" , "UpdateInboxRules")
$AuditDelegate = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateComplianceTag", "UpdateInboxRules") $AuditDelegate = @("ApplyRecord", "Create", "FolderBind", "HardDelete", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "SendAs", "SendOnBehalf", "SoftDelete", "Update", "UpdateFolderPermissions", "UpdateComplianceTag", "UpdateInboxRules")
$AuditOwner = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "Send", "SearchQueryInitiated", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateComplianceTag", "UpdateInboxRules") $AuditOwner = @("ApplyRecord", "Create", "HardDelete", "MailboxLogin", "MailItemsAccessed", "Move", "MoveToDeletedItems", "RecordDelete", "Send", "SearchQueryInitiated", "SoftDelete", "Update", "UpdateCalendarDelegation", "UpdateFolderPermissions", "UpdateComplianceTag", "UpdateInboxRules")
function Connect_Exo { function Connect_Exo {
#Check for EXO v2 module inatallation #Check for EXO module inatallation
$Module = Get-Module ExchangeOnlineManagement -ListAvailable $Module = Get-Module ExchangeOnlineManagement -ListAvailable
if ($Module.count -eq 0) { if($Module.count -eq 0)
Write-Host "Exchange Online PowerShell V2 module is not available" -ForegroundColor yellow {
$Confirm = Read-Host "Are you sure you want to install module? [Y] Yes [N] No" Write-Host Exchange Online PowerShell module is not available -ForegroundColor yellow
if ($Confirm -match "[yY]") { $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No
if($Confirm -match "[yY]")
{
Write-host "Installing Exchange Online PowerShell module" Write-host "Installing Exchange Online PowerShell module"
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force -Scope CurrentUser
Import-Module ExchangeOnlineManagement
} }
else { else
Write-Host "EXO V2 module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet." {
Write-Host EXO module is required to connect Exchange Online.Please install module using Install-Module ExchangeOnlineManagement cmdlet.
Exit Exit
} }
} }
Write-Host "Connecting to Exchange Online..." Write-Host Connecting to Exchange Online...
Import-Module ExchangeOnline -ErrorAction SilentlyContinue -Force
#Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account #Storing credential in script for scheduling purpose/ Passing credential as parameter - Authentication using non-MFA account
if (($UserName -ne "") -and ($Password -ne "")) { if(($UserName -ne "") -and ($Password -ne ""))
{
$SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force $SecuredPassword = ConvertTo-SecureString -AsPlainText $Password -Force
$Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword $Credential = New-Object System.Management.Automation.PSCredential $UserName,$SecuredPassword
Connect-ExchangeOnline -Credential $Credential Connect-ExchangeOnline -Credential $Credential -ShowBanner:$false
} }
else { elseif($Organization -ne "" -and $ClientId -ne "" -and $CertificateThumbprint -ne "")
Connect-ExchangeOnline {
Connect-ExchangeOnline -AppId $ClientId -CertificateThumbprint $CertificateThumbprint -Organization $Organization -ShowBanner:$false
} }
Write-Host "ExchangeOnline PowerShell module is connected successfully"`n else
{
Connect-ExchangeOnline -ShowBanner:$false
} }
$global:ExportCSVFileName = "Mailboxes_NonAuditingActions_Report_" + ((Get-Date -format "MMM-dd hh-mm-ss tt").ToString()) + ".csv" }
$Location=Get-Location
$global:ExportCSVFileName = "$Location\Mailboxes_NonAuditingActions_Report_" + ((Get-Date -format "MMM-dd hh-mm-ss tt").ToString()) + ".csv"
function MailboxNotAudited { function MailboxNotAudited {
$Audit_Check = Get-OrganizationConfig | Select AuditDisabled $Audit_Check = Get-OrganizationConfig | Select AuditDisabled
if ($Audit_Check.AuditDisabled -eq $true) { if ($Audit_Check.AuditDisabled -eq $true) {
@ -101,8 +114,7 @@ Connect_Exo
MailboxNotAudited MailboxNotAudited
if ((Test-Path -Path $global:ExportCSVFileName) -eq "True") { if ((Test-Path -Path $global:ExportCSVFileName) -eq "True") {
Write-Host "Mailboxes and disabled auditing actions are exported"`n Write-Host "Mailboxes and disabled auditing actions are exported"`n
Write-Host " The report available in:" -NoNewline -ForegroundColor Yellow; Write-Host .\$global:ExportCSVFileName `n Write-Host " The report available in:" -NoNewline -ForegroundColor Yellow; Write-Host $global:ExportCSVFileName `n
Write-Host "Disconnected active ExchangeOnline session"
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline;
Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n