Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
I wrote this article about doing this here:
Making PowerShell automation easier with the Microsoft Graph
Now I have also done a video on the process which you can find here:
https://www.youtube.com/watch?v=n4_FxXiTAno
Let me know if you have any feedback on how this can be improved.
Ok, so you are telling me you have time on your hands and want to improve the security of your Microsoft 365 tenant? Ok, if you are only kind of serious, I’d tell you to go to:
https://security.microsoft.com/securescore
and select the Improvement actions as shown above.
That will show you a filtered view of items based on what hasn’t yet been completed in the tenant. In the case above, that equates to 67 items.
Oh, you want more to do you say?
Ok, if you remove that filter you’ll see the number in the list increase. In this case up from 67 to 84. That’s 36% increase in things you can address. Enough?
What? You want even more? Are you sure? Really sure?
Well, if you are, then the good news is that I have written a script for you that uses the Microsoft Graph to go in and grab all, and I mean ALL, of the secure score items. You’ll find the script in my Office 365 GitHub repo:
https://github.com/directorcia/Office365/blob/master/o365-ssdescpt-get.ps1
Now before you run this scripts, you’ll need to follow the instructions I have written about before:
Access the Microsoft Graph with a script
and set yourself up an OAuth token to access your tenant. You only need to do this once.
You’ll then need enter the values from this configuration into the script prior to running it:
You get these three items from the oAuth token set up I set out.
When run, the script will connect to the Microsoft Graph and start reading information from the Secure Score of YOUR tenant. It will also save the output to a text file in the parent directory. Why you ask?
Well, as you can see from the output from my tenant above, there are now potentially 6,972 items that I can go look at and configure to make my tenant more secure. That’s a 8,200% increase in things to keep you busy.
Remember, you did ask for more after all.
In a recent article I showed how to connect to the Microsoft Graph in a web browser:
Using the Microsoft Graph Explorer
I also showed how you could do the same:
This article is going to focus on how you can do the same thing but directly via a script that won’t prompt you for credentials.
Before running this script you’ll need to follow the Using Interactive PowerShell article and set up an app in your Azure AD.
During that process you’ll need to record three things that will be used here:
1. Application ID
2. Tenant ID
3. Client secret
I borrowed the connection piece of this script from:
https://www.lee-ford.co.uk/getting-started-with-microsoft-graph-with-powershell/
which I found really handy in helping me understand all this. You can download my script from my GitHub repository here:
https://github.com/directorcia/Office365/blob/master/graph-connect.ps1
You’ll need to enter your own Application ID, Tenant ID and Client secret in the variables section. After that, all you need to do is run the script. The results for the query of /security/alerts will end up in a variable called $query which you can view. The actual content of the alerts you’ll find in $query.content.
This Graph connection script should now allow you to connect to the Microsoft Graph for a tenant and start running queries and returning values for entries in there. At the moment it only queries security alerts, but you can modify it to query anything in the Graph for your tenant.
CIAOPS 