PowerShell script to check email forwards

A while ago I wrote an article about how important it is to check the email forwards that all your mailboxes have in Office 365. Why? Because, the first things most bad actors set up after successfully phishing a user’s credentials is to forward all email to their own account. This effectively mirrors everything a users receives. Doing so allows the bad actors to gather intelligence about the user and the organisation and potentially impersonate that user.

If you look at the configured email forwards for your tenant, as I detailed here:

Check those Office 365 email forwards

are much more likely to detect something that could be an issue and take action.

As the article details, the easiest way to do this is to use a PowerShell command. However, an even easier way to use the script that I have just made available for free in my GitHib repo here:

https://github.com/directorcia/Office365/blob/master/o365-exo-fwd-chk.ps1

You’ll need to connect to Exchange Online prior to running this script.

The script will report back on all mailboxes and show you any forwards configured. It will show those in place but disabled (in yellow) and those in place and enabled (in red). The enabled ones are the ones you really should check to ensure that they are required and not implemented by some bad actors.

I’ve also uploaded many more scripts to my GitHub repo to allow you to connect to Office 365 services directly or using multi factor authentication. I’ll keep adding scripts and updating existing ones regularly, so ensure you check back there regularly.

CIAOPS GitHub Repositories

I have now created 2 GitHub repos for Office 365 and Azure content. You can find these at:

https://github.com/directorcia/Office365

and

https://github.com/directorcia/Azure

At the moment they mostly contain basic connection PowerShell scripts but I am looking to grow the content over time and include other information that people can use. For example, in the Azure repo you’ll find my Azure bucket spreadsheet which is a basic way of pricing and bundling Azure services.

Much of the content is under development but using GitHub allows me to easily work on the content across different machines and have a development environment to work with (i.e. versions, branches, etc).

Using GitHub I also see as a way for me to gain experience with the technology given the recent Microsoft purchase of GitHub as well as the general move to a DevOps world.

So, take a look at what is there, hopefully you’ll find some handy PowerShell scripts and don’t forget to check back regularly for new and updated content. As always you can send me feedback directly or in GitHub for each project.

Using Office 365 PowerShell with MFA enabled

Enabling multi factor authentication (MFA) in Office 365 is best practice, especially for global administrators. However, doing so can raise some challenges when it comes to working with PowerShell command line and the ISE.

The above video tutorial takes you through the process of accessing your Office 365 tenant when you have MFA enabled. The commands that you need to also do this via the PowerShell ISE are here:

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+”\Apps\2.0\”) -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch “_none_”}|select -First 1)

$EXOSession = New-ExoPSSession

Import-PSSession $EXOSession

Now you can still have MFA enabled on your accounts while using PowerShell. Yes, there is more work to enable this but if it is harder then generally you know it is more secure!

Azure Active Directory version 2 PowerShell module

For a long time we have been using the msonline module in PowerShell to access Azure AD which provides Office 365 identity and security. This has now been superseded by the new:

Azure AD V2 PowerShell module

Also thanks to advances in PowerShell this module is even easier to install.

Just open the PowerShell application on your workstation (it is always recommended that you do this as an administrator). Then just type:

install-module –name azuread

and press enter.

You may be prompted about a Nuget provider as shown above. Select Yes to continue.

You should now see this being installed as shown above.

You may also be prompted about installing from an untrusted repository. Select Yes to all to continue.

You should now see the Azure AD module being downloaded.

When complete you’ll be returned to the command prompt.

You’ll still need to login to your tenant using the standard get-credential command. However now you use the following:

connect-azuread

command to access Azure AD.

Once that is complete you can issue some of the new module command such as:

get-azureaddomain

as shown above to work with your cloud AD.

This new Azure AD module will the option to use going forward to work with your identities PowerShell for Office 365 because the older version 1 msonline will be depreciated at some stage.

January webinar resources

January 2017 Need to Know Webinar—Robert Crane Docs.com

https://docs.com/d/embed/D25191743-6640-8940-4220-000669904411%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Welcome to 2017. The first webinar of the New Year is now done and dusted. You can see the slide above or download directly from:

January 2017 Need to Know Webinar

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com/p/january-2017-need-to-know-webinar/

you can also now get access to all webinars via:

http://ciaops-academy.teachable.com/courses/need-to-know-webinars

for a nominal fee.

Thanks to everyone who attended and I hope to see you again next month.

Need to Know podcast–Episode 113

A special episode with a true technology superstar. Jeffrey Snover, Microsoft Technical Fellow/Lead Architect for Enterprise Group, Azure Stack and PowerShell Architect joins us to talk about Microsoft Operations Management Suite (OMS) and of course, all about his baby, PowerShell. Jeff shares some really great insights into the birth of PowerShell and why scripting is so valuable is today’s modern IT environment. Of course you’ll also get a cloud news update from Marc and I as well as a special report about upcoming changes to the Microsoft reseller initiatives around Office 365. It’s a bumper episode packed with content. So listen along, give us some feedback and listen to wisdom the father of PowerShell.

You can listen to this episode directly at:

http://ciaops.podbean.com/e/episode-113-jeffrey-snover/

or subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Modern SharePoint Lists

SharePoint Online Site Collection limit increased to 25TB

Change to partner remuneration coming 1st October 2016

Marc’s blog with all the Azure news

@jsnover – Jeffrey Snover: Microsoft Technical Fellow/ Lead Architect for Enterprise Cloud Group/ Azure Stack Architect/ PowerShell Architect

Here is the must watch video on Jeff’s history at Microsoft https://www.youtube.com/watch?v=3Uvq38XOark

Use the PowerShell 5 Convert-String Cmdlet

Learning PowerShell

Getting Started with PowerShell 3.0 – Microsoft Virtual Academy Course

Microsoft Operations Management Suite Overview

Show feedback – feedback@needtoknow.cloud

Upgrading to PowerShell 5

A while back I wrote an article about how:

Life is far easier with PowerShell 5

where I details the step involved in upgrading a machine to run PowerShell 5. I’ve now also completed a video on that very same process to show you exactly how easy it is to.

You should now how no reason not to be using PowerShell. Go forth and script!

Connecting to Azure Resource Manager via PowerShell

There is no doubt PowerShell is the premier way to configure and manage things like Azure. However, there has always been a challenge actually connecting to the environment to get the ball rolling.

The first thing that you need to do to connect to Azure Resource Manager via the command line is ensure that you have PowerShell 5 installed and configured for Azure Resource Manager. This previous article of mine:

Life is far easier with PowerShell 5

which will show you how to not only configure your PowerShell environment on a Windows 2012 R2 server but also install the modules required to access Azure Resource Manager.

Once you have launched the PowerShell environment enter the following commands to load the ‘classic’ Azure Service Manager and the newer Azure Resource Manager modules into the session:

import-module azure

import-module azurerm

You’ll now need to login to your Azure account and in this case you’ll login to the Azure Resource Manager account using the command:

login-azurermaccount

Typically a dialog will now appear asking you to enter your Azure account login and password.

When this has been successfully completed you should details of the account echoed back to you as shown above.

If you also want to access the ‘classic’ Azure Service Manager account issue the command:

add-azureaccount

You may need to login again with your Azure account details.

Once complete you’ll again be echoed back the details of that account as shown above.

We will continue to work with the newer Azure Resource Manager here. So if you now issue the command:

get-azurermsubscription

You will see the details of the Resource Manager subscription as shown above. The important thing here is typically the subscription name (here ‘Azure Pass’). You’ll typically need to refer to the subscription by name when using PowerShell commands for Azure.

The recommendation way to do this easily is to issue the command:

$subscription=get-azurermsubscription

This will store the results of the get-azuresubscription command in a variable called $subscription.

To extract the actual name of the subscription and store it in a variable issue the command:

$subscriptionnname = $subscription.subscriptionname

In this case, the command will store the string ‘Azure Pass’ into a variable called $subscriptionname that can be used later throughout the script.

You can then issue the command:

select-azurermsubscription –subscriptionname $subscriptionname

To select the Azure Resource Manager subscription to work with (remembering that it is possible to have multiple different subscriptions inside a single Azure tenant).

You should see the Azure Resource Manager account details echoed back to you as shown above.

If you also want to target the older Azure Service Manager subscription then you should issues similar commands:

$subscriptionold = get-azuresubscription

$subscriptionnameold = $subscriptionold.subscriptionname

select-azuresubscription –subscriptionname $subscriptionnameold

as shown above.

Now you can work with you Azure tenant and PowerShell commands for both Azure Resource Manager and the older Azure Service Manager if required.

As you can appreciate with scripting and PowerShell there is lot more we can do to improve the connection experience and I’ll look to detail that in the future but this should at least get you started.