forked from directorcia/Office365
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patho365-exo-sharedblock.ps1
48 lines (38 loc) · 2.46 KB
/
o365-exo-sharedblock.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<# CIAOPS
Script provided as is. Use at own risk. No guarantees or warranty provided.
Description - Report and potentially disable interactive logins to shared mailboxes
## Source - https://github.com/directorcia/Office365/blob/master/o365-exo-sharedblock.ps1
Prerequisites = 2
1. Connected to Exchange Online
2. Connect to Azure AD
More scripts available by joining http://www.ciaopspatron.com
#>
## Variables
$secure = $false ## $true = shared mailbox login will be automatically disabled, $false = report only
$systemmessagecolor = "cyan"
$processmessagecolor = "green"
$errormessagecolor = "red"
## If you have running scripts that don't have a certificate, run this command once to disable that level of security
## set-executionpolicy -executionpolicy bypass -scope currentuser -force
Clear-Host
write-host -foregroundcolor $systemmessagecolor "Script started`n"
write-host -ForegroundColor $processmessagecolor "Getting shared mailboxes"
$Mailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize:Unlimited
write-host -ForegroundColor $processmessagecolor "Start checking shared mailboxes"
write-host
foreach ($mailbox in $mailboxes) {
$accountdetails=get-azureaduser -objectid $mailbox.userprincipalname ## Get the Azure AD account connected to shared mailbox
If ($accountdetails.accountenabled){ ## if that login is enabled
Write-host -foregroundcolor $errormessagecolor $mailbox.displayname,"["$mailbox.userprincipalname"] - Direct Login ="$accountdetails.accountenabled
If ($secure) { ## if the secure variable is true disable login to shared mailbox
Set-AzureADUser -ObjectID $mailbox.userprincipalname -AccountEnabled $false ## disable shared mailbox account
$accountdetails=get-azureaduser -objectid $mailbox.userprincipalname ## Get the Azure AD account connected to shared mailbox again
write-host -ForegroundColor $processmessagecolor "*** SECURED"$mailbox.displayname,"["$mailbox.userprincipalname"] - Direct Login ="$accountdetails.accountenabled
}
} else {
Write-host -foregroundcolor $processmessagecolor $mailbox.displayname,"["$mailbox.userprincipalname"] - Direct Login ="$accountdetails.accountenabled
}
}
write-host -ForegroundColor $processmessagecolor "`nFinish checking mailboxes"
write-host
write-host -foregroundcolor $systemmessagecolor "Script completed`n"