Export a list of Office 365 users, their licenses and MFA Status in all customer tenants with delegated administration

Here’s a script that I have been using to get all users with their MFA Status & what licenses they have been allocated.

I modified the script from Elliot Munro GCITS for exporting a list of users licenses to include the MFA status, the orignal script is available here.

You will get the output of the CSV like this, I usually use it in excel and format as a table, then filter from there.

Output of the CSV file

How to Export all office 365 Users to the CSV

  1. Copy and paste the code into PowerShell ISE
  2. Save it as a .ps1 file
  3. Run the script
  4. Enter your account credentials that has deligated admin permissions
  5. Leave the script to run
  6. See all users and their MFA status along with their licence allocations at C:\Temp\UserLicenseReport.csv

The Script

$customers = Get-MsolPartnerContract -All
Write-Host "Found $($customers.Count) customers for $((Get-MsolCompanyInformation).displayname)." -ForegroundColor DarkGreen
$CSVpath = "C:\Temp\UserLicenseReport.csv"
  
foreach ($customer in $customers) {
    Write-Host "Retrieving license info for $($customer.name)" -ForegroundColor Green
    $licensedUsers = Get-MsolUser -TenantId $customer.TenantId -All | Where-Object {$_.islicensed}
  
    foreach ($user in $licensedUsers) {
        Write-Host "$($user.displayname)" -ForegroundColor Yellow  
        $licenses = $user.Licenses
        $licenseArray = $licenses | foreach-Object {$_.AccountSkuId}
        $licenseString = $licenseArray -join ", "
        Write-Host "$($user.displayname) has $licenseString and MFA: "  -ForegroundColor Blue
		Write-Host "$user.StrongAuthenticationRequirements.State "
        $licensedSharedMailboxProperties = [pscustomobject][ordered]@{
            CustomerName      = $customer.Name
            DisplayName       = $user.DisplayName
            Licenses          = $licenseString
            TenantId          = $customer.TenantId
            UserPrincipalName = $user.UserPrincipalName
	    MFAStatus		  = $user.StrongAuthenticationRequirements.State 
        }
        $licensedSharedMailboxProperties | Export-CSV -Path $CSVpath -Append -NoTypeInformation   
    }
}

MFA Status’s??

If your unsure about what the different states for MFA Status they are available here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

Read More →
Replies: 0 / Share:

So basically people sometimes call & say something about not receiving an email from someone or they think that emails are getting blocked by spam.

So wrote a small script that will connect to Exchange Online & then prompt for the amount of days back you want to check for spam and also which user. 

The script then exports it to a CSV file & opens it for you so you can view it.

 

#You need the ExchangeOnlineManagmenet module installed in powershell 
#Install-Module -Name ExchangeOnlineManagement


#Import exchange
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

#set todays date and the amount of time to seach back
$today = Get-Date
$DaysBack = Read-Host -Prompt 'Input the days you want to go back'

#set the amount of days you want to go back 
$yesterday = (get-date).AddDays(-$DaysBack) 

# set who's mailbox you want to check
$recipient = Read-Host -Prompt 'Enter users email'

#mark status you want to search for
$Status = "FilteredAsSpam" 


Get-MessageTrace -StartDate $yesterday -EndDate $today -RecipientAddress $recipient -Status $Status | Select MessageID,Received,*Address,*IP,Subject,Status,Size | Format-Table

Invoke-Item C:\Temp\SpamResults.csv
Read More →
Replies: 0 / Share:

A common data breach method that I have seen on emails is leveraging client forwarding rules to forward every email received to a third party.

Basically a “hacker” will gain access into a mailbox (usually through social engineering) and then setup forwarding rules on the mailbox so all of the emails will be received by the intended recipient as well as forwarding the email to the malicious third party.

This risk can be mitigated by disabling client forwarding rules to external domains. This means that your email server will not allow auto-forwarding of emails to domains that are not part of your organisation.

How to disable client forwarding rules to external domains in office 365 or Exchange Server

If you have an enterprise SKU of Office 365 you can use the secure score function to automatically create the rule, just go to https://securescore.office.com/ and enable Client Forwarding Rules Block.

Manually setting a rule to block autoforwarding

If you do not have an enterprise SKU on office 365 (or if you have an on premise exchange server) you will need to manually create the mail flow rule to block auto forward emails.

You will need to go to the exchange admin center an under rules select new rule & then follow the video above that has the instructions on setting up the rule.

 

Some other useful informaiton around securing your email environment:

How to Setup Outbound Spam notifications on Office 365 or Exchange

Setup MFA on Office 365

 

 

 

Read More →
Replies: 0 / Share:

How to Setup Outbound Spam notifications on Office 365 or Exchange

It is good practice to monitor outbound spam, if a computer gets infected with a virus or your exchange passwords are compromised the attacker can use your exchange or office 365 mailbox to send out spam.

Once this is setup if the server detects and blocks outbound spam it will send a notification email to you (or the admin) then you can investigate why this is happening.

The setup process is basically the same in both office 365 or Exchange on Premis.

How to setup the outbound spam notifications

  • Go to EAC
  • Open Protection
  • Click outbound spam
  • Open the default policy (or any other policy)
  • Select Outbound spam preferences
  • Tick the Send notification to the following email address or addresses when a sender is blocked for sending outbound spam.
  • Enter the email you want the notification to go to.

Now if any of your mailboxes are sending out spam you will know about it!!

Read More →
Replies: 0 / Share:

How to setup Multi Factor Authentication in Office 365 – Two Factor Authentication

What is Multi Factor Authentication?

Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

In Office 365 the way MFA works is that you use your normal username & password but after you have verified that factor of authentication you are then sent a text message (SMS Message) to your mobile phone with a code to enter into the login screen.

This increases security because if someone does find out your username & password they still cannot login to your account without your mobile phone.

 

Setting up MFA on Office 365

You will need to be an administrator of your office 365 tenant to set this up.

MFA is a free service that you get with Office 365. At the very least you should have MFA enabled on all administrative users and if you can you should have it enabled on all Office 365 user accounts.

  1.  Log into the Office 365 admin center
  2. Go to Users > Active users
  3. Select More at the top of the screen and then click on Setup Azure multi factor auth
  4.  Find the users you want to enable MFA for  and enable them
Read More →
Replies: 0 / Share:

This video shows you how to allow Skype for Business users to both contact people on other Skype for business domains and also allow users to communicate with normal Skype users.

They can use Skype for both IM and normal voice/video chat.

This video is made using a demo tenant on Office 365.

To allow external communication follow these steps:

  • Log into Office 365 and go to the Skype for Business Admin Centre
  • Click on the “Organisation” tab on the left hand side
  • Click on External Communication
  • Select “Let people use skype for business to communicate with people outside of this organisation”
  • Save the settings
Read More →
Replies: 0 / Share:

Charts on the Dashboard page are showing the error: “You do not have sufficient privileges to view this chart”.

As well as many of the entities such as calendars, contacts and accounts provided by default throughout the system are missing.

If this is a new tenant this can happen to users that have been given an Administrator login to Dynamics 365, to fix this problem you need to add some permissions to the user.

How to fix You do not have sufficient privileges to view this chart error in Dynamics 365

Click the three lines at the top, then select settings, then select security. Shown in image below.

fix-you-do-not-have-sufficient-privileges-to-view-this-chart

Go into the Users menu

Select the user you want to add permissions to

Click the Manage Roles button

Add in the roles that you want the user to have.

dynamics-365-user-role-permissions

Now if you go back to the dashboards you will be able to see the ones you have given the user permissions to see.

dynamics-dashboard

 

 

Read More →
Replies: 0 / Share: