Skip to content
/ AzureAdDeployer Public

Tool to analyze and remediate Microsoft 365 according to current security best practices

www.powershellgallery.com/packages/azureaddeployer

License

MIT license
13 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

swissbuechi/AzureAdDeployer

BranchesTags

Repository files navigation

AzureAdDeployer

Tool to analyze and remediate Microsoft 365 according to current security best practices.

Example report

Microsoft365-Report-MSFT.html

System requirements

  • Requires PowerShell Core 6.0 or higher

Installation

Install via PowerShellGallery (recommended)

The module is published on the PowerShellGallery. You can install this module directly from the PowerShellGallery with the following command

Install-Module -Name AzureAdDeployer -Scope CurrentUser -Force

Create Desktop icon (Windows only)

You need to recreate the Desktop icon after every update

Invoke-AzureAdDeployer -InstallDesktopIcon

Update via PowerShellGallery

Update-Module -Name AzureAdDeployer -Force

Uninstall

Uninstall-Module -Name AzureAdDeployer -Scope CurrentUser

Usage

Interactive GUI

Invoke-AzureAdDeployer

Alias: aaddepl

Azure Active Directory + Exchange Online HTML report

aaddepl -AddExchangeOnlineReport

Create a BreakGlass account

aaddepl -CreateBreakGlassAccount

Disable Security Defaults

aaddepl -DisableSecurityDefaults

Features

General

  • Generates a HTML report to your desktop called Microsoft365-Report-<customer_name>-<date_time>.html
  • Interactive console interface
  • Create Desktop icon (Windows only)
  • Automatic update check

Azure Active Directory

  • User settings
    • Enterprise Application user consent: show, disable
    • Allowed to create apps: show, disable
    • Allowed to create secutity groups: show, disable
    • Allowed to create unified groups (Microsoft 365 groups): show, disable, create group
    • Allowed to read other users: show, disable
    • Allowed to create tenants: show
    • BlockMsolPowerShell: show, enable
  • Device join settings: show
  • Licenses: show
  • Admin role assignments: show
  • User mfa status: show
  • Guest accounts: show
  • BreakGlass account: show, create
  • Security sefaults: show, enable, disable
  • Conditional access policies: show, list locations
  • App protection policies: show

SharePoint Online

  • Tenant settings:
    • Legacy authentication protocols enabled: show
    • Add to OneDrive button: show, disable
    • Conditional access policy: show
    • Sharing capability: show
    • Prevent external users from resharing: show
    • Default sharing link type: show

Exchange Online

  • Domains: show, check DKIM/DMARC/SPF
  • Mail connector: show
  • User mailbox: show, set language
  • Shared mailbox: show, set language, disable login, enable copy to sent
  • Unified mailbox: show, hide from client

Arguments

Azure Active directory

Argument Description
-AddAzureADReport Add a report section for Azure Active Directory
-CreateBreakGlassAccount Create a BreakGlass Account if no one is found
-EnableSecurityDefaults Enable security defaults
-DisableSecurityDefaults Disable security defaults
-DisableEnterpiseApplicationUserConsent Disable enterprise application user consent
-DisableUsersToCreateAppRegistrations Disable users to create app registrations
-DisableUsersToReadOtherUsers Disable users to read other users
-DisableUsersToCreateSecurityGroups Disable users to create security groups
-DisableUsersToCreateUnifiedGroups Disable users to create unified groups
-CreateUnifiedGroupCreationAllowedGroup Create UnifiedGroupCreationAllowed group
-EnableBlockMsolPowerShell Disable legacy MsolPowerShell access

SharePoint Online

Argument Description
-DisableAddToOneDrive Disable add to OneDrive

Exchange Online

Argument Description
-AddExchangeOnlineReport Add a report section for Exchange Online
-SetMailboxLanguage Set mailbox language and location
-DisableSharedMailboxLogin Disable direct login to shared mailbox
-EnableSharedMailboxCopyToSent Enable shared mailbox copy to sent e-mails
-HideUnifiedMailboxFromOutlookClient Hide unified mailbox from outlook client

Advanced

Argument Description
-Help Display link to the arguments documentation
-Version Display the version of AzureAdDeployer
-SkipUpdateCheck Skip the automatic update check to run the outdated version
-InstallDesktopIcon Create Desktop icon (Windows only)
-UseExistingGraphSession Do not create a new Graph SDK PowerShell session
-UseExistingSpoSession Do not create a new SharePoint Online PowerShell session
-UseExistingExoSession Do not create a new Exchange Online PowerShell session
-KeepGraphSessionAlive Do not disconnect the Graph SDK PowerShell session after execution
-KeepSpoSessionAlive Do not disconnect the SharePoint Online session after execution
-KeepExoSessionAlive Do not disconnect the Exchange Online PowerShell session after execution

Upcoming Features

Checkout the AzureAdDeployer project board

Development

Import-Module .\AzureAdDeployer.psm1 -Force

Credits

Icon

DMARC and SPF check

User MFA check

Compare Module

About

Tool to analyze and remediate Microsoft 365 according to current security best practices

www.powershellgallery.com/packages/AzureAdDeployer

Topics

sharepoint-online azureactivedirectory exchangeonline

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 17

AzureAdDeployer 2.16.9 Latest
Sep 16, 2024
+ 16 releases

Languages