Anderson.MS365.SecAudit.psm1


<#PSScriptInfo
 
.VERSION 0.1.8
 
.GUID 5448812b-bb0d-4d06-a4c4-2d3290a87e10
 
.AUTHOR Anderson Matters, LLC
 
.COMPANYNAME Anderson Matters, LLC
 
.COPYRIGHT
 
.TAGS
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
 
#>


<#
 
.DESCRIPTION
 Aggretor Beta
 
#>
 
<#
.SYNOPSIS
 
 
.DESCRIPTION
Long description
 
.EXAMPLE
An example
 
.NOTES
General notes
#>
#

<#
.SYNOPSIS
 
 
.DESCRIPTION
Long description
 
.EXAMPLE
An example
 
.NOTES
General notes
#>


#Global Variables
#Create the StrongAuthenticationRequirement object for Disable
$mfa = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mfa = @($mfa)
#Create the StrongAuthenticationRequirement object for Enable
$mfa_enable = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mfa_enable.RelyingParty = "*"
$mfa_enable = @($mfa_enable)
#Create the StrongAuthenticationRequirement object for Enforced
$mfa_enforced = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$mfa_enforced.RelyingParty = "*"
$mfa_enforced.State = "Enforced"
$mfa_enforced = @($mfa_enforced)
####Initiate Connection to Microsoft365##
function Connect-M365Session {
    #Data Collection
    $AzureAD = Get-Module AzureAD
    $MSOLService = Get-Module MSOnline
    $EXOnlineManagement = Get-Module ExchangeOnlineManagement
    #Hot Initialization
    try {
        #Check, Install, Import
        if ($null -eq $AzureAD) {
            Write-Host  "Installing AzureAD PS Module..." -BackgroundColor Yellow -ForegroundColor Black
            Install-Module -Name AzureAD
            Import-Module -Name AzureAD
        }
        #Check, Install, Import
        if ($null -eq $MSOLService) {
            Write-Host  "Installing MSOL PS Module..." -BackgroundColor Yellow -ForegroundColor Black
            Install-Module MSOnline
            Import-Module MSOnline
        }
        #Check, Install, Import
        if ($null -eq $EXOnlineManagement) {
            Write-Host  "Installing MS Exchange PS Module..." -BackgroundColor Yellow -ForegroundColor Black
            Install-Module ExchangeOnlineManagement
            Import-Module ExchangeOnlineManagement
        }
    }
    catch {
        "Administrator rights are required to install modules."
    }
    #Collect Primary Credentials
    try {
        $username = Read-Host -Prompt "Username for Tenant"
    }
    catch {   
    }
    #Connect to Tennant
    try {
        Connect-IPPSSession -UserPrincipalName $username -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/
        Connect-AzureAD 
        Connect-MsolService
    }
    catch {
    }
}
###################Retrieval Functions###############
function Get-ExchangeHealth {
    #Collect Values within Exchange
    $dns_domain = Get-MsolDomain
    $unified_audit_log = Get-AdminAuditLogConfig 
    $exchange_mailbox_protocols = Get-CASMailbox | Where-Object { $_.PopEnabled -eq 1 -or $_.ImapEnabled -eq 1 }
    $smtpauth = Get-TransportConfig
    #Dns Check
    $dns_domain | ForEach-Object {
        if ($_.Name -notlike "*onmicrosoft.com*") {
            $dns_record_check_mx = Resolve-DnsName -Name $_.Name -Type MX
            $dns_record_check_spf = Resolve-DnsName -Name $_.Name -Type TXT | Where-Object strings -like *spf*
            #$dns_record_check_dkim.Strings
            #$dns_record_check_dmarc.Strings
            Write-Host "Domain DNS:" $_.Name -ForegroundColor Green
            Write-Host "MX Record(s):" $dns_record_check_mx.NameExchange -ForegroundColor Blue
            Write-Host "SPF Record:" $dns_record_check_spf.Strings -ForegroundColor Blue
        }
    }
    if ($unified_audit_log.UnifiedAuditLogIngestionEnabled) {
        $color = "Green"
    }
    else {
        $color = "Red"
    }
    Write-Host "Unified Logging: "$unified_audit_log.UnifiedAuditLogIngestionEnabled -ForegroundColor $color
    $exchange_mailbox_protocols | ForEach-Object {
        if ($_.PopEnabled -eq 1 -or $_.ImapEnabled -eq 1) {
            $color = "Red"
        }
        else {
            $color = "Green"
        }
        Write-Host $_.Name "PopEnabled:" $_.PopEnabled "ImapEnabled:" $_.ImapEnabled -ForegroundColor $color
    }
    if ($smtpauth.SmtpClientAuthenticationDisabled) {
        $color = "Green"
    }
    else {
        $color = "Red"
    }
    Write-Host "Mailbox SMTP Client Authentication Disabled Globally: " $smtpauth.SmtpClientAuthenticationDisabled -ForegroundColor $color
}
function Set-ExchangeBestPratices {
    #Apply Exchange Online Best Practices
    #Disabling IMAP and POP for all future mailboxes
    Get-CASMailboxPlan -Filter { ImapEnabled -eq "true" -or PopEnabled -eq "true" } | Set-CASMailboxPlan -ImapEnabled $false -PopEnabled $false
    #Disabling IMAP and POP for all existing mailboxes
    Get-CASMailbox -Filter { ImapEnabled -eq "true" -or PopEnabled -eq "true" } | Select-Object @{n = "Identity"; e = { $_.primarysmtpaddress } } | Set-CASMailbox -ImapEnabled $false -PopEnabled $false
    #Disable SMTP Client Authentication
    Set-TransportConfig -SmtpClientAuthenticationDisabled $true
}
function Get-MsolHealth {
    #Data Collection Local Variables
    $organization_config = Get-OrganizationConfig
    $msol_users = Get-User
    $msol_roles = Get-MsolRole
    #List memebers of MSOL roles
    $msol_roles | ForEach-Object { $role_details = Get-MsolRoleMember -RoleObjectId $_.ObjectID
        if ($role_details) {
            Write-Host $_.Name
            Write-Host $role_details.DisplayName -ForegroundColor Yellow
        }
        else {
            #Do nothing
        } 
    }
    #Modern Authentication Enabled
    if ($organization_config.OAuth2ClientProfileEnabled) {
        $color = "Green"
    }
    else {
        $color = "Red"
    }
    Write-Host "Modern Authentication:"$organization_config.OAuth2ClientProfileEnabled -ForegroundColor $color
    #MFA Status of Users
    Write-Host "MFA Users / MFS Status" -BackgroundColor Blue 
    Get-MFAStatus -All 1
    #List Intergrated Apps
    #Check for Remote PowerShell
    $msol_users | ForEach-Object {
        if ($_.RemotePowerShellEnabled) {
            $color = "Red"
        }
        else {
            $color = "Green"
        }
        Write-Host "Remote Powershell is" $_.RemotePowerShellEnabled "for"  $_.Name -ForegroundColor $color
    }
}
function Set-MsolBestPractices {
    $msol_users = Get-User
    $msol_roles = Get-MsolRole
    #Collect Users that are Administrators
    $msol_roles | ForEach-Object { $role_details = Get-MsolRoleMember -RoleObjectId $_.ObjectID
        $role_details | ForEach-Object {
            if ($msol_roles_store -notlike $_.EmailAddress) {
                $msol_roles_store += $_.EmailAddress
            } 
        }
    }   
    Write-Host $msol_roles_store
    #Disable Remote Powershell for Non-Admin
    $msol_users | ForEach-Object {
        if ($msol_roles_store | Select-String -Pattern $_.UserPrincipalName) {
            #Remote Powershell Enabled
            Write-Host "Powershell Remains Enabled for" $_.UserPrincipalName -ForegroundColor Yellow
        }
        else {
            if ($_.RemotePowerShellEnabled -eq $false) {
                #Skip if PowerShell is Disabled
            }
            else {
                #Disable Remote PowerShell
                Write-Host "#Set-User -Identity $_.UserPrincipalName -RemotePowerShellEnabled $false" -ForegroundColor Green
            }
                
        }
    }
}
function Get-AzureHealth {
    
}
function Set-AzureBestPractices {
    
}
############MFA Managment Functions############
function Get-MFAStatus {
    param(
        [Parameter(Mandatory = $false)]
        [string]$Username, #Office365 Username "Form of an email"
        [string]$GroupName, #Office365 Group "Form of an email"
        [bool]$All #All Users "Form of an email"
    )
    if ($Username) {
        $user = Get-MsolUser -UserPrincipalName $Username
        if ($null -eq $user.StrongAuthenticationRequirements.state) {
            Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Red
        }
        if ($user.StrongAuthenticationRequirements.state -eq "Enabled") {
            Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Yellow
        }
        if ($user.StrongAuthenticationRequirements.state -eq "Enforced") {
            Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Green
        }
    }
    if ($GroupName) {
        $group = Get-DistributionGroup -Identity $GroupName
        Get-MsolGroupMember -GroupObjectId $group.ExternalDirectoryObjectId | ForEach-Object {
            $user = Get-MsolUser -UserPrincipalName $_.emailaddress
            if ($user.StrongAuthenticationRequirements.state -eq "Disabled") {
                Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Red
            }
            if ($user.StrongAuthenticationRequirements.state -eq "Enabled") {
                Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Yellow
            }
            if ($user.StrongAuthenticationRequirements.state -eq "Enforced") {
                Write-Host $user.userprincipalname $user.StrongAuthenticationRequirements.state -ForegroundColor Green
            }
        }
    }
    if ($All) {
        $user = Get-MsolUser | Where-Object IsLicensed -EQ 1
        $user | ForEach-Object {
            if ($null -eq $_.StrongAuthenticationRequirements.state) {
                Write-Host $_.userprincipalname $_.StrongAuthenticationRequirements.state "Disabled" -ForegroundColor Red
            }
            if ($_.StrongAuthenticationRequirements.state -eq "Enabled") {
                Write-Host $_.userprincipalname $_.StrongAuthenticationRequirements.state -ForegroundColor Yellow
            }
            if ($_.StrongAuthenticationRequirements.state -eq "Enforced") {
                Write-Host $_.userprincipalname $_.StrongAuthenticationRequirements.state -ForegroundColor Green
            }
        }
    }
}
function Set-MFAStatus {
    param(
        [Parameter(Mandatory = $false)]
        [string]$Username, #Office365 Username "Form of an email"
        [string]$GroupName, #Office365 Group "Form of an email"
        [Bool]$Enable, #Enables MFA on user or group 1 = On, 0 = Off
        [Bool]$Enforced, #Enforces MFA on user or group 1 = On, 0 = Off
        [Bool]$Disable #Disables MFA on user or group 1 = On, 0 = Off
    )
    if ($Username) {
        if ($Enable -eq $true) {
            $mfa = @()
            Set-MsolUser -UserPrincipalName $Username -StrongAuthenticationRequirements $mfa
            Set-MsolUser -UserPrincipalName $Username -StrongAuthenticationRequirements $mfa_enable
            Get-MFAStatus -Username $Username
        }
        if ($Enforced -eq $true) {
            $mfa = @()
            Set-MsolUser -UserPrincipalName $Username -StrongAuthenticationRequirements $mfa
            Set-MsolUser -UserPrincipalName $Username -StrongAuthenticationRequirements $mfa_enforced
            Get-MFAStatus -Username $Username
        }
        if ($Disable -eq $true) {
            $mfa = @()
            Set-MsolUser -UserPrincipalName $Username -StrongAuthenticationRequirements $mfa
            Get-MFAStatus -Username $Username
        }
    }
    if ($GroupName) {
        if ($Enable -eq $true) {
            $mfa = @()
            $group = Get-DistributionGroup -Identity $GroupName
            Get-MsolGroupMember -GroupObjectId $group.ExternalDirectoryObjectId | ForEach-Object {
                Set-MsolUser -UserPrincipalName $_.emailaddress -StrongAuthenticationRequirements $mfa
                Set-MsolUser -UserPrincipalName $_.emailaddress -StrongAuthenticationRequirements $mfa_enable
                Get-MFAStatus -Username $_.emailaddress }
        }
        if ($Enforced -eq $true) {
            $mfa = @()
            $group = Get-DistributionGroup -Identity $GroupName
            Get-MsolGroupMember -GroupObjectId $group.ExternalDirectoryObjectId | ForEach-Object {
                Set-MsolUser -UserPrincipalName $_.emailaddress -StrongAuthenticationRequirements $mfa
                Set-MsolUser -UserPrincipalName $_.emailaddress -StrongAuthenticationRequirements $mfa_enforced
                Get-MFAStatus -Username $_.emailaddress }
        }
        if ($Disable -eq $true) {
            $mfa = @()
            $group = Get-DistributionGroup -Identity $GroupName
            Get-MsolGroupMember -GroupObjectId $group.ExternalDirectoryObjectId | ForEach-Object {
                Set-MsolUser -UserPrincipalName $_.emailaddress -StrongAuthenticationRequirements $mfa
                Get-MFAStatus -Username $_.emailaddress }
        }
    }
}
Export-ModuleMember -Function * -Alias *