From 6c306c19f75c02283b63e5ac947bb86d3be9ce7f Mon Sep 17 00:00:00 2001 From: IxianPixel Date: Tue, 23 Jul 2024 11:03:12 +0100 Subject: [PATCH] Added PMM and calendar scripts --- .DS_Store | Bin 0 -> 8196 bytes .gitignore | 1 + EXO/Set-GlobalMailboxPermissions.ps1 | 22 +++ Entra/Get-PasswordExpiryReport.ps1 | 2 +- PMM/.DS_Store | Bin 0 -> 8196 bytes PMM/Set-PMMRules.ps1 | 230 +++++++++++++++++++++++++++ 6 files changed, 254 insertions(+), 1 deletion(-) create mode 100644 .DS_Store create mode 100644 .gitignore create mode 100644 EXO/Set-GlobalMailboxPermissions.ps1 create mode 100644 PMM/.DS_Store create mode 100644 PMM/Set-PMMRules.ps1 diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..592571f10a52c0a2b67527e68a871766a555566e GIT binary patch literal 8196 zcmeHMO>h)N6z(_q>zNQTkYq?G7nTI^Ckt#6ND4vNWD|;%ga8}J9}s4D1~M``6Lw~I zftadXv=rmdMarLp7p)S@;$W4El6^W`*`98Q443HVP2KSKfU z>4*z^!wJN=4C=rGfd>|QfaUIGq=#6nA5$+uI}Iw)W^$Bs{sJH5v(TYipmH5@}u2)}4pP&X{S-zQ~OL|3g5kii~=C zp+%;Xi}Mo+;n#vipBF3=rAj3+ARQetQnr;aF6d)&wSy-0V)I}|&!H)UDcj7ZEoV$# zl~T=A)>K`+(=^#&XUNshx$JJlu`_Pm8#pG*Sw}yt<2WOycjIV;u4Xg!Pq>C{IY;%3 zgR&_W?&CsO&HV;U}|&(;`H z^Li8|)JW+l)5kM9)?6(qo9;t^I^dvb{&Jclq9{89XYd7bs1$9XqO2V;)ue9vs_pHl zdSo!iE%cQS?WDNM$WY2or*Yj5S1X}Cl%8Nu-mf}t|AcPMttsA3sr>PXGp=Uz{yZ|s zN5uD0>b)P-Gfk--^m~3PpE`ir~?HWp&25u8MeYUco=rW9_WO<&<_XU5F}t2l8^!oPJsn^ zI0xt9F?bxFh3DXTcop7&%kU<=1@FN%_z*sVS@;TW!PoF3{4A6S6#^ARK@w_&dZB@@ zUMNJw;6iHzX6n2c$B6LH=!EoA5fSRyEA9JNBjSq{ECyDsuBokC#{#2$XKao>oNxt> z&F8L1*99c^=<2=UVx}o;>KoQd_k@lhpY?Oa5mtyixq>m5&a%<#r41pu3>nXx8>LMl zxg6Qfn-7GVL$ZKD#+zG0QAsYr5E4CXTc}x*f$~O&v_q0hF_?IBm$X}w35#Ri?qo9| zL;pENFO#>)Rix-ANYPv58zkm0K%g9CB;+~>!v@$0_rey4LJPEc#M}ch=z=)xhXY8? zLvR>I;W(Utlc2(*U_#m>=y|w+1f7B>;7NE2X5bmP1TVr%@G`stuQ9R~(Xe+R4dH`@ zG|VM3mT6n3QOk&1f`QgY`sN)Vzh5Bd9ov8!CMR23J31oa*6kg)*@4&&gJszrXa+ld zbIj8%3HbrLUD*tlsfJqT7_I*!sy$5GDx lVTku(9Lg{;Uruw08Z3AGAi(>j8SMYT{=YZ@y_@#`zW^5~npFS* literal 0 HcmV?d00001 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3b5dc43 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +PMM/Alert Detection Rules/* \ No newline at end of file diff --git a/EXO/Set-GlobalMailboxPermissions.ps1 b/EXO/Set-GlobalMailboxPermissions.ps1 new file mode 100644 index 0000000..448fa00 --- /dev/null +++ b/EXO/Set-GlobalMailboxPermissions.ps1 @@ -0,0 +1,22 @@ +Write-Host "What is the UPN of user or group that should be added: " -NoNewline +$upn = Read-Host + +Write-Host "What permissions should be applied: " -NoNewline +$calendarPermission = Read-Host + +Write-Host "Granting $upn $calendarPermission permission to all mailboxes" + +$mailboxes = Get-EXOMailbox + +$totalMailboxes = $mailboxes.Count +$processCount = 0 + +Write-Progress -Activity "Applying calendar permissions" -Status "Starting" -PercentComplete 0 + +foreach ($mailbox in $mailboxes) { + $calendarPath = "$($mailbox.UserPrincipalName):\Calendar" + $processCount++ + $percentComplete = (($processCount / $totalMailboxes) * 100) + Write-Progress -Activity "Applying calendar permissions" -Status "Processing $calendarPath" -PercentComplete $percentComplete + Add-MailboxFolderPermission -Identity $calendarPath -User $upn -AccessRights $calendarPermission -SharingPermissionFlags Delegate +} \ No newline at end of file diff --git a/Entra/Get-PasswordExpiryReport.ps1 b/Entra/Get-PasswordExpiryReport.ps1 index b0ea8a3..dc7e41d 100644 --- a/Entra/Get-PasswordExpiryReport.ps1 +++ b/Entra/Get-PasswordExpiryReport.ps1 @@ -20,4 +20,4 @@ $Properties = @( $AllUsers = Get-MgUser -All -Property $Properties | Select-Object -Property $Properties #Export to CSV -$AllUsers | Export-Csv -Path "C:\Temp\PasswordChangeTimeStamp.csv" -NoTypeInformation \ No newline at end of file +$AllUsers | Export-Csv -Path "PasswordChangeTimeStamp.csv" -NoTypeInformation \ No newline at end of file diff --git a/PMM/.DS_Store b/PMM/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..3e18845f886dfcf665b6b6f8af68f46eaccb5c44 GIT binary patch literal 8196 zcmeHMU2GIp6u#fI(3yeS+uB0e39zA&pHif)&dx#g zNQjNb7ez6?_@Ls?tI_C#CJ;691h0}xI5)ZX+;i_a z_slu-ow+?*#u)lbW*1|vj4_qEpnM4p_i18Z^n02Ttt=u6(q}ASNjAtVqSigq@j@Jd zI0A75;t0eMh$HYYM1byW(bReFeYqQtaRlNB{4XOQz7I+2f~F!mEou1apdl;)h}P0_ z*l135K&X?9Xey%9l7^~urmP+isUj*dAk}F$VxF_$uNgq1=Gf7tN~dB@9>mPoV)(eFfU zVJGD){#10*rTmm*`$1>t4Jb9Wix$_Zb?OrJSo)+_Ne8*0|P3 zUDos^#-XusJPE7r1{mwao)A_co_4U(GQJnN90K>K8A%gQxt zH+F8_zH?yDzJoLMk2LVcCS9MPAi9Bl+_s9N726C>9?tm%%QbEH#8}z(?Yv`U+}xzq zhz?Dgsb99dbw$E3<`W$+r|0;zU&>&B>)%UcdNHEE}(S2xDWGPZng zw78>5H^vLzT(gudFAYL{;% z3~XDfQ*s*Jmn+!gbUW^0M=5uw*co=7y~{4LkJ%UO3cJd_WjEOm>?ig!`-T0^Zn4{_ zMLin8(TD`rVFTK+5nGT#ANsKu2Qh*)GB}1jOjtM$4<%G^8fWk#Ucq_1hS%{H-p2>{ z5Fg<(zQkAf8dq^0Gx!cS@FV`jE&PSs%3`HXQI$reNoiJEl=aF6rCaG$Qu5K2YC26w zzB(#>G+S6YMPCrbxnDXZhIT*waHP}Cr80pYZEjiBwtiE0&yHQQK$FOrgBK;NqxIU$;N9XYv?;QjkAzR^d$yVN*Jy#9LJxr%j_F= zjm;2_e`UY1KiD0pgx+OHVlClUpm!5`(2H%@j;An$-PnU+LUIP97{fRwP#`29#|hXd z!bgBIUcfY=`6aweSiXQa@Fw2IJGhAVB2<5hOLw7kxQb6nad}}VEvJjFd#UaO~_448miDB tM8tYnjuV~zhat_A(OxQ|(~{B-wg3EwfCupBbbSBE_kRfW5b+Pk@Hb7jfj|HN literal 0 HcmV?d00001 diff --git a/PMM/Set-PMMRules.ps1 b/PMM/Set-PMMRules.ps1 new file mode 100644 index 0000000..19927d0 --- /dev/null +++ b/PMM/Set-PMMRules.ps1 @@ -0,0 +1,230 @@ +function Write-Title { + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [string]$Title + ) + + Write-Host $Title + for ($i = $Title.Length -1; $i -ge 0 ; $i--) { + Write-Host "-" -NoNewline + } + Write-Host +} + +function Set-AzureSubscriptionVariable { + Write-Title -Title "Azure Subscriptions" + $subscriptions = Get-AzSubscription + + $index = 1 + $subscriptionTable = @{} + foreach ($subscription in $subscriptions) { + Write-Host "$index. $($subscription.Name)" + $subscriptionTable["$index"] = $subscription.Id + $index++ + } + + Write-Host + $selectedValue = Read-Host -Prompt "Select Azure Subscription" + return $subscriptionTable[$selectedValue] +} + +function New-ResourceGroup { + $resourceGroupName = Read-Host -Prompt "Enter the name of the resource group" + $resource = New-AzResourceGroup -Name $resourceGroupName -Location "uksouth" + return $resource.ResourceId +} + +function Set-ResourceGroupVariable { + Write-Title -Title "Azure Resource Groups" + $resourceGroups = Get-AzResourceGroup + + $index = 1 + $resourceGroupTable = @{} + foreach ($resourceGroup in $resourceGroups) { + Write-Host "$index. $($resourceGroup.ResourceGroupName)" + $resourceGroupTable["$index"] = $resourceGroup.ResourceGroupName + $index++ + } + + Write-Host + $selectedValue = Read-Host -Prompt "Select Resource Group (or 0 to create a new one)" + + if ($selectedValue -eq "0") { + return New-ResourceGroup + } else { + return $resourceGroupTable[$selectedValue] + } +} + +function New-ActionGroup { + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [string]$ResourceGroupName + ) + + $actionGroupName = Read-Host -Prompt "Enter the name of the action group" + $location = "global" + + $emailReceiverParams = @{ + Name = "PMM-EmailAlerts-Dev" + EmailAddress = "40db3afb.DOHERTYASSOCIATES.onmicrosoft.com@emea.teams.ms" + UseCommonAlertSchema = $false + } + $emailReceiver = New-AzActionGroupEmailReceiverObject @emailReceiverParams + + $webhookReceiverParams = @{ + Name = "LogAlertsV2" + ServiceUri = "https://7037684a-c132-4a29-ae42-556d05fae681.webhook.uks.azure-automation.net/webhooks?token=Rx%2fqYg642juKtsrhebjWV%2fOt3NlfFG5tXFVkByTejFA%3d" + UseCommonAlertSchema = $true + UseAadAuth = $false + } + $webhookReceiver = New-AzActionGroupWebhookReceiverObject @webhookReceiverParams + + $actionGroupParams = @{ + ResourceGroupName = $ResourceGroupName + Name = $actionGroupName + Location = $location + ShortName = $actionGroupName + EmailReceiver = $emailReceiver + WebhookReceiver = $webhookReceiver + Enabled = $true + } + $resource = New-AzActionGroup @actionGroupParams + return $resource.Id +} + +function Set-ActionGroupVariable { + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [string]$ResourceGroupName + ) + + Write-Title -Title "Azure Action Groups" + $actionGroups = Get-AzActionGroup + + $index = 1 + $actionGroupTable = @{} + foreach ($actionGroup in $actionGroups) { + Write-Host "$index. $($actionGroup.Name)" + $actionGroupTable["$index"] = $actionGroup.Id + $index++ + } + + Write-Host + $selectedValue = Read-Host -Prompt "Select Action Group (or 0 to create a new one)" + + if ($selectedValue -eq "0") { + return New-ActionGroup -ResourceGroupName $ResourceGroupName + } else { + return $actionGroupTable[$selectedValue] + } +} + +function Set-LogAnalyticsWorkspaceVariable { + Write-Title -Title "Azure Log Analytics Workspaces" + $logAnalyticsWorkspaces = Get-AzOperationalInsightsWorkspace + + $index = 1 + $lawTable = @{} + foreach ($logAnalyticsWorkspace in $logAnalyticsWorkspaces) { + Write-Host "$index. $($logAnalyticsWorkspace.Name)" + $lawTable["$index"] = $logAnalyticsWorkspace.ResourceId + $index++ + } + + Write-Host + $selectedValue = Read-Host -Prompt "Select Log Analytics Workspace" + + return $lawTable[$selectedValue] +} + +function Set-DetectionRules { + [Parameter(Mandatory=$true)] + [string]$ResourceGroupName, + [Parameter(Mandatory=$true)] + [string]$ActionGroupId, + [Parameter(Mandatory=$true)] + [string]$LogAnalyticsWorkspaceId + + $rules = Get-ChildItem "Alert Detection Rules" + + + foreach ($rule in $rules) { + $query = Get-Content -Path $rule.FullName -Raw + $fileNameWithoutExtension = $rule.Name -replace "\.[^.]+$", "" + + Write-Host "Processing $fileNameWithoutExtension..." -NoNewline + + $detectionRuleParams = @{ + Query = $query + Name = $fileNameWithoutExtension + ResourceGroupName = $resourceGroup + ActionGroupId = $actionGroup + LogAnalyticsWorkspaceId = $logAnalyticsWorkspace + } + + Set-DetectionRule @detectionRuleParams + Write-Host "Done" + } + +} + +function Set-DetectionRule { + [CmdletBinding()] + param ( + [Parameter(Mandatory=$true)] + [string]$Query, + [Parameter(Mandatory=$true)] + [string]$Name, + [Parameter(Mandatory=$true)] + [string]$ResourceGroupName, + [Parameter(Mandatory=$true)] + [string]$ActionGroupId, + [Parameter(Mandatory=$true)] + [string]$LogAnalyticsWorkspaceId + ) + + $dimension = New-AzScheduledQueryRuleDimensionObject -Name AADTenantId -Operator Include -Value * + $condition=New-AzScheduledQueryRuleConditionObject -Dimension $dimension -Query $Query -TimeAggregation "Count" -Operator "GreaterThan" -Threshold "0" + + $timespan = New-TimeSpan -Minutes 15 + $location = "uksouth" + $severity = 3 + + $ruleParams = @{ + DisplayName = $Name + Name = $Name + EvaluationFrequency = $timespan + Location = $location + WindowSize = $timespan + ResourceGroupName = $ResourceGroupName + TargetResource = $LogAnalyticsWorkspaceId + Severity = $severity + ActionGroup = $ActionGroupId + CriterionAllOf = $condition + Scope = $LogAnalyticsWorkspaceId + } + $resource = New-AzScheduledQueryRule @ruleParams +} + +# Set-DetectionRules + +$azureSubscription = Set-AzureSubscriptionVariable +Set-AzContext -Subscription $azureSubscription + +Write-Host + +$resourceGroup = Set-ResourceGroupVariable + +Write-Host + +$actionGroup = Set-ActionGroupVariable -ResourceGroupName $resourceGroup + +Write-Host + +$logAnalyticsWorkspace = Set-LogAnalyticsWorkspaceVariable + +Set-DetectionRules -ResourceGroupName $resourceGroup -ActionGroupId $actionGroup -LogAnalyticsWorkspaceId $logAnalyticsWorkspace \ No newline at end of file