Office 365 Service Health Monitor using Office 365 Management API v2 and PowerShell

NOTES:
May 30, 2019 - Updated post to show new App Registration experience.

This script demonstrates how to retrieve the Office 365 Service Health Data using the Office 365 Management API, and send the email report using Microsoft Graph API.

The logic flow is simple:

1. Retrieve Office 365 Service Health Record (this is the only action done during the first run, saved to new.csv)
2. Read Old Records from the file (old.csv)
3. Compare retrieved records with old records (new.csv VS old.csv)
4. Report if there are new or updated records (updated.csv)

You may want to have this running as a scheduled task at an interval you prefer.

What is covered by this post?

• App Registration in Azure AD
• Configuring the Script
• Running the Script and Generating Outputs / Reports

What is NOT covered by this post?

This post does not cover the “How-To” of the said APIs, because they can already be found by following these links:

• Office 365 Management APIs - https://docs.microsoft.com/en-us/office/office-365-management-api/
• Microsoft Graph API - https://developer.microsoft.com/en-us/graph/docs/concepts/overview

Requirements

• Application Registration in Azure AD (Application ID + Key + Permissions)
• Exchange Online Mailbox (User or Shared Mailbox, for sending reports)

Download and Change Logs

v1.5 (latest) - https://github.com/junecastillote/Get-O365HealthReport

• code cleanup
• added code to cater to the new App Registration Keys special characters

v1.4

• code cleanup
• fixed JSON conversion for the email report

v1.3

• added "exclusion" feature. (requested from this issue)
• the exclusions.csv file inside the \resource folder can now be used to exclude workloads from the report.

v1.2

• Modified to also check the changes in "Status" to trigger an update alert. (eg. Service Degradation to Service Restored). This is because I observed that some events' Last Updated Time does not change but the Status change which is not getting captured by the previous script.

v1.1

• Added “organizationName” field in config.xml
• Removed “mailSubject” field from config.xml
• Send one email per event (alerts are no longer consolidated in one single email)

v1.0

• Initial build

App Registration

Note: Your account must be a Global Admin

• Go to Azure Active Directory > App Registrations

 

• Click New Registration 
• Fill out the Name, Supported account types and Redirect URI as shown below, then click Create

• Then click Register
• Once the App is registered, copy the Application ID for later use.

• Click Certificates and Secrets
• Click New client secret

• Type in the Description and select the expiration for your key, then click Add

• After clicking Add, the Key will be generated. You must copy this key value because it will not be shown again.

• Go to API permissions and make sure you add these permissions 

• Once Required Permissions are added, click Grant admin consent..

• Click Yes

 

Script Configuration

Open the config.xml file and edit the values as necessary like the example below:


sendEmail – set this to TRUE or FALSE depending on whether you want the report sent thru email.
testMode – set this to TRUE or FALSE depending on whether you want to run in test mode or not. Test Mode will treat ALL items retrieved from the service health dashboard as NEW or UPDATE. When you’re ready to put this script in production, set this to FALSE
clientID – this is the Application ID you copied from the App Registration in Azure AD
clientSecret – this is the Key you copied from the App Registration in Azure AD
tenantDomain – this is your Office 365 Tenant Domain
toAddress – your intended recipients of the report, separate multiple recipients with a comma with no spaces.
fromAddress – the primary smtp address of the Shared Mailbox or User Mailbox you want to use for sending the email report.
organizationName – the name of your organization to reflect in the alert.

How to Exclude Workloads from the Report

Note: This is applicable only from version 1.3.

1. Open the \resources\exclusions.csv file
2. Change the Excluded value of the workload you want to exclude to 1 (0=include, 1=include)

Running the Script

IMPORTANT: In the first run, whether in Test Mode or not, will only generate the data that will be needed for future run comparisons.
In this example, the script is in run Test Mode.

Sample Output

Email

HTML

This script is functional, but I’m sure there can be many improvements. Or perhaps someone else has accomplished this differently. So please feel free to comment or modify and improve, just please don’t forget to credit the original source.

Share:

Read More

Office 365 Mailbox Forwarding Rules Report using PowerShell

Being on top of who’s forwarding messages to who’s email, especially those being forwarded to external domains is essential to email security for administrators. Phishing attacks can leave your users’ mailboxes prone to data exfiltration by way of forwarding emails, and so being able to regularly review and audit mailbox forwarding rules is beneficial to protecting your company’s data.
This script can be used to export a report of all the forward/redirect rules present in all user mailboxes.

Download Link

https://github.com/junecastillote/Export-ExoMailForwardRules

Requirements

• Must have an Office 365 account that is assigned at least an Exchange Administrator role whose credentials will be used to connect to Office 365 PowerShell.
• It is important that the account is not MFA enabled as the script operates by paging and re-authenticates to Office 365 page.
• Must have a mailbox to be able to send the email report using Office 365 SMTP Relay. This could be the Service Account you’re using for the session, or a Shared Mailbox that the Service Account has Send As permission to. If you do not plan to send the report thru email, then you can disregard this requirement.

How to use

Setup Office 365 Credentials

• Open PowerShell and change to the directory where the script is saved (eg. C:\Scripts\Export-ExoMailForwardRules)
• Run this command:
Get-Credential | Export-CliXml Office365StoredCredential.xml


• This saves the encrypted credential in the same folder

Modify Variables

Email Settings

NOTE: The $sender value must be the actual email address of the service account or the shared mailbox used for sending the email report.

Paging

In cases where there are a large number of mailboxes to be processed, the Exchange Online PowerShell session may timeout/disconnect which would cause the script to fail. As a workaround, this script is configured to process the mailboxes in pages. By default, the page settings is set to 100 – which means after every 100 mailboxes processed, the script will re-establish and re-authenticate the PowerShell session. You can increase the page value but it is not recommended to set it too high.

Run the script

The script requires no parameters.

Output

CSV File
The csv file gets saved in the “\Reports” folder

Email

Share:

Read More

Enable Mailbox Auditing in Office 365 using PowerShell Script

One of the things that don’t happen automatically when provisioning an Office 365 Mailbox is getting the Mailbox Audit Enabled. This script can be run manually or by schedule to enable auditing on mailboxes.

Download Link

https://github.com/junecastillote/Enable-EXOMailboxAudit

Requirements

• The Office 365 account to be used to run the script must be assigned an Exchange Administrator role in order to read and set mailbox audit settings.
• Must have a mailbox to be able to send the email report using Office 365 SMTP Relay

Office 365 Credentials

This script uses an encrypted credential (XML). To store the credential:

• Login to the Server/Computer using the account that will be used to run the script/task
• Run this "Get-Credential | Export-CliXml Office365StoredCredential.xml"
• Make sure that Office365StoredCredential.xml is in the same folder as the script.

Modify Variables

• $sendEmail – set to $true or $false depending on whether you’d like the report to be send to email
• $sender – This is the Sender Email Address – make sure this is the email address or the Office 365 Credential you are using for the script.
• $recipients – These are the recipient addresses. To add multiple recipients, separate with comma.
• $subject – This will show as the subject of the email report.

Run the script

The script requires no parameters.

Sample Report

Email

CSV

Share:

Read More

Monitor Azure AD LastDirSyncTime Using PowerShell

Knowing if your Directory Sync is up to date (or not) is crucial. Yes, you can glue your eyes to the Office 365 Portal or use commercial 3rd party monitoring tools to be alerted when your Directory Sync hasn’t updated for a certain period, or you can achieve the same goal using PowerShell. Microsoft was kind enough to include a LastDirSyncTime value when you run the Get-MsolCompanyInformation cmdlet. This way it can be programmatically checked and monitored by scheduling a script to run via task at an interval.

This script queries the LastDirSyncTime value, gets the current time, calculates the elapsed time, compares the difference against a set threshold and send an email alert if the threshold is breached.

Download Link

https://github.com/junecastillote/Get-O365DirSyncElapsed

• 1.0 - April 19, 2018
• Initial Release
• 1.1 – August 20, 2018
• Changed Time Stamp from UTC to Local Time, including the Time Zone ID
• Required PowerShell v5.1

Requirements

• PowerShell v5.1 (as of script v1.1)
• MSOnline Module

Having the MSOnline Module installed is required for this to work. If you have PowerShell 5, it is easy to install. Just run Install-Package MSOnline and it should get you started. However for lower PS versions it may take a bit more to get MSOnline Module installed.

You can read up on MSOnline in detail from by following this link: Azure ActiveDirectory (MSOnline)

How To Use

Export Login Credentials to XML

The Username and Password are not saved inside the script, but rather it will import the login information from an encrypted XML file that you need to create beforehand.

Run this line in PowerShell, and it should save the credentials in an XML file.

Get-Credential | Export-CliXml ExOnlineStoredCredential.xml

Below is the sample content of the exported credentials.

Variables

Some variables that need to be modified depending on your requirement. The below example assumes that you are also using Exchange Online as relay. If you prefer to use a different SMTP relay, you will need to manually modify the script to conform with that.

In this example, only the following variables need to be modified.

$dirSyncElapsedTimeThreshold: The threshold in hours. If this is breached, the email alert will be sent.

$toAddress : The email addresses (separate with comma if more than one) of the intended recipients of the email alert.

$mailSubject: Your choice of message subject when the alert is sent.

Output

Once it’s all set up, just run the script from PowerShell. In the example below I set the threshold to ZERO (0) hours to trigger the alert. You should set a more realistic threshold in your production, obviously.

Then the email alert similar to this should be received.

Share:

Read More