ank0ku

## gist:330f1637f9ef0147cd71af73a0d3a0da
# This script gets the Accepted Domains currently in Exchange Online and then sets them as Allowed Organization Account Domains in OwaMailboxPolicy.
# The script later asks if you want to disable personal accounts and calendars in OWA.
# Once both parts are run, users will not be able to add personal mailboxes, but will be able to add addresses with domains allowed in Exchange Online.

$AcceptedDomains = get-accepteddomain | select -ExpandProperty domainname
$AcceptedDomainsCommas = $AcceptedDomains -Join ","
$CurrentOWAAllowedOrganizationAccountDomains = Get-OwaMailboxPolicy | select -expandproperty AllowedOrganizationAccountDomains

If ($CurrentOWAAllowedOrganizationAccountDomains -ne $null){
Write-host -foregroundColor Red "Warning: The AllowedOrganizationAccountDomains property is already set."

## ExchangeOnline.ps1
# Checks for any connections to Exchange Online before running the Connect-ExchangeOnline command
$ConnectionInfo = Get-ConnectionInformation | Where-Object { $_.Name -like "*ExchangeOnline*" -and $_.State -eq "Connected"}
If ($ConnectionInfo -eq $null) {
Write-Host -ForegroundColor Red "Not connected to Exchange Online. Connecting..."
Install-Module ExchangeOnlineManagement -Scope CurrentUser; Import-Module ExchangeOnlineManagement; Connect-ExchangeOnline
}
Else{
Write-Host -ForegroundColor Green "Already connected to Exchange Online!"
}

## SmartcardLogonNotRequiredForAdminAccounts.ps1
# Get all users whose name contains "admin"
$users = Get-ADUser -Filter {Name -like "*admin*"} -Properties Name, SmartcardLogonRequired

# Filter users with SmartcardLogonRequired set to false
$filteredUsers = $users | Where-Object { $_.SmartcardLogonRequired -eq $false }

# Display the filtered users
$filteredUsers | Select-Object Name, SmartcardLogonRequired

## Defender ASR GUID Table.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                ank0ku
                / Defender ASR GUID Table.md
            
            
              Last active
              January 2, 2025 19:29
            
              
                Defender XDR
              
          
    Defender Attack Surface Reduction Rules GUID Table
Pulled from Microsoft Learn on 1/2/25: https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference


Rule
GUID


Block abuse of exploited vulnerable signed drivers
56a863a9-875e-4185-98a7-b882c64b5ce5


Process creation from Adobe Reader (beta)
7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c


Block Office application from creating child processes
d4f940ab-401b-4efc-aadc-ad5f3c50688a


Block credential stealing from the Windows local security authority subsystem
9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
	# This script gets the Accepted Domains currently in Exchange Online and then sets them as Allowed Organization Account Domains in OwaMailboxPolicy.
	# The script later asks if you want to disable personal accounts and calendars in OWA.
	# Once both parts are run, users will not be able to add personal mailboxes, but will be able to add addresses with domains allowed in Exchange Online.

	$AcceptedDomains = get-accepteddomain \| select -ExpandProperty domainname
	$AcceptedDomainsCommas = $AcceptedDomains -Join ","
	$CurrentOWAAllowedOrganizationAccountDomains = Get-OwaMailboxPolicy \| select -expandproperty AllowedOrganizationAccountDomains

	If ($CurrentOWAAllowedOrganizationAccountDomains -ne $null){
	Write-host -foregroundColor Red "Warning: The AllowedOrganizationAccountDomains property is already set."
	# Checks for any connections to Exchange Online before running the Connect-ExchangeOnline command
	$ConnectionInfo = Get-ConnectionInformation \| Where-Object { $_.Name -like "ExchangeOnline" -and $_.State -eq "Connected"}
	If ($ConnectionInfo -eq $null) {
	Write-Host -ForegroundColor Red "Not connected to Exchange Online. Connecting..."
	Install-Module ExchangeOnlineManagement -Scope CurrentUser; Import-Module ExchangeOnlineManagement; Connect-ExchangeOnline
	}
	Else{
	Write-Host -ForegroundColor Green "Already connected to Exchange Online!"
	}
	# Get all users whose name contains "admin"
	$users = Get-ADUser -Filter {Name -like "admin"} -Properties Name, SmartcardLogonRequired

	# Filter users with SmartcardLogonRequired set to false
	$filteredUsers = $users \| Where-Object { $_.SmartcardLogonRequired -eq $false }

	# Display the filtered users
	$filteredUsers \| Select-Object Name, SmartcardLogonRequired
Rule	GUID
Block abuse of exploited vulnerable signed drivers	56a863a9-875e-4185-98a7-b882c64b5ce5
Process creation from Adobe Reader (beta)	7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
Block Office application from creating child processes	d4f940ab-401b-4efc-aadc-ad5f3c50688a
Block credential stealing from the Windows local security authority subsystem	9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2