Jon Bryan jkbryan

## CreateServicePrinciple.ps1
# Login first
Login-AzAccount
# Note that you can optionally assign an Azure role on creation,
# define the context prior to SP creation, using Set-AzContext
#
# Create Service Principle
$sp = New-AzADServicePrincipal -Role Reader -DisplayName "MyServicePrinciple"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
# Write out the password for the SP. Make sure you keep a secure copy of this output!

## Correct-UL-Label-Priority.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Get the priorities of all labels
$a=Get-Label

## Create-UL-Policy.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Get the labels to add to the policy
$Label1=Get-Label -Identity "CN=My Label,$MyTenant"

## Create-UL-Label.ps1
# Define credentials
$AdminCredentials = Get-Credential "myadmin@oholics.net"
# Create the session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
# Import the session
Import-PSSession $Session -DisableNameChecking
# Define the tenant
$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
# Create the label
New-Label -DisplayName "My Label" -Name "My Label" -Comment "This is My Label" -Tooltip "My Label Tooltip" -AdvancedSettings @{color="#32CD32"}

## Get-AzureRoleAssignments.ps1
Connect-AzureRmAccount
$Logfile = "C:\Temp\RoleAssignmentsLog.csv"
If (Test-Path $Logfile) {
    Clear-Content -Path $Logfile
}
$Subscription1 = "<SubscriptionGUID>"
$Subscription2 = "<SubscriptionGUID>"
Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType"
#Do first subscription top level
Set-AzureRmContext -Subscription $Subscription1

## BACKUP_AND_CLEAR_EVENTLOGS.ps1
Param(
    $computer,
    [switch]$clear
)
Function DeleteOldEventLogs {
    # Clear old local log files - 7 days kept
    $LogdateFormat = "dd-MM-yyyy"
    $Logdate = Get-Date -Format $LogdateFormat
    $CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog"
    Invoke-Expression $CleanupExec

## LogParser-Files-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM C:\TEMP\Logs\*
WHERE  TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
       ( Strings LIKE '%jon%' OR strings LIKE '%dave%')

## LogParser-Servers-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security
WHERE  TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
       ( Strings LIKE '%jon%' OR strings LIKE '%dave%')

## LogParser-Server-User.sql
SELECT * INTO C:\TEMP\Output\output.csv
FROM \\DC01.OHOLICS.NET\security
WHERE  TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
       ( Strings LIKE '%jon%' OR strings LIKE '%dave%')

## LogParserRedaction.sql
SELECT
	EventLog,
	RecordNumber,
	TimeGenerated,
	TimeWritten,
	EventID,
	EventType,
	EventTypeName,
	EventCategory,
	EventCategoryName,
	# Login first
	Login-AzAccount
	# Note that you can optionally assign an Azure role on creation,
	# define the context prior to SP creation, using Set-AzContext
	#
	# Create Service Principle
	$sp = New-AzADServicePrincipal -Role Reader -DisplayName "MyServicePrinciple"
	$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($sp.Secret)
	$UnsecureSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
	# Write out the password for the SP. Make sure you keep a secure copy of this output!
	# Define credentials
	$AdminCredentials = Get-Credential "myadmin@oholics.net"
	# Create the session
	$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $AdminCredentials -Authentication Basic -AllowRedirection
	# Import the session
	Import-PSSession $Session -DisableNameChecking
	# Define the tenant
	$MyTenant = "CN=Configuration,CN=<TenantID>.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com"
	# Get the priorities of all labels
	$a=Get-Label
	Connect-AzureRmAccount
	$Logfile = "C:\Temp\RoleAssignmentsLog.csv"
	If (Test-Path $Logfile) {
	Clear-Content -Path $Logfile
	}
	$Subscription1 = "<SubscriptionGUID>"
	$Subscription2 = "<SubscriptionGUID>"
	Add-Content $Logfile "RG/Subscription,RoleDefinitionName,DisplayName,SignInName,ObjectType"
	#Do first subscription top level
	Set-AzureRmContext -Subscription $Subscription1
	Param(
	$computer,
	[switch]$clear
	)
	Function DeleteOldEventLogs {
	# Clear old local log files - 7 days kept
	$LogdateFormat = "dd-MM-yyyy"
	$Logdate = Get-Date -Format $LogdateFormat
	$CleanupExec = "C:\BackupScript\DELETEOLD.PS1 -folderpath C:\Event_Logs -fileage 7 -logfile C:\Event_Logs\leanupLog_$Logdate.txt -verboselog"
	Invoke-Expression $CleanupExec
	SELECT * INTO C:\TEMP\Output\output.csv
	FROM C:\TEMP\Logs\*
	WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
	( Strings LIKE '%jon%' OR strings LIKE '%dave%')
	SELECT * INTO C:\TEMP\Output\output.csv
	FROM \\DC01.OHOLICS.NET\security;\\DC02.OHOLICS.NET\security;\\DC03.OHOLICS.NET\security
	WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
	( Strings LIKE '%jon%' OR strings LIKE '%dave%')
	SELECT * INTO C:\TEMP\Output\output.csv
	FROM \\DC01.OHOLICS.NET\security
	WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
	( Strings LIKE '%jon%' OR strings LIKE '%dave%')
	SELECT
	EventLog,
	RecordNumber,
	TimeGenerated,
	TimeWritten,
	EventID,
	EventType,
	EventTypeName,
	EventCategory,
	EventCategoryName,