maartendamen/defender_crosscheck_schedule.ps1

## defender_crosscheck_schedule.ps1
import-module ActiveDirectory

# Configuration
$tenantId = '' ### Paste your tenant ID here
$appId = '' ### Paste your Application ID here
$appSecret = '' ### Paste your Application secret here
$skiplist = "" # Specifcy items as a list: "SERVER1","SERVER2","SERVER3"
$mailserver = "mailserver.host.com" # Mailserver (SMTP)
$from_address = "from@host.com" # From address
$to_address = "to@host.com" # To address

# Start of script
$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$authBody = [Ordered] @{
    resource      = "$resourceAppIdUri"
    client_id     = "$appId"
    client_secret = "$appSecret"
    grant_type    = 'client_credentials'
}
$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
$token = $authResponse.access_token

$url = "https://api-eu.securitycenter.windows.com/api/machines"

# Set the WebRequest headers
$headers = @{
    'Content-Type' = 'application/json'
    Accept         = 'application/json'
    Authorization  = "Bearer $token"
}

$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
$machines = ($response | ConvertFrom-Json).value

$ad_servers = Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' -Properties Name, Operatingsystem, OperatingSystemVersion, IPv4Address

function IsMachineInDefender ($server_name) {
    foreach ($machine in $machines) {

        $server_name = $server_name.ToUpper()

        if ($null -ne $machine.computerDnsName) {
            $machine_name = $machine.computerDnsName.Split(".")[0]
        }
        else {
            continue
        }

        if ($server_name -eq $machine_name) {
            return $true
        }
    }

    return $false
}

function sendEmail($servers) {
    $SmtpClient = new-object system.net.mail.smtpClient
    $MailMessage = New-Object system.net.mail.mailmessage

    $SmtpClient.Host = $mailserver
    $MailMessage.from = $from_address
    $MailMessage.To.add($to_address)
    $MailMessage.IsBodyHtml = 1

    $MailMessage.Subject = "Windows 365 Defender missing servers"
    $MailMessage.Body += "<FONT FACE='Arial, Helvetica, Geneva'><h3>The following servers are missing in Windows 365 Defender:</h3><br>"

    foreach ($server in $servers) {
        if ($server.InDefender -eq $false -and !$skiplist.Contains($server.Name)) {
            $MailMessage.Body += $server.Name + "<br>"
        }
    }

    $MailMessage.Body += "</font>"

    $SmtpClient.Send($MailMessage)
}

foreach ($server in $ad_servers) {

    $server | Add-Member -MemberType NoteProperty -Name 'InDefender' -Value (IsMachineInDefender($server.Name)) -Force
}

sendEmail $ad_servers
	import-module ActiveDirectory

	# Configuration
	$tenantId = '' ### Paste your tenant ID here
	$appId = '' ### Paste your Application ID here
	$appSecret = '' ### Paste your Application secret here
	$skiplist = "" # Specifcy items as a list: "SERVER1","SERVER2","SERVER3"
	$mailserver = "mailserver.host.com" # Mailserver (SMTP)
	$from_address = "from@host.com" # From address
	$to_address = "to@host.com" # To address

	# Start of script
	$resourceAppIdUri = 'https://api.securitycenter.microsoft.com'
	$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token"
	$authBody = [Ordered] @{
	resource = "$resourceAppIdUri"
	client_id = "$appId"
	client_secret = "$appSecret"
	grant_type = 'client_credentials'
	}
	$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
	$token = $authResponse.access_token

	$url = "https://api-eu.securitycenter.windows.com/api/machines"

	# Set the WebRequest headers
	$headers = @{
	'Content-Type' = 'application/json'
	Accept = 'application/json'
	Authorization = "Bearer $token"
	}

	$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
	$machines = ($response \| ConvertFrom-Json).value

	$ad_servers = Get-ADComputer -Filter 'operatingsystem -like "server" -and enabled -eq "true"' -Properties Name, Operatingsystem, OperatingSystemVersion, IPv4Address

	function IsMachineInDefender ($server_name) {
	foreach ($machine in $machines) {

	$server_name = $server_name.ToUpper()

	if ($null -ne $machine.computerDnsName) {
	$machine_name = $machine.computerDnsName.Split(".")[0]
	}
	else {
	continue
	}

	if ($server_name -eq $machine_name) {
	return $true
	}
	}

	return $false
	}

	function sendEmail($servers) {
	$SmtpClient = new-object system.net.mail.smtpClient
	$MailMessage = New-Object system.net.mail.mailmessage

	$SmtpClient.Host = $mailserver
	$MailMessage.from = $from_address
	$MailMessage.To.add($to_address)
	$MailMessage.IsBodyHtml = 1

	$MailMessage.Subject = "Windows 365 Defender missing servers"
	$MailMessage.Body += "<FONT FACE='Arial, Helvetica, Geneva'><h3>The following servers are missing in Windows 365 Defender:</h3><br>"

	foreach ($server in $servers) {
	if ($server.InDefender -eq $false -and !$skiplist.Contains($server.Name)) {
	$MailMessage.Body += $server.Name + "<br>"
	}
	}

	$MailMessage.Body += "</font>"

	$SmtpClient.Send($MailMessage)
	}

	foreach ($server in $ad_servers) {

	$server \| Add-Member -MemberType NoteProperty -Name 'InDefender' -Value (IsMachineInDefender($server.Name)) -Force
	}

	sendEmail $ad_servers