Last active
August 10, 2021 09:50
-
-
Save maartendamen/96f62c68e682e1f6944f7d1f7d8660d5 to your computer and use it in GitHub Desktop.
PowerShell script for cross checking Active Directory and Defender 365 inventory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import-module ActiveDirectory | |
# Configuration | |
$tenantId = '' ### Paste your tenant ID here | |
$appId = '' ### Paste your Application ID here | |
$appSecret = '' ### Paste your Application secret here | |
# Start of script | |
$resourceAppIdUri = 'https://api.securitycenter.microsoft.com' | |
$oAuthUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" | |
$authBody = [Ordered] @{ | |
resource = "$resourceAppIdUri" | |
client_id = "$appId" | |
client_secret = "$appSecret" | |
grant_type = 'client_credentials' | |
} | |
$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop | |
$token = $authResponse.access_token | |
$url = "https://api-eu.securitycenter.windows.com/api/machines" | |
# Set the WebRequest headers | |
$headers = @{ | |
'Content-Type' = 'application/json' | |
Accept = 'application/json' | |
Authorization = "Bearer $token" | |
} | |
$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop | |
$machines = ($response | ConvertFrom-Json).value | |
$ad_servers = Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' -Properties Name, Operatingsystem, OperatingSystemVersion, IPv4Address | |
function IsMachineInDefender ($server_name) { | |
foreach ($machine in $machines) { | |
$server_name = $server_name.ToUpper() | |
if ($null -ne $machine.computerDnsName) { | |
$machine_name = $machine.computerDnsName.Split(".")[0] | |
} | |
else { | |
continue | |
} | |
if ($server_name -eq $machine_name) { | |
return $true | |
} | |
} | |
return $false | |
} | |
foreach ($server in $ad_servers) { | |
$server | Add-Member -MemberType NoteProperty -Name 'In Defender 365' -Value (IsMachineInDefender($server.Name)) -Force | |
} | |
$ad_servers | Select-Object -Property Name, "In Defender 365" | Out-GridView -Title "Windows Defender 365 AD Server Overview" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment