Skip to content

Instantly share code, notes, and snippets.

View michevnew's full-sized avatar

Vasil Michev michevnew

69 followers · 0 following
View GitHub Profile
@michevnew
michevnew / mg_user_remove_all_licenses.ps1
Created October 22, 2021 09:16
Bulk remove licenses for a list of users via the Microsoft Graph PowerShell module
Connect-MgGraph -Tenant tenant.onmicrosoft.com -Scopes User.ReadWrite.All
#Import the list of users, or generate it dynamically as needed
$users = Import-Csv .\Users-to-disable.csv
#$users = Get-MgUser -Filter "Department eq 'Marketing'"
foreach ($user in $users) {
Write-Verbose "Processing licenses for user $($user.UserPrincipalName)"
try { $user = Get-MgUser -UserId $user.UserPrincipalName -ErrorAction Stop }
catch { Write-Verbose "User $($user.UserPrincipalName) not found, skipping..." ; continue }
@michevnew
michevnew / AAD_user_remove_all_licenses.ps1
Created October 21, 2021 08:09
Bulk remove licenses for a list of users via the Azure AD PowerShell module
$users = Import-Csv .\Users-to-disable.csv
foreach ($user in $users) {
Write-Verbose "Processing licenses for user $($user.UserPrincipalName)"
try { $user = Get-AzureADUser -ObjectId $user.UserPrincipalName -ErrorAction Stop }
catch { continue }
$SKUs = @($user.AssignedLicenses)
if (!$SKUs) { Write-Verbose "No Licenses found for user $($user.UserPrincipalName), skipping..." ; continue }
@michevnew
michevnew / Graph_SecurityDefaults
Created August 11, 2020 12:47
Toggle Azure AD Security Defaults on or off via Graph API
#Set the authentication details
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.Read.All and Policy.ReadWrite.ConditionalAccess scopes granted
$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app
$body = @{
client_id = $AppId
scope = "https://graph.microsoft.com/.default"
client_secret = $client_secret
grant_type = "client_credentials"
@michevnew
michevnew / Graph_Block_MSOL_PS
Last active September 21, 2023 00:46
Use the Graph API endpoints to block access to MSOnline PowerShell cmdlets
#Set the authentication details
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.ReadWrite.Authorization scope granted.
$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app
$body = @{
client_id = $AppId
scope = "https://graph.microsoft.com/.default"
client_secret = $client_secret
grant_type = "client_credentials"
@michevnew
michevnew / http_full_error_message
Created August 9, 2020 06:06
HTTP error handler
$authHeader = @{
'Authorization'=$authenticationResult.Result.CreateAuthorizationHeader()
'Content-Type' = 'application\json'
}
$uri = "https://graph.microsoft.com/v1.0/users/user@tenant.onmicrosoft.com"
$body = @{mobilePhone="+421905111222"} | ConvertTo-Json
try {
Invoke-WebRequest -Method Patch -Uri $uri -Body $body -Verbose -Headers $authHeader -ContentType "application/json"
@michevnew
michevnew / aliases_remove_bulk.ps1
Last active August 8, 2020 11:15
Bulk remove proxy addresses matching a pattern
$mailboxes = Get-Mailbox | Select-Object Alias,ExchangeGuid,Emailaddresses
foreach ($mailbox in $mailboxes) {
$aliases = $mailbox | select -ExpandProperty EmailAddresses | ? {$_.Split(":")[1] -notlike 'string*'}
if ($aliases.Count -eq $mailbox.EmailAddresses.Count) {continue}
if ($aliases | ? {$_ -cmatch "SMTP:"}) {
$emailaddresses = $aliases
}
elseif (!$aliases) { $emailaddresses = $("SMTP:" + $mailbox.Alias + "@" + (Get-AcceptedDomain | ? {$_.Default -eq $true}).Name) }
@michevnew
michevnew / calendar_permissions_bulk
Created August 8, 2020 10:57
Set the default permission for all user calendars
$calendars = Get-Mailbox -RecipientTypeDetails UserMailbox | Get-MailboxFolderStatistics | ? {$_.FolderType -eq "Calendar"} | select @{n="Identity"; e={$_.Identity.Replace("\",":\")}}
$calendars | % {Set-MailboxFolderPermission -Identity $_.Identity -User Default -AccessRights AvailabilityOnly}
@michevnew
michevnew / folder_permissions_bulk
Created August 8, 2020 10:53
Add folder level permissions on all folders in a given mailbox
$mailbox = "shared@domain.com"
$folders = Get-MailboxFolderStatistics $mailbox | ? {$_.FolderType -ne “Root” -and $_.FolderType -ne “Recoverableitemsroot” -and $_.FolderType -ne “Audits” -and $_.FolderType -ne “CalendarLogging” -and $_.FolderType -ne “RecoverableItemsDeletions” -and $_.FolderType -ne “RecoverableItemspurges” -and $_.FolderType -ne “RecoverableItemsversions”}
Add-MailboxFolderPermission $mailbox -User user@domain.com -AccessRights Reviewer #root permissions
foreach ($folder in $folders) {
$FolderPath = $folder.FolderPath.Replace("/","\").Replace([char]63743,"/") #with PowerShell v3 'fix'
$MailboxFolder = "$mailbox`:$FolderPath"
Add-MailboxFolderPermission "$MailboxFolder" -User user@domain.com -AccessRights Reviewer
@michevnew
michevnew / msol_user_remove_all_licenses.ps1
Created August 8, 2020 10:42
Remove all licenses from a given user via the MSOL module
$users = Import-Csv .\Users-to-disable.csv
foreach ($user in $users) {
Write-Verbose "Processing licenses for user $($user.UserPrincipalName)"
try { $user = Get-MsolUser -UserPrincipalName $user.UserPrincipalName -ErrorAction Stop }
catch { continue }
$SKUs = @($user.Licenses)
if (!$SKUs) { Write-Verbose "No Licenses found for user $($user.UserPrincipalName), skipping..." ; continue }
@michevnew
michevnew / ExO via client secret
Created August 1, 2020 09:45
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app
$client_secret = "XXXXXXXXXXXXXXXXXXXXXX" #client secret for the app
$body = @{
client_id = $AppId
scope = "https://outlook.office365.com/.default"
client_secret = $client_secret
grant_type = "client_credentials"
}