nathanmcnulty

# Connect to Microsoft Graph
Connect-MgGraph -Scopes Application.Read.All
 
# Get all Entra ID applications
$allApps = Get-MgApplication -All $true
$array = @()
# Loop through each application
foreach ($app in $allApps) {
    Write-Host "Application Name: $($app.DisplayName)"
 

nathanmcnulty

# Get Access Token
$auth = @{
    Method = "POST"
    Uri = "https://accounts-api.airthings.com/v1/token"
    Body = [Ordered] @{
        "grant_type" = "client_credentials"
        "client_id" = "49e83d9d-994b-4e8a-962d-a92cc9dfb874"
        "client_secret" = "58c5318a-afc0-4d0a-b517-42e650c2289e"
        "scope" = "read:device:current_values"
    }

nathanmcnulty

Get-ADComputer -Filter * | ForEach-Object { 
  $laps = (Get-LapsADPassword $_)
  $cred  = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $laps.Account, $laps.Password
  Invoke-Command -ComputerName $_ -Credential $cred -ScriptBlock { $env:COMPUTERNAME; (Get-ChildItem).Name }
}

nathanmcnulty

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v ASRRules /t REG_SZ /d "56a863a9-875e-4185-98a7-b882c64b5ce5=1|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=1|d4f940ab-401b-4efc-aadc-ad5f3c50688a=1|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=1|be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=1|01443614-cd74-433a-b99e-2ecdc07bfc25=1|5beb7efe-fd9a-4556-801d-275e5ffc04cc=1|d3e037e1-3eb8-44c8-a917-57927947596d=1|3b576869-a4ec-4529-8536-b80a7769e899=1|75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=1|26190899-1602-49e8-8b27-eb1d0a1ce869=1|e6db77e5-3df2-4cf1-b95a-636979351e5b=1|d1e49aac-8f56-4280-b9ba-993a6d77406c=1|b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=1|92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b=1|c1db55ab-c21a-4637-bb3f-a12568109d35=1"

nathanmcnulty

((Invoke-RestMethod -Uri ((Invoke-WebRequest -Uri "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" -UseBasicParsing ).links.href | Where-Object { $_ -like "*.json" })[0]).values | Where-Object { $_.name -eq "AzureAdvancedThreatProtection" }).properties.addressPrefixes | Where-Object { $_ -notlike "*:*" }

nathanmcnulty

[array]$results = "Recommendation,CPR,OS,KB,URL"
(Invoke-WebRequest -Uri "https://www.rockwellautomation.com/ms-patch-qualification/Tabs3_new.htm").links.href | ForEach-Object {
    $response = Invoke-WebRequest -Uri "https://www.rockwellautomation.com/$_"
    [array]$content = $response.ParsedHtml.body.innerHTML -split "`r`n" | Where-Object { $_ -match '<TD class' } | ForEach-Object { $_.Split('<>')[2..3] } | Where-Object { $_ -ne "" }
    $content | ForEach-Object { 
        if ($_ -eq "Fully Qualified") { $fq = $true }
        if ($fq) {
            if ($_ -like "SR*") { $sr = $_}
            if ($_ -in "2012R2","Win8_1x64","2016","Win10","2019","Win10_20H2") { $os = $_}
            if ($_ -like "*support.microsoft.com*") { $url = $_.Split('"')[1] }

nathanmcnulty

DeviceTvmSecureConfigurationAssessmentKB
| join (DeviceTvmSecureConfigurationAssessment | where IsCompliant == 0) on ConfigurationId
| summarize Devices = make_list(DeviceName), DeviceCount = dcount(DeviceName) by ConfigurationId, ConfigurationName, ConfigurationImpact, ConfigurationCategory, ConfigurationSubcategory, tostring(ConfigurationBenchmarks), RemediationOptions
| extend Impact = ConfigurationImpact * DeviceCount
| sort by Impact desc

nathanmcnulty

[string]$username= Read-Host -Prompt "Enter UserName"
$securedValue = Read-Host -AsSecureString -Prompt "uurPass"
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
$requestid = [System.Guid]::NewGuid().guid
$domain = ($username -split "@")[1]
Invoke-RestMethod -Method Get -UseBasicParsing ("https://login.microsoftonline.com/common/userrealm/$username" + "?api-version=1.0") -UserAgent $userAgent
$headers = @{
"client-request-id"=$requestid
"return-client-request-id"="true"

nathanmcnulty

E1D4D1D6379D54A742C068D377B7CA3203BCFEE462B651672B971013D8E01275
70CE17C721210994F1FDD64B2E5FDC299A137765760060B1761D8594C55A2306
03DD6140E9D304EB2A468A8620403D2B3EE0FCBCD0E67BB8DCAF1C9DF9EAC685
421E5DD5A8374CE5E4197D847D9233ECD0298355C053C8347F9F0CEF90E4EA66
A608E8B300061FA74759603F739EEAFF8BCE9418F6959098B429578CB8D801CE
C74B675264C380ECB5F3B88DF0CE9B3435D288CB30E94A1EF68DA129AEFF1933
F035C94BE4D5169F22C4FEC112BE1009235227DCCC6F70B2A8D1818804BC6E9E
52AE39457A3B6ED684EB684DB31D52F9B2AAA19970A0699C58A40069B21B140F
25DAE0CAAFCAF7CA51F6430EB488C8C06ED6B797201E35C145FC5AA23C6047D2
A6D421E9B692E6C347CCD0C9DAD1492534DE0147DC29F50470DE6CC0AF660F1E

nathanmcnulty

DeviceProcessEvents
| where FileName in ("AT.EXE","bash.exe","BitLockerWizard.exe","BitLockerWizardElev.exe","Bubbles","calc.exe","CDB.Exe","CertUtil.exe","charmap.exe","CLEANMGR.DLL","ClientConsole.EXE","Cmd.Exe","CMDL32.EXE","colorcpl.exe","ComputerDefaults.EXE","CONTROL.EXE","Credwiz.exe","CryptExt.dll","Csc.Exe","cscript.exe","csi.Exe","dccw.exe","DeviceEject.EXE","DeviceParing.exe","DeviceParing.exe","DeviceProperties.exe","dfshim.dll","DIALER.EXE","DISKPERF.EXE","dnx.Exe","DOSKEY.EXE","dsquery.dll","dvdplay","eventvwr.exe","expand","FC.EXE","FIND.EXE","FINDSTR.EXE","finger.exe","FONTVIEW.EXE","forfiles.exe","format.com","fsi.exe","FXSSVC.EXE","gprslt.exe","GPSCRIPT.EXE","GPUpdate.exe","Help.Exe","HH.exe","HWRREG.EXE","iexplore.exe","infdefaultinstall.exe","irftp.exe","iscsicli.exe","iscsicpl.exe","ISOBURN.EXE","Journal.exe","kd.Exe","LaunchTM.exe","lxrun.exe","lxssmanager.dll","lxssmanager.exe","manage-bde.exe","mip.exe","mmc.exe","mobsync.exe","MORE.COM","MSBuild.Exe","msconfig.EXE","msdt.exe","mshta.e