Skip to content

Instantly share code, notes, and snippets.

@pmatthews05

pmatthews05/ConnectionToCompliancePS.ps1

Created May 4, 2018 08:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pmatthews05/b58371bfbff173332348103b46e8481b to your computer and use it in GitHub Desktop.
Save pmatthews05/b58371bfbff173332348103b46e8481b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ConnectionToCompliancePS.ps1
#Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client
#Need to set AllowBasic, AllowDigest, AllowUnencryptedTraffic to 1
#Run this to connect to session
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName "Microsoft.Exchange" -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
##Be sure to disconnect at the end.
#Remove-PSSession $Session
Raw
CreateRentionSchedule.ps1
<#
. Steps: Import and Publish Compliance Tag
○ Load compliance tag csv file
○ Validate csv file input
○ Create compliance tag
○ Create compliance policy
○ Publish compliance tag for the policy
○ Generate the log for tags creation
○ Generate the csv result for the tags created and published
. Syntax
.\Publish-ComplianceTag.ps1 [-LabelListCSV <string>] [-PolicyListCSV <string>]
. Detailed Description
1) [-LabelListCSV <string>]
-LabelListCSV ".\SampleInputFile_LabelList.csv"
Load compliance tag for creation.
2) [-PolicyListCSV <string>]
-PolicyListCSV ".\SampleInputFile_PolicyList.csv"
Load compliance tag for creation.
#>
param (
[Parameter(Mandatory = $true)]
[string]$LabelListCSV = "",
[Parameter(Mandatory = $true)]
[string]$PolicyListCSV = "",
[Switch]$ResultCSV
)
# -------------------
# File operation
# -------------------
Function FileExist
{
Param(
# File path needed to check
[Parameter(Mandatory = $true)]
[String]$FilePath,
[Switch]$Warning
)
$inputFileExist = Test-Path $FilePath
if (!$inputFileExist)
{
if ($Warning -eq $false)
{
WriteToLog -Type "Failed" -Message "[File: $FilePath] The file doesn't exist"
throw
}
else
{
WriteToLog -Type "Warning" -Message "[File: $FilePath] The file doesn't exist"
}
}
else
{
WriteToLog -Type "Succeed" -Message "[File: $FilePath] The file is found"
}
}
# -------------------
# Log operation
# -------------------
Function WriteToLog
{
Param(
# Message want to write to log file
[Parameter(Mandatory = $true)]
[String]$Message,
# "Succeed" or "Faild"
[String]$Type = "Message"
)
$date = Get-Date -Format 'HH:mm:ss'
$logInfo = $date + " - [$Type] " + $Message
$logInfo | Out-File -FilePath $logfilePath -Append
if ($Type -eq "Succeed") { Write-Host $logInfo -ForegroundColor Green }
elseif ($Type -eq "Failed") { Write-Host $logInfo -ForegroundColor Red }
elseif ($Type -eq "Warning") { Write-Host $logInfo -ForegroundColor Yellow }
elseif ($Type -eq "Start") { Write-Host $logInfo -ForegroundColor Cyan }
else { Write-Verbose $logInfo }
}
Function Create-Log
{
Param(
# Log folder Root
[Parameter(Mandatory = $true)]
[String]$LogFolderRoot,
# The function Log file for
[Parameter(Mandatory = $true)]
[String]$LogFunction
)
$logFolderPath = "$LogFolderRoot\logfiles"
$folderExist = Test-Path "$logFolderPath"
if (!$folderExist)
{
$folder = New-Item "$logFolderPath" -type directory
}
$date = Get-Date -Format 'MMddyyyy_HHmmss'
$logfilePath = "$logFolderPath\Log_{0}_{1}.txt" -f $LogFunction, $date
Write-Verbose "Log file is writen to: $logfilePath"
$logfile = New-Item $logfilePath -type file
return $logfilePath
}
Function Create-ResultCSV
{
Param(
# Result folder Root
[Parameter(Mandatory = $true)]
[String]$ResultFolderRoot,
# The function Result file for
[Parameter(Mandatory = $true)]
[String]$ResultFunction
)
$retFolderPath = "$ResultFolderRoot\logfiles"
$folderExist = Test-Path "$retFolderPath"
if (!$folderExist)
{
$folder = New-Item "$retFolderPath" -type directory
}
$date = Get-Date -Format 'MMddyyyy_HHmmss'
$retfilePath = "$retFolderPath\Result_{0}_{1}.csv" -f $ResultFunction, $date
Write-Verbose "Result file is writen to: $retfilePath"
$retfile = New-Item $retfilePath -type file
return $retfilePath
}
# -------------------
# Prepare Log File
# -------------------
$scriptPath = '.\'
$logfilePath = Create-Log -LogFolderRoot $scriptPath -LogFunction "Publish_Compliance_Tag"
if ($ResultCSV)
{
$tagRetFile = Create-ResultCSV -ResultFolderRoot $scriptPath -ResultFunction "Tag_Creation"
$tagPubRetFile = Create-ResultCSV -ResultFolderRoot $scriptPath -ResultFunction "Tag_Publish"
}
# -------------------
# Invoke Powershell cmdlet
# -------------------
Function InvokePowerShellCmdlet
{
Param(
[Parameter(Mandatory = $true)]
[String]$CmdLet
)
try
{
WriteToLog -Type "Start" -Message "Execute Cmdlet : '$CmdLet'"
return Invoke-Expression $CmdLet -ErrorAction SilentlyContinue
}
catch
{
WriteToLog -Type "Failed" "Failed to execute cmdlet!"
WriteToLog -Type "Failed" $error[0]
return $null
}
}
# -------------------
# Create Compliance Tag
# -------------------
Function CreateComplianceTag
{
Param(
# File path needed to check
[Parameter(Mandatory = $true)]
[String]$FilePath
)
WriteToLog -Type "Start" "Start to create Compliance Tag"
FileExist $FilePath
# TODO Validate CSV file for the Header
try
{
# Import csv
$labels = Import-Csv $FilePath
# Retrieve existing compliance tags
$tags = InvokePowerShellCmdlet "Get-ComplianceTag"
foreach($lab in $labels)
{
# Cmdlet parameters
$para = [String]::Empty;
$name = [String]::Empty;
$cmdlet = 'New-ComplianceTag'
if ([String]::IsNullOrEmpty($lab.'Name (Required)'))
{
WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
throw;
}
else
{
$name = $lab.'Name (Required)'
$cmdlet += " -Name '" + $name + "'"
}
if (![String]::IsNullOrEmpty($lab.'Comment (Optional)'))
{
$para = $lab.'Comment (Optional)'
$cmdlet += " -Comment '" + $para + "'"
}
if (![String]::IsNullOrEmpty($lab.'IsRecordLabel (Required)'))
{
$para = $lab.'IsRecordLabel (Required)'
$cmdlet += " -IsRecordLabel " + $para
}
if (![String]::IsNullOrEmpty($lab.'RetentionAction (Optional)'))
{
$para = $lab.'RetentionAction (Optional)'
$cmdlet += " -RetentionAction " + $para
}
if (![String]::IsNullOrEmpty($lab.'RetentionDuration (Optional)'))
{
$para = $lab.'RetentionDuration (Optional)'
$cmdlet += " -RetentionDuration " + $para
}
if (![String]::IsNullOrEmpty($lab.'RetentionType (Optional)'))
{
$para = $lab.'RetentionType (Optional)'
$cmdlet += " -RetentionType " + $para
}
if (![String]::IsNullOrEmpty($lab.'ReviewerEmail (Optional)'))
{
$emails = $lab.'ReviewerEmail (Optional)'.Split(",") | ForEach-Object { $_.Trim() }
if (($emails -ne $null) -and ($emails.Count -ne 0))
{
$eml = '@('
foreach($email in $emails)
{
$eml += "'{0}'," -f $email
}
$eml = $eml.Substring(0, $eml.Length - 1) + ')'
$cmdlet += " -ReviewerEmail " + $eml
}
}
# If the tag already exists, skip for creation
if (($tags -eq $null) -or ($tags | ? { $_.Name.ToLower() -eq $name.ToLower() }) -eq $null)
{
# Create compliance tag
$msg = "Execute Cmdlet : {0}" -f $cmdlet
$ret = InvokePowerShellCmdlet $cmdlet
if ($ret -eq $null)
{
WriteToLog -Type "Failed" $error[0]
break;
}
}
else
{
WriteToLog -Type "Warning" -Message "The tag '$name' already exists! Skip for creation!"
}
}
}
catch
{
WriteToLog -Type "Failed" "Error in input"
}
}
# -------------------
# Create Retention Compliance Policy
# -------------------
Function CreateRetentionCompliancePolicy
{
Param(
# File path needed to check
[Parameter(Mandatory = $true)]
[String]$FilePath
)
WriteToLog -Type "Start" "Start to Create Retention Policy"
FileExist $FilePath
try
{
# Import csv
$list = Import-Csv -Path $FilePath
# Retrieve existing retention compliance policy
$policies = InvokePowerShellCmdlet "Get-RetentionCompliancePolicy"
foreach($rp in $list)
{
# Cmdlet parameters
$para = [String]::Empty;
$name = [String]::Empty;
$rpid = [String]::Empty;
$cmdlet = 'New-RetentionCompliancePolicy'
if ([String]::IsNullOrEmpty($rp.'Policy Name (Required)'))
{
WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
throw;
}
else
{
$name = $rp.'Policy Name (Required)'
$cmdlet += " -Name '" + $name + "'"
}
if ([String]::IsNullOrEmpty($rp.'Enabled (Required)'))
{
WriteToLog -Type "Failed" -Message "Could not acquire table for writing."
throw;
}
else
{
$enabled = $rp.'Enabled (Required)'
$cmdlet += " -Enabled " + $enabled
}
if (![String]::IsNullOrEmpty($rp.'ExchangeLocation (Optional)'))
{
$para = $rp.'ExchangeLocation (Optional)'
$cmdlet += " -ExchangeLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'ExchangeLocationException (Optional)'))
{
$para = $rp.'ExchangeLocationException (Optional)'
$cmdlet += " -ExchangeLocationException " + $para
}
if (![String]::IsNullOrEmpty($rp.'ModernGroupLocation (Optional)'))
{
$para = $rp.'ModernGroupLocation (Optional)'
$cmdlet += " -ModernGroupLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'ModernGroupLocationException (Optional)'))
{
$para = $rp.'ModernGroupLocationException (Optional)'
$cmdlet += " -ModernGroupLocationException " + $para
}
if (![String]::IsNullOrEmpty($rp.'OneDriveLocation (Optional)'))
{
$para = $rp.'OneDriveLocation (Optional)'
$cmdlet += " -OneDriveLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'OneDriveLocationException (Optional)'))
{
$para = $rp.'OneDriveLocationException (Optional)'
$cmdlet += " -OneDriveLocationException " + $para
}
if (![String]::IsNullOrEmpty($rp.'SharePointLocation (Optional)'))
{
$para = $rp.'SharePointLocation (Optional)'
$cmdlet += " -SharePointLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'SharePointLocationException (Optional)'))
{
$para = $rp.'SharePointLocationException (Optional)'
$cmdlet += " -SharePointLocationException " + $para
}
if (![String]::IsNullOrEmpty($rp.'PublicFolderLocation (Optional)'))
{
$para = $rp.'PublicFolderLocation (Optional)'
$cmdlet += " -PublicFolderLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'SkypeLocation (Optional)'))
{
$para = $rp.'SkypeLocation (Optional)'
$cmdlet += " -SkypeLocation " + $para
}
if (![String]::IsNullOrEmpty($rp.'SkypeLocationException (Optional)'))
{
$para = $rp.'SkypeLocationException (Optional)'
$cmdlet += " -SkypeLocationException " + $para
}
# If the policy already exists, skip for creation
if (($policies -eq $null) -or ($policies | ? { $_.Name.ToLower() -eq $name.ToLower() }) -eq $null)
{
# Create retention compliance policy
$msg = "Execute Cmdlet : {0}" -f $cmdlet
$ret = invokepowershellcmdlet $cmdlet
if ($ret -eq $null)
{
WriteToLog -Type "Failed" $error[0]
break;
}
$rpid = $ret.Guid
}
else
{
WriteToLog -Type "Warning" -Message "The policy '$name' already exists! Skip for creation!"
$rpid = ($policies | ? { $_.Name.ToLower() -eq $name.ToLower() }).Guid
}
# Retrieve tag name for publishing
$ts = $rp.'PublishComplianceTag (Required)'
$tagList = $ts.Split(",") | ForEach-Object { $_.Trim() }
WriteToLog -Type "Message" -Message "Publish Tags : '$ts'"
PublishComplianceTag -PolicyGuid $rpid -TagName $tagList
}
}
catch
{
WriteToLog -Type "Failed" "Error in input"
}
}
# -------------------
# Publish Compliance Tag
# -------------------
Function PublishComplianceTag
{
Param(
[Parameter(Mandatory = $true)]
[String]$PolicyGuid,
[Parameter(Mandatory = $true)]
[String[]]$TagNames
)
WriteToLog -Type "Start" "Start to Publish Compliance Tag"
try
{
# Retrieve existing rule related to the given compliance policy
$rule = InvokePowerShellCmdlet ("Get-RetentionComplianceRule -Policy {0}" -f $PolicyGuid)
$tagGuids = New-Object System.Collections.ArrayList
foreach ($tn in $TagNames)
{
$t = InvokePowerShellCmdlet ("Get-ComplianceTag {0}" -f $tn)
$tagGuids.Add($t.Guid) | Out-Null
}
if ($rule -ne $null)
{
foreach ($r in $rule)
{
if ([String]::IsNullOrEmpty($r.PublishComplianceTag))
{
continue;
}
else
{
$tl = $r.PublishComplianceTag.Split(",")
if ($tagGuids.Contains([GUID]$tl[0]))
{
$tagGuids.Remove([GUID]$tl[0]);
}
}
}
}
foreach($t in $tagGuids)
{
# Publish compliance tag
$cmdlet = "New-RetentionComplianceRule -Policy {0} -PublishComplianceTag {1}" -f $PolicyGuid, $t
$ret = InvokePowerShellCmdlet $cmdlet
if ($ret -eq $null)
{
WriteToLog -Type "Failed" $error[0]
break;
}
}
}
catch
{
WriteToLog -Type "Failed" "Error in input"
}
}
# -------------------
# Export All Labels Created in The Process
# -------------------
Function ExportCreatedComplianceTag
{
Param(
[Parameter(Mandatory = $true)]
[String]$LabelFilePath
)
WriteToLog -Type "Start" "Start to Export Compliance Tag Created"
try
{
# Import input csv
$labels = Import-Csv $LabelFilePath
# Create result table
$tabName = "ResultTable"
$table = New-Object system.Data.DataTable “$tabName”
$col1 = New-Object system.Data.DataColumn Name,([string])
$col2 = New-Object system.Data.DataColumn Comment,([string])
$col3 = New-Object system.Data.DataColumn IsRecordLabel,([string])
$col4 = New-Object system.Data.DataColumn RetentionAction,([string])
$col5 = New-Object system.Data.DataColumn RetentionDuration,([string])
$col6 = New-Object system.Data.DataColumn RetentionType,([string])
$col7 = New-Object system.Data.DataColumn ReviewerEmail,([string])
# Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)
$table.columns.add($col4)
$table.columns.add($col5)
$table.columns.add($col6)
$table.columns.add($col7)
foreach($lab in $labels)
{
$t = InvokePowerShellCmdlet ("Get-ComplianceTag '{0}' " -f $lab.'Name (Required)')
# Create a result row
$row = $table.NewRow()
$row['Name'] = $t.Name
$row['Comment'] = $t.Comment
$row['IsRecordLabel'] = $t.IsRecordLabel
$row['RetentionAction'] = $t.RetentionAction
$row['RetentionDuration'] = $t.RetentionDuration
$row['RetentionType'] = $t.RetentionType
$row['ReviewerEmail'] = $t.ReviewerEmail
# Add the row to the table
$table.Rows.Add($row)
}
$table | Export-Csv $tagRetFile -NoTypeInformation
}
catch
{
WriteToLog -Type "Failed" "Error in exporting results."
}
}
# -------------------
# Export All Published Labels and Policies in The Process
# -------------------
Function ExportPublishedComplianceTagAndPolicy
{
Param(
[Parameter(Mandatory = $true)]
[String[]]$PolicyFilePath
)
WriteToLog -Type "Start" "Start to Export Published Compliance Tag and Policy"
try
{
# Import input csv
$policies = Import-Csv $PolicyFilePath
# Create result table
$tabName = "ResultTable"
$table = New-Object system.Data.DataTable “$tabName”
$col1 = New-Object system.Data.DataColumn 'Policy Name',([string])
$col2 = New-Object system.Data.DataColumn PublishComplianceTag,([string])
$col3 = New-Object system.Data.DataColumn Comment,([string])
$col4 = New-Object system.Data.DataColumn Enabled,([string])
$col5 = New-Object system.Data.DataColumn ExchangeLocation,([string])
$col6 = New-Object system.Data.DataColumn ExchangeLocationException,([string])
$col7 = New-Object system.Data.DataColumn ModernGroupLocation,([string])
$col8 = New-Object system.Data.DataColumn ModernGroupLocationException,([string])
$col9 = New-Object system.Data.DataColumn OneDriveLocation,([string])
$col10 = New-Object system.Data.DataColumn OneDriveLocationException,([string])
$col11 = New-Object system.Data.DataColumn PublicFolderLocation,([string])
$col12 = New-Object system.Data.DataColumn SharePointLocation,([string])
$col13 = New-Object system.Data.DataColumn SharePointLocationException,([string])
$col14 = New-Object system.Data.DataColumn SkypeLocation,([string])
$col15 = New-Object system.Data.DataColumn SkypeLocationException,([string])
# Add the Columns
$table.columns.add($col1)
$table.columns.add($col2)
$table.columns.add($col3)
$table.columns.add($col4)
$table.columns.add($col5)
$table.columns.add($col6)
$table.columns.add($col7)
$table.columns.add($col8)
$table.columns.add($col9)
$table.columns.add($col10)
$table.columns.add($col11)
$table.columns.add($col12)
$table.columns.add($col13)
$table.columns.add($col14)
$table.columns.add($col15)
foreach($policy in $policies)
{
$t = InvokePowerShellCmdlet ("Get-RetentionCompliancePolicy '{0}' -DistributionDetail" -f $policy.'Policy Name (Required)')
# Create a result row
$row = $table.NewRow()
$row['Policy Name'] = $t.Name
$rules = InvokePowerShellCmdlet ("Get-RetentionComplianceRule -Policy {0}" -f $t.Guid)
$tagList = [String]::Empty
foreach($rule in $rules)
{
if ([String]::IsNullOrEmpty($rule.PublishComplianceTag) -eq $False)
{
$tName = $rule.PublishComplianceTag.Split(',')[1]
$tagList = [String]::Concat($tagList, $tName, ",")
}
}
if (![String]::IsNullOrEmpty($tagList))
{
$tagList = $tagList.Substring(0, $tagList.LastIndexOf(','))
}
$row['PublishComplianceTag'] = $tagList
$row['Comment'] = $t.Comment
$row['Enabled'] = $t.Enabled
$row['ExchangeLocation'] = $t.ExchangeLocation
$row['ExchangeLocationException'] = $t.ExchangeLocationException
$row['ModernGroupLocation'] = $t.ModernGroupLocation
$row['ModernGroupLocationException'] = $t.ModernGroupLocationException
$row['OneDriveLocation'] = $t.OneDriveLocation
$row['OneDriveLocationException'] = $t.OneDriveLocationException
$row['PublicFolderLocation'] = $t.PublicFolderLocation
$row['SharePointLocation'] = $t.SharePointLocation
$row['SharePointLocationException'] = $t.SharePointLocationException
$row['SkypeLocation'] = $t.SkypeLocation
$row['SkypeLocationException'] = $t.SkypeLocationException
# Add the row to the table
$table.Rows.Add($row)
}
$table | Export-Csv $tagPubRetFile -NoTypeInformation
}
catch
{
WriteToLog -Type "Failed" "Error in exporting results."
}
}
# Create compliance tag
CreateComplianceTag -FilePath $LabelListCSV
# Create retention policy and publish compliance tag with the policy
CreateRetentionCompliancePolicy -FilePath $PolicyListCSV
# Export to result csv
if ($ResultCSV)
{
ExportCreatedComplianceTag -LabelFilePath $LabelListCSV
ExportPublishedComplianceTagAndPolicy -PolicyFilePath $PolicyListCSV
}
Raw
publishLabels,csv
Policy Name (Required),PublishComplianceTag (Required),Comment (Optional),Enabled (Required),ExchangeLocation (Optional),ExchangeLocationException (Optional),ModernGroupLocation (Optional),ModernGroupLocationException (Optional),OneDriveLocation (Optional),OneDriveLocationException (Optional),PublicFolderLocation (Optional),SharePointLocation (Optional),SharePointLocationException (Optional),SkypeLocation (Optional),SkypeLocationException (Optional)
Publishing Policy Red1,"LabelName_t_1, LabelName_t_2, LabelName_t_3, LabelName_t_4",N/A,$true,All,,All,,All,,,All,,,
Publishing Policy Orange1,"LabelName_t_1, LabelName_t_2",N/A,$true,All,,,,,,,,,,
Publishing Policy Yellow1,"LabelName_t_3, LabelName_t_4",N/A,$false,,,,,,,,,,,
Raw
Retension.csv
Name (Required) Comment (Optional) IsRecordLabel (Required) RetentionAction (Optional) RetentionDuration (Optional) RetentionType (Optional) ReviewerEmail (Optional)
LabelName_t_1 Record - keep and delete - 2 years $true KeepAndDelete 730 CreationAgeInDays
LabelName_t_2 Keep and delete tag - 7 years $false KeepAndDelete 2555 ModificationAgeInDays
LabelName_t_3 5 year delete $false Delete 1825 TaggedAgeInDays
LabelName_t_4 Record label tag - financial $true Keep 730 CreationAgeInDays
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment