pmatthews05

#Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client
#Need to set AllowBasic, AllowDigest, AllowUnencryptedTraffic to 1

#Run this to connect to session
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName "Microsoft.Exchange" -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

##Be sure to disconnect at the end.
#Remove-PSSession $Session

pmatthews05

<#
.SYNOPSIS
Set the New Menu on a document library.

.DESCRIPTION
Sets the New Menu on a document libary, allow you to hide content types you don't want to show. This will grab all list content types currently assigned to the library.

Default Content Types used by Microsoft 'Folder', 'Word document', 'Excel workbook', 'PowerPoint presentation', 'OneNote notebook' 'Visio drawing', 'Link'

.EXAMPLE

pmatthews05

#Once signed into Azure CLI
$Token = az account get-access-token --resource-type "aad-graph" | ConvertFrom-Json
$AzAccount = az account show | ConvertFrom-Json
Connect-AzureAD -AadAccessToken $($Token.accessToken) -AccountId:$($AzAccount.User.Name) -TenantId:$($AZAccount.tenantId)

pmatthews05

#Install AzureAD
Write-Information -MessageData:"Getting if the AzureAD powershell module is available..."
if(-not (Get-Module AzureAD)) {
    Write-Information -MessageData:"Installing the NuGet Package provider..."
    Install-PackageProvider -Name:NuGet -Force -Scope:CurrentUser

    Write-Information -MessageData:"Installing the AzureAD Powershell Module..."
    Install-Module AzureAD -Scope:CurrentUser -Force
}

pmatthews05

$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(2)

write-output $newClientSecret

pmatthews05

Write-Information "Updating KeyCredential Usage Sign..."
New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

Write-Information "Updating KeyCredential Usage Verify..."
New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

Write-Information "Updating PasswordCredential..."
New-AzureADServicePrincipalPasswordCredential -ObjectId $serviceprincipal.ObjectId -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

pmatthews05

Write-Information "Remove all KeyCredential started before $(Get-Date $dtStart -Format 'O' )..."
$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'" 
$serviceprincipal.KeyCredentials | ForEach-Object{
    $credential = $PSItem
    if($($credential.StartDate) -lt $dtStart)
    {
        Write-Information -MessageData:"Removing KeyCredential $($credential.KeyId)"
        Remove-AzureADServicePrincipalKeyCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
    }
}

pmatthews05

<#
.SYNOPSIS
Updates the SharePoint Add-in Secret everytime.
It expects that you are already connected to Azure AD

.EXAMPLE
.\Update-SharePointAddIn.ps1 -SharePointAddInName "Demo App"

#>
param(

pmatthews05

$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq 'Demo App'" 
#OR If using APP ID.
$serviceprincipalByID = Get-AzureADServicePrincipal -All:$true -Filter "AppId eq 'ab739749-827d-4437-90e5-bf181c5407e0'" 

pmatthews05

.\Set-AuditLogs.ps1 -ClientId:<ClientID> 
                    -ClientSecret:<AppSecret> 
                    -TenantDomain:<Tenant>.onmicrosoft.com 
                    -TenantGUID:<Directory ID> 
                    -WebHookUrl:https://<Environment>-auditwebhook.azurewebsites.net/API/AuditWebHook 
                    -ContentType:Audit.SharePoint