soteria-security / 365inspect Goto Github PK
View Code? Open in Web Editor NEWA PowerShell script that automates the security assessment of Microsoft 365 environments.
Home Page: https://soteria.io/solutions/soteria-inspect/
License: MIT License
A PowerShell script that automates the security assessment of Microsoft 365 environments.
Home Page: https://soteria.io/solutions/soteria-inspect/
License: MIT License
Describe the bug
Switch parameter is incorrectly set as a required parameter
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Parameter should not be required.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
Here is the output from the script. It says PnP Powershell is installed
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
message. Do you want to run C:\365inspect\365Inspect-main\365Inspect.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning
message. Do you want to run C:\365inspect\365Inspect-main\Write-ErrorLog.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Verifying environment.
Environment is 7.4.0
[+] PowerShellGet is installed.
Importing PowerShellGet
Environment is 7.4.0
[+] ExchangeOnlineManagement is installed.
Inporting ExchangeOnlineManagement
Importing Microsoft.Graph
Environment is 7.4.0
[+] Microsoft.Graph is installed.
Inporting ExchangeOnlineManagement
Importing Microsoft.Graph
Environment is 7.4.0
[+] PnP.PowerShell is installed.
Environment is 7.4.0
[+] MicrosoftTeams is installed.
Importing MicrosoftTeams
Connecting to Microsoft Graph
Welcome to Microsoft Graph!
Connected via delegated access using 14d82eec-204b-4c2f-b7e8-296a70dab67e
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs
NOTE: You can use the -NoWelcome parameter to suppress this message.
Connected via Graph to xxxxxxxxxxx
Connecting to Security and Compliance Center
We have made updates to move the SCC admin experience to REST-based APIs. In doing so, we will be deprecating the legacy Remote PowerShell (RPS) protocol starting July 15, 2023.
Benefits of REST-based cmdlets: improved security, WinRM no longer required for client-server communication, improved error handling.
The REST API has the same cmdlets available and feature parity with RPS(V1) cmdlets, so existing scripts and processes don't need to be updated. Simply using the new module will ensure REST is used rather than RPS.
Connecting to Exchange Online
Connecting to SharePoint Service
Connecting to SharePoint Service Failed.
Write-Error: C:\365inspect\365Inspect-main\365Inspect.ps1:387
Line |
387 | Connect-Services
| ~~~~~~~~~~~~~~~~
| The term 'Connect-PnPOnline' is not recognized as a name of a cmdlet, function, script file, or executable
| program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
| again.
PS C:\365inspect\365Inspect-main>
Description
If Inspector Module Output is too long (more than 25 items) the output is saved into a seperate txt-file with the name [findingname].txt. A Link to this file is then placed in the HTML-Report. If the links are clicked they never work.
This is because there is only the name of the finding into the report. It should be the findingname + "txt".
In the Script 365Inspect.ps1
Example
Inspector Module "UsersWithNoMFAConfigured" often generates more than 25 items and the text file can not be accessed via HTML-Report.
Solution
Line 472: $condensed = "<a href='{name}'>{count} Affected Objects Identified<a/>."
Should be: $condensed = "<a href='{name}.txt'>{count} Affected Objects Identified<a/>."
Hi, I installed all the modules and loaded them prior to running the script. However, it looks like it is trying to load them but gettings this result:
Environment is 7.3.4
[+] PowerShellGet is installed.
Importing PowerShellGet
Get-Package: No match was found for the specified search criteria and module names 'ExchangeOnlineManagement'.
InvalidArgument: C:\temp\365Inspect\365Inspect.ps1:192
Line |
192 | $installedVersion = [Version](((Get-InstalledModule -Name $mo …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert value "" to type "System.Version". Error: "Version string portion was too short or too long. (Parameter 'input')"
Get-Package: No match was found for the specified search criteria and module names 'ExchangeOnlineManagement'.
ExchangeOnlineManagement is not installed.
The module may be installed by running "Install-Module -Name ExchangeOnlineManagement -AllowPrerelease -AllowClobber -Force -MinimumVersion System.Collections.Hashtable" in an elevated PowerShell window.
Would you like to attempt installation now? (Y|N): Y
Install-Module: Cannot process argument transformation on parameter 'MinimumVersion'. Cannot create object of type "System.Version". The MinimumVersion property was not found for the System.Version object. The available property is: [Major <System.Int32>] , [Minor <System.Int32>] , [Build <System.Int32>] , [Revision <System.Int32>] , [MajorRevision <System.Int16>] , [MinorRevision <System.Int16>]
Get-Package: No match was found for the specified search criteria and module names 'Microsoft.Graph'.
InvalidArgument: C:\temp\365Inspect\365Inspect.ps1:192
Line |
192 | $installedVersion = [Version](((Get-InstalledModule -Name $mo …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert value "" to type "System.Version". Error: "Version string portion was too short or too long. (Parameter 'input')"
Get-Package: No match was found for the specified search criteria and module names 'Microsoft.Graph'.
Microsoft.Graph is not installed.
The module may be installed by running "Install-Module -Name Microsoft.Graph -AllowPrerelease -AllowClobber -Force -MinimumVersion System.Collections.Hashtable" in an elevated PowerShell window.
Would you like to attempt installation now? (Y|N): Y
Install-Module: Cannot process argument transformation on parameter 'MinimumVersion'. Cannot create object of type "System.Version". The MinimumVersion property was not found for the System.Version object. The available property is: [Major <System.Int32>] , [Minor <System.Int32>] , [Build <System.Int32>] , [Revision <System.Int32>] , [MajorRevision <System.Int16>] , [MinorRevision <System.Int16>]
Get-Package: No match was found for the specified search criteria and module names 'Microsoft.Online.SharePoint.PowerShell'.
InvalidArgument: C:\temp\365Inspect\365Inspect.ps1:192
Line |
192 | $installedVersion = [Version](((Get-InstalledModule -Name $mo …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert value "" to type "System.Version". Error: "Version string portion was too short or too long. (Parameter 'input')"
Get-Package: No match was found for the specified search criteria and module names 'Microsoft.Online.SharePoint.PowerShell'.
Microsoft.Online.SharePoint.PowerShell is not installed.
The module may be installed by running "Install-Module -Name Microsoft.Online.SharePoint.PowerShell -AllowPrerelease -AllowClobber -Force -MinimumVersion System.Collections.Hashtable" in an elevated PowerShell window.
Would you like to attempt installation now? (Y|N): Y
Install-Module: Cannot process argument transformation on parameter 'MinimumVersion'. Cannot create object of type "System.Version". The MinimumVersion property was not found for the System.Version object. The available property is: [Major <System.Int32>] , [Minor <System.Int32>] , [Build <System.Int32>] , [Revision <System.Int32>] , [MajorRevision <System.Int16>] , [MinorRevision <System.Int16>]
Get-Package: No match was found for the specified search criteria and module names 'MicrosoftTeams'.
InvalidArgument: C:\temp\365Inspect\365Inspect.ps1:192
Line |
192 | $installedVersion = [Version](((Get-InstalledModule -Name $mo …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Cannot convert value "" to type "System.Version". Error: "Version string portion was too short or too long. (Parameter 'input')"
Get-Package: No match was found for the specified search criteria and module names 'MicrosoftTeams'.
MicrosoftTeams is not installed.
The module may be installed by running "Install-Module -Name MicrosoftTeams -AllowPrerelease -AllowClobber -Force -MinimumVersion System.Collections.Hashtable" in an elevated PowerShell window.
Would you like to attempt installation now? (Y|N): Y
Install-Module: Cannot process argument transformation on parameter 'MinimumVersion'. Cannot create object of type "System.Version". The MinimumVersion property was not found for the System.Version object. The available property is: [Major <System.Int32>] , [Minor <System.Int32>] , [Build <System.Int32>] , [Revision <System.Int32>] , [MajorRevision <System.Int16>] , [MinorRevision <System.Int16>]
Connecting to Microsoft Graph
Welcome To Microsoft Graph!
Get-MgOrganization_List: C:\temp\365Inspect\365Inspect.ps1:71
Line |
71 | $global:orgInfo = ((Get-MgOrganization).VerifiedDomains | …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Method not found: 'System.Net.Http.HttpClient
| Microsoft.Graph.PowerShell.Authentication.Helpers.HttpHelpers.GetGraphHttpClient(System.Management.Automation.InvocationInfo,
| Microsoft.Graph.PowerShell.Authentication.IAuthContext)'.
Connecting to Microsoft Graph Failed.
Write-Error: C:\temp\365Inspect\365Inspect.ps1:292
Line |
292 | Connect-Services
| ~~~~~~~~~~~~~~~~
| Cannot index into a null array.
Describe the bug
AdminUsersWithNoMFAEnforced.ps1 returns the following error:
WARNING: Error message: Cannot bind argument to parameter 'DirectoryRoleId' because it is an empty string.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A list of accounts with admin roles assigned that do not have MFA enabled.
Desktop
Additional context
Error Log:
Error time: 08/11/2023 11:13:35
Error message: Cannot bind argument to parameter 'DirectoryRoleId' because it is an empty string.
Error exception: System.Management.Automation.ParameterBindingValidationException: Cannot bind argument to parameter 'DirectoryRoleId' because it is an empty string.
at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
Failed script: [REDACTED]\Security\Office365\Test\365Inspect-main\inspectors\AdminUsersWithNoMFAEnforced.ps1
Failed at line number: 29
Failed at line: $roleMembers = Get-MgDirectoryRoleMember -DirectoryRoleId $RID
Describe the bug
Get-SafeAttachmentPolicy is not longer present in the installed modules.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I expected that the cmdlets would be present.
Desktop (please complete the following information):
Edition Windows 10 Pro
Version 21H1
Installed on 17/02/2021
OS build 19043.1706
Experience Windows Feature Experience Pack 120.2212.4170.0
Powershell Version
Name Value
PSVersion 5.1.19041.1682
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.1682
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Additional context
I also found that cmdlets such as Get-SafeLinksPolicy and Get-SafeAttachmentPolicy were not found, although 365inspect did seem to manage to find and run them.
Thanks
So I've just run this again for the first time in a few weeks, and I’m receiving the following errors re Sharepoint:
I don't recall seeing the same output when I ran a while back. Also, the tool keeps prompting me to install the AzureADPreview module every time I run it, even though it appears to install when I select "Y" when prompted during the initial run.
after installing the modules and updating the exchangeonline
when running this command
.\365Inspect.ps1 -OutPath ..\365_report -UserPrincipalName [email protected] -Auth MFA
the below error appears
Connecting to Exchange Online
Connecting to Exchange Online Failed.
Connect-Services : Cannot bind parameter because parameter 'ExchangeEnvironmentName' is specified more than once. To provide multiple values to parameters that can accept
multiple values, use the array syntax. For example, "-parameter value1,value2,value3".
At C:\Users\dina\Documents\365Inspect-main\365Inspect.ps1:489 char:9
Connect-Services
~~~~~~~~~~~~~~~~
Hi Guys,
I have found how to add the Custom Location Script You can add an optional parameter in the script with the location. Get-Child Item also works with a saved variable. I have tested the line outside of the script and it seems to work. Here is the code underneath. The directory must contain all the .ps1 files and .json files to correctly work.
POWERSHELL PART .PS1
if ($ScriptLocation -eq ''){
try{
If ($excluded_inspectors -and $excluded_inspectors.Count){
$excluded_inspectors = foreach ($inspector in $excluded_inspectors){"$inspector.ps1"}
$inspectors = (Get-ChildItem .\inspectors\*.ps1 -exclude $excluded_inspectors).Name | ForEach-Object { ($_ -split ".ps1")[0] }
}
else {
$inspectors = (Get-ChildItem .\inspectors\*.ps1).Name | ForEach-Object { ($_ -split ".ps1")[0] }
}
}catch{
'An Error Occured trying to find the Inspectors in $inspectors'
}
}else{
try{
If ($excluded_inspectors -and $excluded_inspectors.Count){
$excluded_inspectors = foreach ($inspector in $excluded_inspectors){"$inspector.ps1"}
$inspectors = (Get-ChildItem -Path $ScriptLocation -exclude $excluded_inspectors).Name | ForEach-Object { ($_ -split ".ps1")[0] }
}
else {
$inspectors = (Get-ChildItem $ScriptLocation\*.ps1).Name | ForEach-Object { ($_ -split ".ps1")[0] }
}
}catch{
'An Error Occured trying to find the Inspectors in $inspectors'}
}
POWERSHELL PART .JSON
# For every inspector the user wanted to run...
ForEach ($selected_inspector in $selected_inspectors) {
# ...if the user selected a valid inspector...
If ($inspectors.Contains($selected_inspector)) {
Write-Output "Invoking Inspector: $selected_inspector"
if ($ScriptLocation -eq '') {
try {
# Get the static data (finding description, remediation etc.) associated with that inspector module.
$finding = Get-Content .\inspectors\$selected_inspector.json | Out-String | ConvertFrom-Json
# Invoke the actual inspector module and store the resulting list of insecure objects.
$finding.AffectedObjects = Invoke-Expression ".\inspectors\$selected_inspector.ps1"
}
catch {
'An Error Occured trying to open the .json files in $finding'
}
}
else {
try {
$finding = Get-Content $ScriptLocation\$selected_inpsector.json | Out-String | ConvertFrom-Json
$finding.AffectedObjects = Invoke-Expression "$ScriptLocation\$selected_inspector.ps1"
}
catch { 'An Error Occured trying to find the affected objects $finding' }
}
# Add the finding to the list of all findings.
$findings += $finding
}
}
Let me know if you find this useful.
I get the following error once I get to sharepoint
Connecting to SharePoint Service
Connecting to SharePoint Service Failed.
Write-Error: C:\temp\365Inspect-main\365Inspect.ps1:387
Line |
387 | Connect-Services
| ~~~~~~~~~~~~~~~~
| Could not load file or assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral,
| PublicKeyToken=0a613f4dd989e8ae'. Could not find or load a specific file. (0x80131621)
During an analysis, we identified that there are several of the inspectors that properly pull information regarding the tenant and report the issue, however the MS "secure defaults" setting overrides these individual parameters, an example is the setting for user MFA. The inspector for MFA properly reports that there are users with no MFA enforced, but with the Secure Defaults setting enabled it properly restricts MFA across the tenant. Another example is the use of legacy authentication like IMAP, also disabled by secure defaults, but still shows up as a finding from the inspector.
Not sure how to properly get a list of all of the settings that it changes (or doesn't impact) to have it reflect in the results. Maybe the first check should be the secure defaults and if enabled it modifies the list of inspectors needed?
Describe the bug
When you export to a CSV or XML, because of the column limit the Finding, AffectedObjects, Remediation and References property will bug the whole CSV file.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clean CSV file where you eventually could convert to colums by selecting the , delimiter.
Desktop (please complete the following information):
Additional context
To make it work properly you can comment out the Finding, AffectedObjects, Remediation and References Add-Member scripts at both XML and CSV to get a clean .CSV file.
Any suggestions connecting to a specific tenant with same username and MFA? I have attempted using the UPN as a login so it wouldn't be the same as the user logon name, but unsuccessful. I am able to grab partial data if I use Connect-AzureAD with Tenant-ID, but the Connect-MSOLService does not allow a specific -TenantID.
Describe the bug
When I export the Report.html file to another Windows computer, the report does not build the Risk Severity and Risk Distribution charts, the rest of the Report.html is compiled correctly. I also exported the entire folder with the zip file, but the final result is the same.
To Reproduce
Steps to reproduce the behavior:
Hi, we are loving 365Inspect.
As a new feature request, would it be possible to get the report output into CSV format?
Ideally taking the Findings Summary table at the top and including the O365 Audit Findings within the item rows.
I have included the image to what I think would be useful, this CSV could then be included into something like PowerBI for reporting.
Thanks in advance!
Describe the bug
The Inspect-AZPSAssignment and Inspect-AZPSModules Inspectors are not working correctly anymore as the corresponding app has been renamed
Additional context
The app has been renamed from Microsoft Graph PowerShell to Microsoft Graph Command Line Tools
Issue
Sharepoint Online will not connect in the latest script if Exchange Hybrid ist configured.
Reason
The OrgName is now generated automatically within the script based on Information from Line 72
$global:orgInfo
= ((Get-MgOrganization).VerifiedDomains | Where-Object { $_.Name -match 'onmicrosoft.com' })[0].Name`
In the case of Exchange Hybrid the verified Domain will be [OrgName].mail.onmicrosoft.com
In Line 90 before the Script tries to connect to SPO it populates the OrgName by splitting this line:
$org_name = ($global:orgInfo -split '.onmicrosoft.com')[0]
The result in a Exchange Hybrid Tenant would be "Contoso.mail" but it should be Contoso
The Connect to SPO would not work because the Connection String would be
Connect-SPOService -Url "https://contoso.mail-admin.sharepoint.com"
It should be
Connect-SPOService -Url "https://contoso-admin.sharepoint.com"
Solution
Modify Line 90 like this:
$org_name = ($global:orgInfo -split "\.")[0]
Is your feature request related to a problem? Please describe.
As written in README it requires excessive privileges and sometimes it's not possible to have Administrator privilege.
Describe the solution you'd like
Can we not use Microsoft Graph and just use ReadOnly
permission?
Hi All,
I came across this script and thought to try it out. Unfortunately, I am having trouble with running the script.
As per the instructions in the manual, I cloned the repo and executed the script with the parameters defined.
I thought this might have been the issue with the Windows 11 installation that I had so I created a new vm and installed a fresh copy of Windows 11.
Then, I downloaded and installed PowerShell 7.3.4 as a msi package from Microsoft.
Next, I opened a non-admin PowerShell window and executed the script with the parameters defined.
.\365Inspect.ps1 -OrgName <OrgName> -OutPath <path> -UserPrincipalName <USERNAME> -Auth MFA
The script goes through and installs all the required modules.
I close the PowerShell window and open a new one. Run the script using the above with parameters filled in, then get the following error:
The script executes with the following:
MSOnline is installed.
AzureADPreview is installed.
ExchangeOnlineManagement is installed.
Microsoft.Online.SharePoint.PowerShell is installed.
Microsoft.Graph is installed.
Microsoft.Graph.Intune is installed.
PnP.PowerShell is installed.
MicrosoftTeams is installed.
Connecting to Azure Active Directory
Connecting to Azure Active Directory Failed. Exiting...
And then throws the below error:
Write-Error: C:\temp\365Inspect\365Inspect.ps1:198
Line |
198 | Connect-Services
| ~~~~~~~~~~~~~~~~
| The term 'Connect-AzureAD' is not recognized as a name of a cmdlet, function, script file, or executable
| program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
| again.
Not sure what I am doing wrong. Can anyone help please?
Edit:
When I ran the script with -Auth ALREADY_AUTHED the script executed (because it wasn't trying to connect to AzureAD) however some other cmdlets did not load.
Edit 2:
After running the script with MFA, I tried:
Connect-AzureAd
Got an error:
connect-azuread: The term 'connect-azuread' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
So I tried to manually import this by running:
Import-Module AzureAdPreview
This returned no errors so proceeded with Connect-AzureAd
and then got the following:
Connect-AzureAD: One or more errors occurred. (Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.): Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
Connect-AzureAD: One or more errors occurred. (Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.)
Connect-AzureAD: Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
Connect-AzureAD: One or more errors occurred. (Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.): Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
Anyone know anything about that?
Thanks.
Hello,
When the script is executed in PowerShell ISE it works normally like it should. But when I execute it at PowerShell, CMD or Windows Terminal it does not ask for authentication and goes straight to trying to run the inspectors but fails of course, because it is not authenticated.
Just reporting this. I will also look in this to see if I can find the problem.
Maybe an suggestion is to create more methods inside and then first executing the methods and do some validation on the methods and ignore execution of some methods if parameters are provided.
~Leonardo
Hi all,
first of all thanks a lot for the script which helped me a lot of quickly auditing a tenant.
My onliest error that occurs on 3-4 times during the whole script is the following: The Write-ErrorLog.ps1 Script was not found in the .\Inspector folder -> and that's correct there is no Write-Error Script. The expression in the script who invoke these lines is:
$finding.AffectedObjects = Invoke-Expression ".\inspectors$selected_inspector.ps1"
It not seems to be correct :)
Describe the bug
The 365Inspect script does not work when executing from pwsh 7.3.4
To Reproduce
Steps to reproduce the behavior:
Install-Module -Name ExchangeOnlineManagement -AllowPrerelease -AllowClobber -Force -RequiredVersion 2.0.5
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -AllowPrerelease -AllowClobber -Force -RequiredVersion 16.0.22601.12000
Install-Module -Name Microsoft.Graph -AllowPrerelease -AllowClobber -Force -RequiredVersion 1.9.6
Install-Module -Name MicrosoftTeams -AllowPrerelease -AllowClobber -Force -RequiredVersion 4.4.1
git clone <package url>
and then cd 365Inspect
.\365Inspect.ps1 -OutPath <outpath> -UserPrincipalName <upn> -Auth MFA
Expected behavior
The script should execute.
Outputs
Verifying environment.
[+] ExchangeOnlineManagement is installed.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:176
Line |
176 | … Import-Module -Name $module.Name -UseWindowsPowerShell
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'ExchangeOnlineManagement': The specified module
| 'ExchangeOnlineManagement' was not loaded because no valid module file was found in any module directory.
[+] Microsoft.Online.SharePoint.PowerShell is installed.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:176
Line |
176 | … Import-Module -Name $module.Name -UseWindowsPowerShell
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'Microsoft.Online.SharePoint.PowerShell': The specified module
| 'Microsoft.Online.SharePoint.PowerShell' was not loaded because no valid module file was found in any module
| directory.
[+] Microsoft.Graph is installed.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:195
Line |
195 | … Import-Module -Name Microsoft.Graph.Identity.DirectoryMan …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'Microsoft.Graph.Identity.DirectoryManagement': The specified
| module 'Microsoft.Graph.Identity.DirectoryManagement' was not loaded because no valid module file was found in
| any module directory.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:196
Line |
196 | … Import-Module -Name Microsoft.Graph.Identity.SignIns -Use …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'Microsoft.Graph.Identity.SignIns': The specified module
| 'Microsoft.Graph.Identity.SignIns' was not loaded because no valid module file was found in any module directory.Import-Module: C:\temp\365Inspect\365Inspect.ps1:197
Line |
197 | … Import-Module -Name Microsoft.Graph.Users -UseWindowsPowe …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'Microsoft.Graph.Users': The specified module
| 'Microsoft.Graph.Users' was not loaded because no valid module file was found in any module directory.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:198
Line |
198 | … Import-Module -Name Microsoft.Graph.Applications -UseWind …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'Microsoft.Graph.Applications': The specified module
| 'Microsoft.Graph.Applications' was not loaded because no valid module file was found in any module directory.
[+] MicrosoftTeams is installed.
Import-Module: C:\temp\365Inspect\365Inspect.ps1:176
Line |
176 | … Import-Module -Name $module.Name -UseWindowsPowerShell
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Failure from remote command: Import-Module -Name 'MicrosoftTeams': The specified module 'MicrosoftTeams' was not
| loaded because no valid module file was found in any module directory.
Dependency checks failed. Please install all missing modules before running this script.
Press Enter to Exit:
However, Get-InstalledModule
returns the following:
Version Name Repository Description
------- ---- ---------- -----------
2.0.5 ExchangeOnlineManagement PSGallery This is a General Availability (GA) rele…
1.9.6 Microsoft.Graph PSGallery Microsoft Graph PowerShell module
1.9.6 Microsoft.Graph.Applications PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Authentication PSGallery Microsoft Graph PowerShell Authenticatio…
1.9.6 Microsoft.Graph.Bookings PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Calendar PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.ChangeNotifications PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.CloudCommunications PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Compliance PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.CrossDeviceExperie… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DeviceManagement PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DeviceManagement.A… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DeviceManagement.A… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DeviceManagement.E… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DeviceManagement.F… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Devices.CloudPrint PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Devices.CorporateM… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Devices.ServiceAnn… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.DirectoryObjects PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Education PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Files PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Financials PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Groups PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Identity.Directory… PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Identity.Governance PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Identity.SignIns PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Mail PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Notes PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.People PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.PersonalContacts PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Planner PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Reports PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.SchemaExtensions PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Search PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Security PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Sites PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Teams PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Users PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Users.Actions PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.Users.Functions PSGallery Microsoft Graph PowerShell Cmdlets
1.9.6 Microsoft.Graph.WindowsUpdates PSGallery Microsoft Graph PowerShell Cmdlets
16.0.22601.12000 Microsoft.Online.SharePoint.PowerS… PSGallery Microsoft SharePoint Online Services Mod…
4.4.1 MicrosoftTeams PSGallery Microsoft Teams cmdlets module for Windo…
Desktop (please complete the following information):
Additional context
This is a freshly installed Windows 11 VM that only has pwsh 7.3.4 installed.
No Windows Updates have been run or installed
Windows Updates are disabled
Hello,
I found some bugs and enhancements that could be done:
Bugs:
Write-Output "Connecting to SharePoint Service"
Connect-SPOService -Url https://$org_name-admin.sharepoint.com
Not using "" because this is not needed.
Enhancements:
Write-Output "Connecting to IPPSSession..."
Connect-IPPSSession
I made a fresh install of the necessary Powershell Modules. With the latest Exchange Online Management Module (3.5.0) installed I got an Error when the Script tries "Connect-MgGraph". The Error was like "Dependency not found".
After installing the prior EXO Module 3.4.0 it works as expected.
`PS C:\Users\User\OneDrive\Documents\365Inspect-main> .\365Inspect.ps1 -OrgName mycompany -OutPath ..\365_report -Auth MFA
At C:\Users\User\OneDrive\Documents\365Inspect-main\365Inspect.ps1:50 char:35
[string[]] $SelectedInspectors = @(),
The assignment expression is not valid. The input to an assignment operator must be an object that is able to accept assignments, such as a variable or a property.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : InvalidLeftHandSide`
Is there a way to add the following in the report extra:
I want to add the information in the .json file when necessary to make the report a bit more detailed.
Let me know if it's possible.
For example the HTML report now has not a value for default value or expected value.
in the .JSON this is easy added by adding the option and hard-code the text into it when necessary. PowerShell wise I do not know where it could be added.
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Out-File : Cannot perform operation because the wildcard path C:\AsterM365InspectorTool\Out\[VULNERABLE] - Tenant contains users without MFA. Considering
enabling MFA for all users. did not resolve to a file.
At line:172 char:31
+ ... $finding.AffectedObjects | Out-File -FilePath $out_path\$fname
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (C:\AsterM365Ins... for all users.:String) [Out-File], FileNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
Cannot find an overload for "Replace" and the argument count: "2".
At line:177 char:5
+ ... $affected_object_html += $templates.AffectedObjectsTempla ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
It seems that At line:177 char:5 there is sometimes a problem with the overload as well as At line:172 char:31 not processing The $fname correctly. I think this is due the output.
I will provide the .json file in the next comment.
Describe the bug
The SharePoint Connect command is failing due to error in the URL string.
Error:
Connect-SPOService : Could not connect to SharePoint Online.
Connect-SPOService -Url "https://$org_name-admin.sharepoint
$org_name is also incorrect as it contains .onmicrosoft.com.
SharePoint URL should be like: https://contoso-admin.sharepoint.com
My nasty fix using sub string
$length = $org_name.length
$pos=$length - 16
$org_name_short = $org_name.substring(0, $pos)
$spURL = "https://" + $org_name_short + "-admin.sharepoint.com"
Connect-SPOService -Url $spURL
When executing 365inspect and the parameters using Powershell 7.3.5 not able to select MGProfiles as seen below from the output.
Verifying environment.
Environment is 7.3.5
[+] PowerShellGet is installed.
Importing PowerShellGet
Environment is 7.3.5
[+] ExchangeOnlineManagement is installed.
Inporting ExchangeOnlineManagement
Importing Microsoft.Graph
Environment is 7.3.5
[+] Microsoft.Graph is installed.
Inporting ExchangeOnlineManagement
Importing Microsoft.Graph
Environment is 7.3.5
[+] Microsoft.Online.SharePoint.PowerShell is installed.
Importing Microsoft.Online.SharePoint.PowerShell
Environment is 7.3.5
[+] MicrosoftTeams is installed.
Importing MicrosoftTeams
Connecting to Microsoft Graph
Welcome To Microsoft Graph!
Connecting to Microsoft Graph Failed.
Write-Error: C:\365inspect\365Inspect.ps1:294
Line |
294 | Connect-Services
| ~~~~~~~~~~~~~~~~
| The term 'Select-MgProfile' is not recognized as a name of a cmdlet, function, script file, or executable
| program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
| again.
PS C:\365inspect>
It has worked on earlier versions of the 365Inspect but not with the most updated one with some changes and modifications.
I ran .\microsoft365-assessment.exe, but it says "Error creating report for this Microsoft 365 Assessment due to error: Assessment "omitted"
"was not Finished or Paused, can't export the data" was displayed. I hope for a solution.
Does this work in M365 GCC High?
Describe the bug
Connect-Services : Cannot process argument transformation on parameter 'ExchangeEnvironmentName'. Cannot convert null to type
"Microsoft.Exchange.Management.RestApiClient.ExchangeEnvironment" due to enumeration values that are not valid. Specify one of the
following enumeration values and try again. The possible enumeration values are
"O365Default,O365GermanyCloud,O365USGovGCCHigh,O365USGovDoD,O365China"..
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Environment is 5.1.22621.2506
[+] PowerShellGet is installed.
Importing PowerShellGet
Environment is 5.1.22621.2506
[+] ExchangeOnlineManagement is installed.
Importing ExchangeOnlineManagement
Environment is 5.1.22621.2506
[+] Microsoft.Graph is installed.
Importing Microsoft.Graph
Environment is 5.1.22621.2506
[+] MicrosoftTeams is installed.
Importing MicrosoftTeams
Connecting to Microsoft Graph
Welcome to Microsoft Graph!
Connected via delegated access using xxxxxxxxxxxxx
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs
NOTE: You can use the -NoWelcome parameter to suppress this message.
Connected via Graph to Directory predefinita
Connecting to Security and Compliance Center
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Is your feature request related to a problem? Please describe.
I want to create an automation task which can run this script using an access token against the respective Microsoft account.
Describe the solution you'd like
I want to run this script on behalf of clients, hence using the access token generated using OAuth. Hence, we can just pass access token and have the script run against the respective Microsoft account.
Describe alternatives you've considered
I need to perform this action on behalf of my clients.
I am considering the approach of using access tokens generated using OAuth authorization code flow, but I am unable to find any documentation which helps establishing connection using access tokens.
Is this even the right way?
Could anyone guide on how one should run this tool on behalf of clients in an automated way.
Currently I have managed to use access token only for Connect-MgGraph by modifying the Connect-Services function
Function Connect-Services {
# Log into every service prior to the analysis.
If ($auth -EQ "MFA") {
Try {
Write-Output "Connecting to Microsoft Graph"
Connect-MgGraph -AccessToken $access_token
If ((Get-Module -Name Microsoft.Graph.Authentication) -lt [version]2.0.0){
Select-MgProfile -Name beta -Verbose
}
$global:orgInfo = Get-MgOrganization
$global:tenantDomain = (($global:orgInfo).VerifiedDomains | Where-Object { ($_.Name -like "*.onmicrosoft.com") -and ($_.Name -notlike "*mail.onmicrosoft.com") }).Name
Write-Output "Connected via Graph to $(($global:orgInfo).DisplayName)"
}
Catch {
Write-Output "Connecting to Microsoft Graph Failed."
Write-Error $_.Exception.Message
Break
}
}
How can we achieve the same for Connect-SPOService, Connect-MicrosoftTeams, Connect-IPPSSession and Connect-ExchangeOnline.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.