For full license details, please visit Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Get-AdminRoleUserLicense
Synopsis
Retrieves user licenses and roles for administrative accounts from Microsoft 365 via the Graph API.
Invoke-M365SecurityAudit
Synopsis
Invokes a security audit for Microsoft 365 environments.
Syntax
Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -ELevel <string> -ProfileLevel <string> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-ELevel <String>] [-ProfileLevel <String>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -IncludeIG1 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG1] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -IncludeIG2 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG2] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -IncludeIG3 [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG3] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -IncludeRecommendation <string[]> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <string> -DomainName <string> -SkipRecommendation <string[]> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-SkipRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]
Parameters
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| TenantAdminUrl | The URL of the tenant admin. This parameter is mandatory. | true | false | ||
| DomainName | The domain name of the Microsoft 365 environment. This parameter is mandatory. | true | false | ||
| ELevel | Specifies the E-Level \(E3 or E5\) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. | false | false | ||
| ProfileLevel | Specifies the profile level \(L1 or L2\) for the audit. This parameter is optional and can be combined with the ELevel parameter. | false | false | ||
| IncludeIG1 | If specified, includes tests where IG1 is true. | false | false | False | |
| IncludeIG2 | If specified, includes tests where IG2 is true. | false | false | False | |
| IncludeIG3 | If specified, includes tests where IG3 is true. | false | false | False | |
| IncludeRecommendation | Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. | false | false | ||
| SkipRecommendation | Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. | false | false | ||
| DoNotConnect | If specified, the cmdlet will not establish a connection to Microsoft 365 services. | false | false | False | |
| DoNotDisconnect | If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. | false | false | False | |
| NoModuleCheck | If specified, the cmdlet will not check for the presence of required modules. | false | false | False | |
| WhatIf | wi | false | false | ||
| Confirm | cf | false | false |
Inputs
- None. You cannot pipe objects to Invoke-M365SecurityAudit.
Outputs
- CISAuditResult[] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.
Note
- This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. - Commercial use is not permitted. This module cannot be sold or used for commercial purposes. - Modifications and sharing are allowed under the same license. - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks
Examples
EXAMPLE 1
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
EXAMPLE 2
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
Performs an audit including all tests where IG1 is true.
EXAMPLE 3
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
EXAMPLE 4
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation
Captures the audit results into a variable and exports them to a CSV file.
Links
| Name | Alias | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| Confirm | cf | false | false | ||
| DoNotConnect | None | false | false | ||
| DoNotDisconnect | None | false | false | ||
| DomainName | None | true | false | ||
| ELevel | None | true | false | ||
| IncludeIG1 | None | true | false | ||
| IncludeIG2 | None | true | false | ||
| IncludeIG3 | None | true | false | ||
| IncludeRecommendation | None | true | false | ||
| NoModuleCheck | None | false | false | ||
| ProfileLevel | None | true | false | ||
| SkipRecommendation | None | true | false | ||
| TenantAdminUrl | None | true | false | ||
| WhatIf | wi | false | false |
Sync-CISExcelAndCsvData
Synopsis
Synchronizes data between an Excel file and a CSV file and optionally updates the Excel worksheet.
Inputs
- None. You cannot pipe objects to Sync-CISExcelAndCsvData.
Outputs
- Object[] If the SkipUpdate switch is used, the function returns an array of custom objects representing the merged data.
Note
- Ensure that the 'ImportExcel' module is installed and up to date. - It is recommended to backup the Excel file before running this script to prevent accidental data loss. - This function is part of the CIS Excel and CSV Data Management Toolkit.
Examples
EXAMPLE 1
Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv" Merges data from 'data.csv' into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv"
Merges data from 'data.csv' into 'excel.xlsx' on the 'DataSheet' worksheet and updates the worksheet with the merged data.
EXAMPLE 2
$mergedData = Sync-CISExcelAndCsvData -ExcelPath "path\to\excel.xlsx" -WorksheetName "DataSheet" -CsvPath "path\to\data.csv" -SkipUpdateRetrieves the merged data object for preview without updating the Excel worksheet.
Retrieves the merged data object for preview without updating the Excel worksheet.