Internal-Support-Scripts/ecsm-365groups-requiresenderauth.ps1 at master · exclaimerltd/Internal-Support-Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#
<#
.SYNOPSIS
    Sets the RequireSenderAuthenticationEnabled field to $false for all Office 365 Groups
.DESCRIPTION
    If the field is set to true it can cause the issue outlined here
    (https://cloudsupport.exclaimer.com/hc/en-us/articles/207803529-Messages-sent-to-SharePoint-or-Office-365-groups-generate-an-NDR)

    This script aims to achieve the steps in that guide en masse
.NOTES
    Email: helpdesk@exclaimer.com
    Date: 30th August 2017
.PRODUCTS
    Exclaimer Cloud - Signature for Office 365
.REQUIREMENTS
    - Global Administrator Account
#>

#>
function basic-auth-connect {
    $LiveCred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    Import-PSSession $Session
}

function modern-auth-mfa-connect {
    Import-Module ExchangeOnlineManagement
    $upn = Read-Host ("Enter the UPN for your Global Administrator")
    Connect-ExchangeOnline -UserPrincipalName $upn
}

function modern-auth-no-mfa-connect {
    Import-Module ExchangeOnlineManagement
    $LiveCred = Get-Credential
    Connect-ExchangeOnline -Credential $LiveCred
}

function o365_gather {
    # Check for O365 group
    $groups = Get-UnifiedGroup -filter * | ? {$_.RequireSenderAuthenticationEnabled -eq $true}

    If ($Ogroups -ne $null) {
    Write-Host ("Below are the Office 365 groups with the RequireSenderAuthenticationEnabled field set to true") -ForegroundColor Green
    Write-Host ("####") -ForegroundColor Green
    Write-Host ("")
    Write-Output $OGroups | Select Name,RequireSenderAuthenticationEnable | Format-Table
    Write-Host ("")
    Write-Host ("####") -ForegroundColor Green
    }
    Else {
        Write-Host ("There are no groups with RequireSenderAuthenticationEnabled set to true") -ForegroundColor Green
        Write-Host ("The script will now end") -ForegroundColor Green
        Return
        }
}

function o365_change {
    $change = Read-Host ("Do you want to change these groups to false? Y/n")

    If ($change -eq "y") {
        $Ogroups | Set-UnifiedGroup -RequireSenderAuthenticationEnabled $false
        Write-Host ("Group Changes Complete!")
    }
}

$authtype = Read-Host ("Do you have basic auth enabled? Y/n")

If ($authtype -eq "y") {
    basic-auth-connect
}
Else {
    $mfa = Read-Host ("Do you have MFA enabled? Y/n")
    if ($mfa -eq "y") {
        modern-auth-mfa-connect
    }
    Else {
        modern-auth-no-mfa-connect
    }
}

o365_gather
o365_change

Remove-PSSession $Session
Write-Host ("Script Complete!") -ForegroundColor Green