Powershell & Exchange Online

cmdlts: get, set, new, enable, disable

 

Recipients:

get-msluser
new-msoluser -lastname test -firstname userxx – …just copy from example

Then assign license:

get-msolaccountsku list licenses
set-msol -uselicense -userprinciplename insert email address etc -addlicenses etc | set (and then set the license..)

so, get mailbox user, then pipe it to whatever:
get-mailbox whoever | set-mailbox -prohibit…

get-distributiongroup

Resource mailboxes established in Exchange
new-mailbox -room
new-mailbox -shared
get-mailbox whoever | add-mailboxpremission -user admin -accessrights fullaccess
mail contact is just a contact
mail user doesn;t have a mailbox but does have permissions

new-mailcontact -externalemailaddress
new-mailuser….. which would have to include passwords etc

PUBLIC FOLDER
want to use recurse and pipe it to whatever – better than EAC

 

Mail Flow:

get-help [cmdlt] -example

get-accepted-domain

-accepted-domain

Azure cmdlts start with MSOL
get-MSOLdomain

new-MSOLdomain fabrikam.com or contoso

get-MSOLdomainverificationDns

set=MSOLdomain -name fabrikan.com -isdefault
get-transportrule
get-transportruleeradicate

get-transportruleactions

get-help new-transportrule -examples

new-transportrule -name “test rule” -FromsScope notinorganisation -sentto “admin@whoever.com -prependsubject “for Admin”

get-messagetrace -senderaddress admin@… -startdate (NB not more than 30 days -enddate (whatever)
get-messagetrackingreport

Outlook web app policies

get-CasMailbox [id]
get-CasMailbox | fl

Sort the policy
get-owamailboxpolicy
set-owamailboxpolicy “testPolic” -allowofflineOn none
get-mobiledevicepolicy
set-mobiledevicepolicy

Assign policy to user
clear-mobiledevice
get-mobiledevice -mailbox

get-mailbox | %{get-mobiledevice -mailbox %.name.name}
Sharing apps
Powershell best for getting detail on apps.

get-app

get-app messageheaderanalyzer | fl *
new-app (usually url)
Role Based Acces Control – RBAC
If you are doing something with RBAC, you need to run:
enable-organizationcustomization
Configuring

get-rolegroup
add-rolegroupmember

get-managementrole

new-rolegroup -name “Address List Admin” -roles “Address Lists” -members admin

get-rolegroup to see address list group added to groups

get-managementroleentry “Address Lists\*”

GAL segmentation:

address list
GAL list
Room List
Offline address list

create address list:
get-help new-addresslist -examples

See address books in technet Exchange Online – good for showing how GAL segmentation works

Configuring Data Loss Prevention DLP
get-dlppolicy
get-dlppolicytemplates

new-dlppolicy -name “US Patriot Act Policy” -Template “U.S. Pattriot Act”
get-dlppolicy

set-dlp-policy “US Patriot Act Policy” Mode Enforce

get-transportrule

Establishing Retention Policies

To create a retention policy:

get-retentionpolicytag
new-retentionpolicy “sales Retention Policy” -Retentionpolicylinks “Inbox-Sales”

set-mailbox alexd -retentionpolicy “Sales Retention Policy”

Notes about Journaling
get-help new-journalrule -examples
get-journalrule

Using eDiscovery

default role group
get-rolegroup
get-rolegroupmember
“Discovery Management”
add-rolegroupmember -identity “Discovery Management” -Member testuser

get-help *search*
get-help new-mailboxsearch -example
get-mailboxsearch lists searches in progress

start-mailboxsearch (check out help on this
****Woah – how to remotely delete email****
search-mailbox “Subject:Hey” -delete (except you need RBAC rights for it)

Audit Reporting

get-adminauditlogconfig (use to disable admin logs if you need)
set-adminauditlogconfig

get-help *audit*

search -adminauditlog (use help to find what)
Exchange Online Protection EOP

get-help *malware*
get-malwarefilterpolicy | fl

Connection filter lists?
get-help *connection*

get-hostedconnectionlists

CONTENT FILTER

get-hosted and then try tabbing
QUARANTINE

get-help quarantine*

get-help *report*