Install Exchange Online Powershell Module
To manage Office365 via Powershell, you first need to install exchange online powershell module.
From your management/admin workstation, Open POWERSHELL (Run as Admin) command prompt, & issue below commands
Find-Module -Name ExchangeOnlineManagement Install-Module -Name ExchangeOnlineManagement -Scope AllUsers
- To check if modules are installed … issue below cmd
Get-Command -Module ExchangeOnlineManagement
Result:
#PS C:\> Get-Command -Module ExchangeOnlineManagement CommandType Name Version Source ----------- ---- ------- ------ Function Connect-ExchangeOnline 3.0.0 ExchangeOnlineManagement Function Connect-IPPSSession 3.0.0 ExchangeOnlineManagement Function Disconnect-ExchangeOnline 3.0.0 ExchangeOnlineManagement Function Get-WrappedCommand 3.0.0 ExchangeOnlineManagement Function IsCloudShellEnvironment 3.0.0 ExchangeOnlineManagement Function UpdateImplicitRemotingHandler 3.0.0 ExchangeOnlineManagement Cmdlet Get-ConnectionInformation 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOCasMailbox 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMailbox 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxFolderPermission 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxFolderStatistics 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxPermission 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxStatistics 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXOMobileDeviceStatistics 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXORecipient 3.0.0 ExchangeOnlineManagement Cmdlet Get-EXORecipientPermission 3.0.0 ExchangeOnlineManagement Cmdlet Get-MyAnalyticsFeatureConfig 3.0.0 ExchangeOnlineManagement Cmdlet Get-UserBriefingConfig 3.0.0 ExchangeOnlineManagement Cmdlet Get-VivaInsightsSettings 3.0.0 ExchangeOnlineManagement Cmdlet Set-MyAnalyticsFeatureConfig 3.0.0 ExchangeOnlineManagement Cmdlet Set-UserBriefingConfig 3.0.0 ExchangeOnlineManagement Cmdlet Set-VivaInsightsSettings 3.0.0 ExchangeOnlineManagement
*** Connect with Exchange Online
Once you manage to install the above module, Connect to the Exchange Online service using below cmd, (using your admin account)
Connect-ExchangeOnline -UserPrincipalName youradmin@yourdomain.com
It may ask for confirmation/id , & you will be connected to use different CMD’s as per your requirements,
To confirm if your session is now opened , issue below CMD
Get-PSSession | Select-Object -Property State, Name
Result:
PS C:\> Get-PSSession | Select-Object -Property State, Name State Name ----- ---- Opened ExchangeOnlineInternalSession_1
The term ‘Get-MsolUser’ is not recognized as the name of a cmdlet.
Open Windows PowerShell in administrator mode and run the following command.
Install-Module MSOnline -Force Connect-MsolService
Once you run the above command, it will ask you to enter the credentials, make sure to enter the global Office 365 admin account.
The term ‘Get-AzureADUser’ is not recognized as the name of a cmdlet
Problem :
You might have received the error message “The term Get-AzureADUser is not recognized as the name of a cmdlet” when you run the Azure AD powershell cmdlet Get-AzureADUser to get Office 365 users.
Install AzureAD module:
Open Powershell console with Run as administrator privilege and run the following command:
Install-Module AzureAD -Force
Connect-AzureAD
Get-AzureADUser
Get User Mailbox Basic Detail
Get-Mailbox -Identity YOUR.USERNAME
Get User Mailbox Usage Details
Get-Mailbox -Identity YOUR.USERNAME | Get-MailboxStatistics | Format-Table DisplayName, TotalItemSize, ItemCount -Autosize
Sample Result:
DisplayName TotalItemSize ItemCount
Result:
YOUR.USERNAME – I.S Dept. 5.978 GB (6,418,574,280 bytes) 41325
Get User INBOX RULES DETAILS
get-InboxRule -Mailbox YOUR.USERNAME | Select Name, Description | FL
To Disable Inbox Rules
Get-InboxRule -Mailbox ahmer.wasti | Disable-InboxRule
Get Trusted Senders List from User Outlook settings
(Get-MailboxJunkEmailConfiguration -Identity YOUR.USERNAME).TrustedSendersAndDomains
MESSAGE TRACING from specific Sender with Date Range
Get-MessageTrace -senderAddress "YOUR.USERNAME@example.com" -StartDate 10/04/2022 -EndDate 10/05/2022
Get ForwardingAddress Users only
Get-mailbox -ResultSize Unlimited| where {$_.ForwardingAddress -ne $Null} | select DisplayName,ForwardingAddress
Get User’s Outlook Mail box Blocked Senders
(Get-MailboxJunkEMailConfiguration -Identity "YOUR.USERNAME").BlockedSendersAndDomains
Get users Junk Email config details, like blocked senders, trusted sender, and related settings
(Get-MailboxJunkEMailConfiguration -Identity "YOUR.USERNAME")
Performing Audit Search for User
For aduit search, like what activities were done on specific user inbox, like rule creation , login etc
Login to Microsoft Entra Admin Center, Goto AZURE AD panel & select related function
.
Performing Risky Assesements
Download User PST from Exchange Online / Office365
- Login to Admin portal (https://admin.microsoft.com)
- Click on Compliance,
- New window will appear, Click on CONTENT SEARCH
- Click On Search,
- Click on “Name and description” & Click NEXT
- on Locations, Click on EXCHANGE MAILBOXES, and in front of it, click on CHOOSE USERS, groups and team, & now select desired resigned user
- Click Next
- on Define your search conditions, Click Next
- on “Review your search and create it” Click SUBMIT & click on DONE.
- Now you have to wait few minutes or more , depends on the size of user data, portal will extract its data. It may take some time. Be patience!
- Goto Content Search again, & click on EXPORT, (sort by last date) and you will see your submitted search. Click on it.
- From Action Menu, Click on EXPORT RESULTS
- review the options, & select EXPORT
it will be available for download in Export menu
Delete Email from Particular User or All Inboxes
Some times it is required to delete any particular email that specific user or all users have received, it could be spam or something your management wants to remove as per company policy.
Method#1
- Login to Microsoft Compliance portal ,
- From Left Menu, select CONTENT SEARCH, now on your Right Window, click on NEW SEARCH
- Under Name and description, type any friendly name like Delete Custom Mail & click Next
- Under Locations , Turn on the Exchange mailboxes & click on Choose Users, Groups or Teams, Then select your desired user & click NEXT
- On next Page “Define your search conditions” , click on + Add Condition > Subject (Or your own preference) , & click NEXT
- On next Page “Review your search and create it” , review the config, and & click Submit.
- Now you will see your submitted search on the page
You can also click on REVIEW SAMPLE to check your results, just to confirm if it contains the right one.
To delete the emails, use below CMD (I am using Variables which makes life easier sometimes)
#Define Search NAME $Name = "Delete Custom Mail" # Verify the ComplianceSeach is completed successfully Get-ComplianceSearch $Name # Detail information for search result Get-ComplianceSearch $Name | Select Name, ContentMatchQuery, Items, SuccessResults # View the content, not working at my side (Get-ComplianceSearchAction $Name | Select-Object -ExpandProperty Results) -split "," #Connect to your custom created search result & delete items New-ComplianceSearchAction -SearchName "$Name" -Purge -PurgeType HardDelete
#Define Search / Delete Query via PS Only (No GUI) Risky
# Define Variables #Define Search NAME $Name = "SEARCH NAME" #Define Search Result, like via subject New-ComplianceSearch ` -Name $Name ` -ExchangeLocation YOUR.USERNAME@EXAMPLE.COM ` -ContentMatchQuery '(c:c)(subject="test")' # Start The Search Start-ComplianceSearch -Identity $Name # Verify the ComplianceSeach is completed successfully, its result Get-ComplianceSearch $Name # Detail information for search to see how much search is found Get-ComplianceSearch $Name | Select Name, ContentMatchQuery, Items, SuccessResults # View the content, not working at my end (Get-ComplianceSearchAction $Name | Select-Object -ExpandProperty Results) -split "," #Connect to previously created search and delete items New-ComplianceSearchAction -SearchName "$Name" -Purge -PurgeType HardDelete
O365 – REVOKE M.F.A TOKEN
First connect to AzureAD via powershell (Run as Admin)
Connect-AzureAD
Once you connected the AzureAD module, now run the Get-AzureADUser command to ensure you are connected to AzureAD
Get-AzureADUser
Now run the below command to REVOKE particular user RefreshToken
Get-AzureADUser -ObjectId test.user@yourdomain.com | Revoke-AzureADUserAllRefreshToken
.
Howto enable MFA for user via O365 Admin Portal
2 Steps Method, first enable MFA , second add user mobile phone
*** Step-1 > First enable User MFA in Admin Portal
on search , type user name
select the user & click on ENABLE (froim right side menu)
*** Step-2 > Now add his mobile number in user profile using AzureAd Portal
First login to AZURE AD Admin Portal
Goto Users Tab, & Click on ALL USERS
On right Window where all users are displayed, serch for the required user, & click on it.
it will show that users details
From the menu , select on Authentication Methods (it should be on lower bottom side, in middle colum name overview.)
Enter use Mobile phone which will be receiving user SMS/OTP
View Other User Inbox via Outlook Web
You will need Admin account to perform the permission related work,
- Login to O365 Admin Portal, Goto Active Users,
- Click on required user,
- Goto Mail Tab,
- Under Mailbox permission, Click on Read and manage permissions (0)
- Now click on Add Permissions , & select User who can read inbox of this user, Then Save.
- It may take few minutes to populate permission.
- Afterwards, login to outlook.office365.com & it may open your current user inbox on web,
- On the TOP RIGHT corner, click on your account logo, & select OPEN ANOTHER ACCOUNT , a small dialogure box will appear, Just type in the targer user name (like firstname lastname) , & it iwll open the target user inbox.
Leave a comment