Modern PowerShell scripting APIs, like MS Graph PowerShell and Exchange Online Management (v2.0.3 or later), allow for automation – even in an MFA-secured environment.
After you have set up all requirements for automated scripting, you can easily schedule scripts from one or more automation servers.
But how do you keep track of changes made by the scripts?
The Office 365 Management Tool for Active Directory
Perform All Daily Office 365 Management Directly From AD
Remove Your On-Premises Exchange Server
How to Identify Automated Script Changes
All automated scripts running via App Registrations are logged in the Azure Unified Audit-Log.
The ID of the scripts is composed of the organization name and the AppId from the Azure App.
In this article, we set up an Azure App with the following ID: “81d79cde-c79e-4608-ba15-8d1e66eab6bc”.
In that case the audit log can be filtered using the following ID: “skrubbeltrang.onmicrosoft.com\81d79cde-c79e-4608-ba15-8d1e66eab6bc”:
$AuditLog = Search-UnifiedAuditLog -StartDate "2022-09-19" -EndDate "2022-09-21" -UserIds "skrubbeltrang.onmicrosoft.com\81d79cde-c79e-4608-ba15-8d1e66eab6bc" -ResultSize 5000
$ConvertAudit = $AuditLog | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,ClientIP,Parameters | ftThe output will show you in what actions (exact command and parameters!) were performed using the Azure Application identity:
PS C:\> $ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,ClientIP,Parameters | ft
CreationTime UserId Operation Workload ObjectId ClientIP Parameters
------------ ------ --------- -------- -------- -------- ----------
2022-09-20T07:10:09 skrubbeltrang.onmicrosoft.com\81d79cde-c79e-4608-ba15-8d1e66eab6bc Set-Mailbox Exchange Lene Hau 12.7.47.34:40182 {@{Name=Identity; Value=lene.hau}, @{Name=GrantSendOnBehalfTo; Value=hans.ussing}}
2022-09-20T06:55:58 skrubbeltrang.onmicrosoft.com\81d79cde-c79e-4608-ba15-8d1e66eab6bc Set-Mailbox Exchange Lene Hau 12.7.47.34:19333 {@{Name=Identity; Value=lene.hau}, @{Name=GrantSendOnBehalfTo; Value=hans.c.orsted}} If you’re traversing large amounts of data, you may need to tweak your way around the limitations of the Search-UnifiedAuditLog CmdLet.
Read this article for a thorough walkthrough of effective unified audit log parsing.
Consolidate AD and Office 365 Management
Hybrid Office 365 management is a real pain to many companies and organizations.
More and more are starting to consolidate AD and Office 365 management.
Most solutions introduce new web applications, are difficult to learn, and cost a fortune.
However, one solution exists that simply extends the functionality of AD Users & Computers – the admin tool loved by admins for more than two decades.
With Easy365Manager you get extra tabs on user properties that address all your needs for daily management of Office 365 and Exchange Online:
With these new tabs, anyone, including your junior IT supporters, can start setting up user calendar permissions. Something that normally requires second-level PowerShell scripting skills:
Easy365Manager is a simple .dll extension to AD Users & Computers.
It requires no infrastructure changes and can be installed in less than a minute.