This script checks which Microsoft Defender for Office 365 and Exchange Online Protection threat policies cover a particular user, including anti-malware, anti-phishing, inbound and outbound anti-spam, as well as Safe Attachments and Safe Links policies in case these are licensed for your tenant.
In addition, the script can check for threat policies that have inclusion and/or exclusion settings that may be redundant or confusing and lead to missed coverage of users or coverage by an unexpected threat policy.
To check all threat policies for potentially confusing user inclusion and/or exclusion conditions and print them out for review, run the following:
.\MDOThreatPolicyChecker.ps1
Example output:
To provide a CSV input file with email addresses and see both EOP and MDO policies, run the following: .\MDOThreatPolicyChecker.ps1 -CsvFilePath [Path\filename.csv] -IncludeMDOPolicies
Example output:
To provide multiple email addresses by command line and see only EOP policies, run the following: .\MDOThreatPolicyChecker.ps1 -EmailAddresses user1@domainX.com,user2@domainY.com
Example output:
To see the details of the policies for EOP, run the following:
.\MDOThreatPolicyChecker.ps1 - EmailAddresses user1@domainX.com,user2@domainY.com -IncludeMDOPolicies -ShowDetailedPolicies
This script checks which Microsoft Defender for Office 365 and Exchange Online Protection threat policies cover a particular user, including anti-malware, anti-phishing, inbound and outbound anti-spam, as well as Safe Attachments and Safe Links policies in case these are licensed for your tenant. In addition, the script can check for threat policies that have inclusion and/or exclusion settings that may be redundant or confusing and lead to missed coverage of users or coverage by an unexpected threat policy.
To check all threat policies for potentially confusing user inclusion and/or exclusion conditions and print them out for review, run the following: .\MDOThreatPolicyChecker.ps1 Example output:
To provide a CSV input file with email addresses and see both EOP and MDO policies, run the following: .\MDOThreatPolicyChecker.ps1 -CsvFilePath [Path\filename.csv] -IncludeMDOPolicies Example output:
To provide multiple email addresses by command line and see only EOP policies, run the following: .\MDOThreatPolicyChecker.ps1 -EmailAddresses user1@domainX.com,user2@domainY.com Example output:
To see the details of the policies for EOP, run the following: .\MDOThreatPolicyChecker.ps1 - EmailAddresses user1@domainX.com,user2@domainY.com -IncludeMDOPolicies -ShowDetailedPolicies
Continuation of #2097