A PowerShell toolbox for Microsoft 365 security fans.
Author: Daniel Chronlund
This PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.
Install the module from the PowerShell Gallery by running:
Install-Module DCToolbox
If you already installed it, update to the latest version by running:
Update-Module DCToolbox
PowerShell Gallery package link: https://www.powershellgallery.com/packages/DCToolbox
When you have installed it, to get started, run:
Get-DCHelp
Explore and copy script examples to your clipboard with:
Copy-DCExample
Gather basic configuration data from a Microsoft 365 tenant.
Connect to Microsoft Graph with delegated credentials (interactive login will popup).
Connect to Microsoft Graph with application credentials.
Run a Microsoft Graph query.
Activate one or more Azure AD Privileged Identity Management (PIM) role with PowerShell.
Get current public IP address information. You can use the -UseTorHttpProxy to route traffic through a running Tor network HTTP proxy that was started by Start-DCTorHttpProxy.
Start a Tor network HTTP proxy that can be used for anonymization of HTTP traffic in PowerShell. Requires proxy support in the PowerShell CMDlet you want to anonymise. Many of the tools included in DCToolbox supports this.
Test if an account exists in Azure AD for specified email addresses.
Test if common and easily guessed admin usernames exist for specified Azure AD domains.
Lets a guest user enumerate users and security groups/teams when 'Guest user access restrictions' in Azure AD is set to the default configuration.
Uses an Azure AD app registration to download all files from all M365 groups (Teams) document libraries in a tenant.
Uses an Azure AD app registration to wipe all files from all M365 groups (Teams) document libraries in a tenant.
This CMDlet uses Microsoft Graph to export all Conditional Access policies in the tenant to a JSON file. This JSON file can be used for backup, documentation or to deploy the same policies again with Import-DCConditionalAccessPolicyDesign.
This CMDlet uses Microsoft Graph to automatically create Conditional Access policies from a JSON file. The JSON file can be created from existing policies with Export-DCConditionalAccessPolicyDesign or manually by following the syntax described in the Microsoft Graph documentation.
Automatically generate an Excel report containing your current Conditional Access policy design.
Automatically generate an Excel report containing your current Conditional Access assignments.
Please follow me on my blog https://danielchronlund.com, on LinkedIn and on Twitter!
@DanielChronlund