tag:blogger.com,1999:blog-8782028342718246030.post6378576058619267797..comments2024-03-03T21:39:54.759-08:00Comments on 1234n6: Investigating Office365 Account Compromise without the Activities APIAdam Harrisonhttp://www.blogger.com/profile/15078077753320282858noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-8782028342718246030.post-86167776626191953292019-05-06T14:26:18.728-07:002019-05-06T14:26:18.728-07:00Can a PowerShell script Search-UnifiedAuditLog be ...Can a PowerShell script Search-UnifiedAuditLog be performed for Non-Owner Access of a mailbox?<br /><br />My Office 365 Admin access allows me elevated access into other mailboxes, I wanted to make some changes in a user mailbox, as a test, to collect information on non-owner access and compare that inquiry to my LogRhythm report<br />Thank you for your timeRAndersonhttps://www.blogger.com/profile/13839242677150198859noreply@blogger.comtag:blogger.com,1999:blog-8782028342718246030.post-25048677881540654872019-01-10T02:11:47.844-08:002019-01-10T02:11:47.844-08:00If I am not mistaken, in this command:
foreach ($...If I am not mistaken, in this command:<br /><br />foreach ($user in (get-mailbox -resultsize unlimited).UserPrincipalName) {Get-InboxRule -Mailbox $user I Select-Object MailboxOwnerID,Name,Description,Enabled,RedirectTo,MoveToFolder,ForwardTo | Export-CSV E:\Cases\InvestigationXYZ\AllUserRules.csv -NoTypelnformation -Append}<br /><br />I should be replaced with a pipe (|).<br />Regards,<br />FilipFiliphttps://www.blogger.com/profile/05380006384440146205noreply@blogger.comtag:blogger.com,1999:blog-8782028342718246030.post-11794106859013526082018-12-02T20:05:42.373-08:002018-12-02T20:05:42.373-08:00Thank you for detailed info.Thank you for detailed info.Anonymoushttps://www.blogger.com/profile/01090563473011455824noreply@blogger.comtag:blogger.com,1999:blog-8782028342718246030.post-60897625715207471402018-07-23T05:25:18.334-07:002018-07-23T05:25:18.334-07:00Thanks for the heads up, I've corrected it. A ...Thanks for the heads up, I've corrected it. A post describing the relevant script is here:<br /><br />https://blogs.perficient.com/2016/03/25/office-365-script-to-perform-message-trace-by-subject/<br /><br />And the script is here:<br />https://gallery.technet.microsoft.com/PowerShell-Script-to-65a63049Adam Harrisonhttps://www.blogger.com/profile/15078077753320282858noreply@blogger.comtag:blogger.com,1999:blog-8782028342718246030.post-48763230460070087532018-07-21T05:55:02.018-07:002018-07-21T05:55:02.018-07:00This is wonderful. Thank you !
There is a hyperli...This is wonderful. Thank you !<br /><br />There is a hyperlink missing here: <br />"In these cases a script may be the best solution and one such script can be found here."Logan Paulhttps://www.blogger.com/profile/06918642276782767533noreply@blogger.com