Version 1

    Microsoft Office 365 Security Statistics

    The template shows status of Office 365 Exchange mailbox security

     

    The following Component Monitors are included:

    • User Mailbox Security
    • Users by Retention Policy
    • User Password Settings
    • Last Password Change
    • Administrative Roles
    • Mailbox Auditing
    • Multi-Factor Authentication

     

    Prerequisites:

    User Password Settings, Last Password Change, Administrative Roles, Multi-Factor Authentication

    • Install-Module -Name AzureAD
    • Connect-AzureAD
    • Install-Module -Name MSOnline
    • Check the following article for prerequisites:

    https://docs.microsoft.com/en-us/microsoftteams/office-365-groups

    User Mailbox Security, Users by Retention Policy, Mailbox Auditing

    • Windows PowerShell needs to be configured to run scripts
    • Check the following article for prerequisites:

    http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

     

    Credentials:

    • The user should have SAM Administrator permissions
    • Office 365 account with global administrator privileges.
      1. Microsoft has a Global Throttling Policy which limits simultaneous connections from one client for O365 to maximum three simultaneous connections”. The Scripts are designed to allow only 3 connections at a time, hence advise users to create and use an account for SAM monitoring only and nowhere else

     

    MONITORED COMPONENTS

    • User Mailbox Security
      • Users that have access to more than 20 mailboxes
      • Unit: Number
    • Users by Retention Policy
      • Users assigned to retention policies and their respective names
      • Unit: Number
    • User Password Settings
      • Users based on password expiration settings
      • Unit: Number
    • Last Password Change
      • Number of users that have password changes more than 90 days ago
      • Unit: Number
    • Administrative Roles
      • Administrative roles and the number of users assigned to them
      • Unit: Number
    • Mailbox Auditing
      • Mailboxes that currently have audit enabled
      • Unit: Number
    • Multi-Factor Authentication
      • Users that have multi-factor authentication enabled
      • Unit: Number

     

    Troubleshooting steps

    Detail troubleshooting steps (common for template)

    • Use UPN format (username@domain) and not domain\username format to enter credentials. Also, a service account for Exchange Web Services is recommended to avoid authentication issues when passwords are updated.

     

    Detail troubleshooting steps (specific for components)

    • User Password Settings, Last Password Change, Administrative Roles, Multi-Factor Authentication
      1. Make sure the machine where the Monitors execute i.e Powershell Scripts, the Azure-AD and MSOnline is installed and connected.
    • User Mailbox Security, Users by Retention Policy, Mailbox Auditing
      1. Microsoft has a Global Throttling Policy which limits simultaneous connections from one client for O365 and maximum three simultaneous connections are allowed”.

    To overcome this concurrency issue, we have implemented Locking mechanism and restricted 3 Scripts establishing a connection with Office-365, hence Sometimes scripts may take more time to fetch data, to handle such situation try to increase polling and time interval.

    Error: “Fail to create a runspace because you have exceeded the maximum number of connections allowed : 3 for the policy party : MaxConcurrency. Please close existing runspace and try again.”

     

    Portions of this document were originally created by and are excerpted from the following sources: