A collection of real-world PowerShell automation scripts used across MSP, identity, and security workflows. These tools are designed for repeatability, accuracy, and operational efficiency in Microsoft 365, Entra ID, Active Directory, and email security environments.

All scripts follow a consistent engineering pattern:

• Parameterized input
• Clear logging and structured output
• Idempotent logic (safe to re-run)
• Retry/backoff handling for transient cloud faults
• Git-based version control
• Optional Excel output (via ImportExcel)

Purpose: Generate a unified MFA readiness report for Microsoft 365 tenants, combining Reports API data with per-user authentication methods.

• Uses your “always-prompt” login pattern:
  • Interactive browser login first (WAM disabled)
  • Falls back to Device Code if interactive is blocked
• Combines:
  • Reports API MFA status
  • Per-user authentication methods
  • PrimarySMTP + all proxyAddresses (aliases)
• Output filename includes tenant name
• Optional -Excel switch to generate XLSX output (requires ImportExcel)

• Microsoft.Graph (delegated)
• ImportExcel (optional)

Purpose: Export BitLocker recovery keys from on-prem Active Directory for compliance, audit, or recovery workflows.

• Queries AD for BitLocker recovery objects
• Exports keys to CSV
• Useful for vCIO reporting, compliance checks, and device audits

Purpose: Export BitLocker recovery keys from Entra ID (Azure AD) for cloud-managed devices.

• Uses Microsoft Graph
• Supports delegated auth
• Outputs structured CSV for reporting or backup

Purpose: Create and maintain a complete, idempotent mail-flow configuration for Infosec IQ and Avanan (Check Point Harmony Email & Collaboration).

This script is idempotent, retry-enabled, and safe to run repeatedly.

1. Infosec IQ Safe Attachment Bypass (no stop)
2. Infosec IQ Safe Links Bypass (no stop)
3. Infosec IQ Header Bypass — SCL = -1 (no stop)
4. Infosec Exclusion from Avanan Scanning — STOP; stamps X-CLOUD-SEC-AV-Info
5. Avanan – Protect — exception added; placed directly under #4
6. Infosec IQ – MS Report Phishing Bypass — STOP, Delete; forced to last position (Count-1)

• Appends only Infosec CIDRs to the EOP Connection Filter IPAllowList (safe append pattern)
• Supports -WhatIf and -Confirm
• Includes retry/backoff logic for transient EXO faults

• EXO V3 module install/connect & resiliency
• Mail-flow rule cmdlets: New-/Set-/Enable-TransportRule
• Rule priority handling (0 = highest)
• EOP IP allow list append pattern

(Links omitted in README for cleanliness; see script comments for full references.)

Purpose: Generate a complete Microsoft 365 licensing workbook for vCIO reviews, budgeting, and renewal planning.

• All Users worksheet
• One worksheet per assigned license SKU
• Not Licensed Users
• Floating Summary:
  • Purchased
  • Assigned
  • Unassigned

• Microsoft.Graph (delegated)
• ImportExcel

• ALWAYS prompts for sign-in
• Interactive browser login first (WAM disabled)
• Falls back to Device Code if interactive is blocked

Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ImportExcel -Scope CurrentUser

Each script includes:

• Parameter help
• Examples
• Notes on authentication
• Output format details

Run with:

.\ScriptName.ps1 -Parameter value

These scripts are part of my broader consulting work in:

• Identity lifecycle automation
• MSP operational efficiency
• Microsoft 365 security hardening
• JumpCloud + Entra hybrid identity
• ConnectWise workflow automation

For custom automation or environment-specific tooling, reach out anytime.