Skip to content

bwdonahue/ps-toolkit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

MSP PowerShell Automation Toolkit

A collection of real-world PowerShell automation scripts used across MSP, identity, and security workflows. These tools are designed for repeatability, accuracy, and operational efficiency in Microsoft 365, Entra ID, Active Directory, and email security environments.

All scripts follow a consistent engineering pattern:

  • Parameterized input
  • Clear logging and structured output
  • Idempotent logic (safe to re-run)
  • Retry/backoff handling for transient cloud faults
  • Git-based version control
  • Optional Excel output (via ImportExcel)

📌 Scripts Included


1. Combined MFA Report (Graph-Only)

Purpose: Generate a unified MFA readiness report for Microsoft 365 tenants, combining Reports API data with per-user authentication methods.

Key Features

  • Uses your “always-prompt” login pattern:
    • Interactive browser login first (WAM disabled)
    • Falls back to Device Code if interactive is blocked
  • Combines:
    • Reports API MFA status
    • Per-user authentication methods
    • PrimarySMTP + all proxyAddresses (aliases)
  • Output filename includes tenant name
  • Optional -Excel switch to generate XLSX output (requires ImportExcel)

Requirements

  • Microsoft.Graph (delegated)
  • ImportExcel (optional)

2. BitLocker Key Export (Active Directory)

Purpose: Export BitLocker recovery keys from on-prem Active Directory for compliance, audit, or recovery workflows.

Key Features

  • Queries AD for BitLocker recovery objects
  • Exports keys to CSV
  • Useful for vCIO reporting, compliance checks, and device audits

3. BitLocker Key Export (Entra ID)

Purpose: Export BitLocker recovery keys from Entra ID (Azure AD) for cloud-managed devices.

Key Features

  • Uses Microsoft Graph
  • Supports delegated auth
  • Outputs structured CSV for reporting or backup

4. Infosec + Avanan (Check Point Harmony E+C) Mail Flow Setup

Purpose: Create and maintain a complete, idempotent mail-flow configuration for Infosec IQ and Avanan (Check Point Harmony Email & Collaboration).

This script is idempotent, retry-enabled, and safe to run repeatedly.

Transport Rules Created/Updated (Final Order)

  1. Infosec IQ Safe Attachment Bypass (no stop)
  2. Infosec IQ Safe Links Bypass (no stop)
  3. Infosec IQ Header BypassSCL = -1 (no stop)
  4. Infosec Exclusion from Avanan Scanning — STOP; stamps X-CLOUD-SEC-AV-Info
  5. Avanan – Protect — exception added; placed directly under #4
  6. Infosec IQ – MS Report Phishing Bypass — STOP, Delete; forced to last position (Count-1)

Additional Behavior

  • Appends only Infosec CIDRs to the EOP Connection Filter IPAllowList (safe append pattern)
  • Supports -WhatIf and -Confirm
  • Includes retry/backoff logic for transient EXO faults

References & Docs

  • EXO V3 module install/connect & resiliency
  • Mail-flow rule cmdlets: New-/Set-/Enable-TransportRule
  • Rule priority handling (0 = highest)
  • EOP IP allow list append pattern

(Links omitted in README for cleanliness; see script comments for full references.)


5. M365 License Workbook for vCIO

Purpose: Generate a complete Microsoft 365 licensing workbook for vCIO reviews, budgeting, and renewal planning.

Output Includes

  • All Users worksheet
  • One worksheet per assigned license SKU
  • Not Licensed Users
  • Floating Summary:
    • Purchased
    • Assigned
    • Unassigned

Requirements

  • Microsoft.Graph (delegated)
  • ImportExcel

Connection Behavior

  • ALWAYS prompts for sign-in
  • Interactive browser login first (WAM disabled)
  • Falls back to Device Code if interactive is blocked

📦 Installation

Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module ImportExcel -Scope CurrentUser

🧩 Usage

Each script includes:

  • Parameter help
  • Examples
  • Notes on authentication
  • Output format details

Run with:

.\ScriptName.ps1 -Parameter value

🛠 Support & Consulting

These scripts are part of my broader consulting work in:

  • Identity lifecycle automation
  • MSP operational efficiency
  • Microsoft 365 security hardening
  • JumpCloud + Entra hybrid identity
  • ConnectWise workflow automation

For custom automation or environment-specific tooling, reach out anytime.


About

A collection of reusable, environment‑agnostic PowerShell automations for reporting, cleanup, identity workflows, and MDM tasks.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors