forked from tmlaughlinjr/Exchange_Online_Hardening
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Hardening Exchange-New Tenant Onboarding.ps1
67 lines (33 loc) · 3.57 KB
/
Hardening Exchange-New Tenant Onboarding.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
###CONNECT TO EXCHANGE ONLINE ##########
Install-Module PowershellGet -Force
Update-Module PowershellGet
Set-ExecutionPolicy RemoteSigned
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline
###BLOCK AUTO FW #######################
$externalTransportRuleName = "Block Auto-Forwarding"
$rejectMessageText = "To improve security, auto-forwarding rules to external email addresses have been disabled. Please contact your helpdesk if you want to create an exception."
$externalForwardRule = Get-TransportRule | Where-Object {$_.Identity -contains $externalTransportRuleName}
if (!$externalForwardRule) {
Write-Output "Rule for Auto-forwarding not found, creating Rule"
New-TransportRule -name "Block Auto-forwarding" -Priority 1 -SentToScope NotInOrganization -FromScope InOrganization -MessageTypeMatches AutoForward -RejectMessageEnhancedStatusCode 5.7.1 -RejectMessageReasonText $rejectMessageText
}
######Set Up Email Encryption Rule########################
New-TransportRule -Name "Encrypt Email" -SubjectContainsWords "Secure" -ApplyRightsProtectionTemplate "Encrypt"
#################Set FREE/BUSY CALENDAR INFO ########################
Set-SharingPolicy -Identity "Default Sharing Policy" -Domains "Anonymous: CalendarSharingFreeBusySimple"
#######SET OUT BOUND SPAM NOTIFICATIONS ######################
$NotifcationEntity = Read-Host -Prompt "Enter the email of the recipient who will receive the spam notifications"
Set-HostedOutboundSpamFilterPolicy Default -NotifyOutboundSpam $true -NotifyOutboundSpamRecipients $NotifcationEntity
#################SET UP ATP SAFE LINKS AND SAFE ATTACHMENTS #########################################
$DomainName = Read-Host -Prompt "Enter Tenant Domain Name"
$WhiteListURl = Read-Host -Prompt "Enter any URLs you want to whitelist. If you have none, press enter"
New-SafeAttachmentPolicy -Name "Policy 1" -Action Dynamicdelivery -Enable $true -ActionOnError $true
New-SafeAttachmentRule -Name "Safe Attachment Policy" -SafeAttachmentPolicy "Policy 1" -RecipientDomainIs $DomainName
New-SafeLinksPolicy -Name "Policy 1" -DoNotTrackUserClicks $true -EnableForInternalSenders $true -DoNotAllowClickThrough $True -TrackClicks $false -ScanUrls $true -AllowClickThrough $false -DoNotRewriteUrls $WhiteListURl -IsEnabled $true
New-SafeLinksRule -Name "SafeLinksPolicy" -SafeLinksPolicy "Policy 1" -RecipientDomainIs $DomainName -Enabled $true
#########SET UP ANTI-PHISHING POLICY ##########################
$ProtectedUser = Read-Host -Prompt "Type in individuals you want to protect (CEO, CFO, etc) Type their display name and emai in the following format DisplayName;Email ex. Bruce Wayne;[email protected]"
$ExcludedDomains = Read-Host -Prompt "Are there domains you want to whitlist? If y then type their domains with a comma separation. If no, type null"
$ExcludedSenders = Read-Host -Prompt "Are there senders you want to whitlist? If y then type their emails with a comma separation. If no, type [email protected]"
Set-AntiPhishPolicy -Identity "Office365 AntiPhish Default" -EnableOrganizationDomainsProtection $true -TargetedDomainProtectionAction Quarantine -EnableTargetedUserProtection $true -TargetedUsersToProtect $ProtectedUser -TargetedUserProtectionAction Quarantine -EnableMailboxIntelligence $true -EnableMailboxIntelligenceProtection $true -MailboxIntelligenceProtectionAction Quarantine -EnableSimilarUsersSafetyTips $true -EnableSimilarDomainsSafetyTips $true -EnableUnusualCharactersSafetyTips $true -ExcludedDomains $ExcludedDomains -ExcludedSenders $ExcludedSenders