diff --git a/InactiveUsersLast90Days.ps1 b/InactiveUsersLast90Days.ps1 index 517f49c..18374f9 100644 --- a/InactiveUsersLast90Days.ps1 +++ b/InactiveUsersLast90Days.ps1 @@ -24,6 +24,6 @@ $loggedOnUsers = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate $inactiveInLastThreeMonthsUsers = @() $inactiveInLastThreeMonthsUsers = $allUsers.UserPrincipalName | where {$loggedOnUsers.UserIds -NotContains $_} -Write-Output "The following users have no logged in for the last 90 days:" +Write-Output "The following users have not logged in for the last 90 days:" Write-Output $inactiveInLastThreeMonthsUsers diff --git a/RemediateBreachedAccount.ps1 b/RemediateBreachedAccount.ps1 index ce8b8cc..72964d8 100644 --- a/RemediateBreachedAccount.ps1 +++ b/RemediateBreachedAccount.ps1 @@ -1,5 +1,5 @@ #This script will allow you to execute a recommended set of steps to fully re-secure and remediate a known breached account in Office 365. -#It peroms the following actions: +#It performs the following actions: # Reset password (which kills the session). # Remove mailbox delegates. # Remove mailforwarding rules to external domains. @@ -183,4 +183,4 @@ Remove-MailboxForwarding $upn Enable-MFA $upn Get-AuditLog $upn -Stop-Transcript \ No newline at end of file +Stop-Transcript diff --git a/RemediateEmployeeLeaving.ps1 b/RemediateEmployeeLeaving.ps1 index 808f55f..ff28277 100644 --- a/RemediateEmployeeLeaving.ps1 +++ b/RemediateEmployeeLeaving.ps1 @@ -166,13 +166,13 @@ Function RemoveUser($upn) Write-Host "This PowerShell script was created by the Office 365 security team to help customers remediate the risk of an employee leaving the company." -Write-Host "To learn more about to perform the same manually please take a look at:" +Write-Host "To learn more about this or to perform the same manually please take a look at:" Write-Host "https://support.office.com/en-US/article/How-to-block-employee-access-to-Office-365-data-44d96212-4d90-4027-9aa9-a95eddb367d1?ui=en-US&rs=en-US&ad=US" Write-Host " " Write-Host "Please enter your name of your domain without the Top Level Domain (.com, .org, .net, etc.). " Write-Host "For example if you work at contoso.com, please enter only Contoso" $domainName = Read-Host -Prompt 'Domain Name (Without Top Level Domain)' -Write-Host "Enter your Admin Credentials, please note you will be prompted twice (One for O365 Exchange and one for AAD)" +Write-Host "Enter your Admin Credentials, please note you will be prompted twice (Once for O365 Exchange and once for AAD)" #MyStart -domainName $domainName ReviewExecutionPolicy $adminCreds = InitiateSession -domainName $domainName diff --git a/SetODBSyncFileExtensionBlacklist.ps1 b/SetODBSyncFileExtensionBlacklist.ps1 index 2fcd9b7..02bfc9b 100644 --- a/SetODBSyncFileExtensionBlacklist.ps1 +++ b/SetODBSyncFileExtensionBlacklist.ps1 @@ -24,11 +24,11 @@ Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking } -Write-Output "You current Sync Client configuration is set to: " +Write-Output "Your current Sync Client configuration is set to: " Get-SPOTenantSyncClientRestriction Set-SPOTenantSyncClientRestriction -ExcludedFileExtensions "ecc;ezz;exx;zzz;xyz;aaa;abc;ccc;vvv;xxx;ttt;micro;encrypted;locked;crypto;crinf;r5a;XRNT;XTBL;crypt;R16M01D05;pzdc;good;RDM;RRK;encryptedRSA;crjoker;EnCiPhErEd;LeChiffre;0x0;bleep;1999;vault;HA3;toxcrypt;magic;SUPERCRYPT;CTBL;CTB2;locky;cryp1;zepto" Write-Output "Excellent! You have configured your tenancy to not sync files with at least some known ransomware file extensions. Periodically update the list and your blacklist." -Stop-Transcript \ No newline at end of file +Stop-Transcript