A PowerShell toolbox for Microsoft 365 security fans.

Author: Daniel Chronlund

This PowerShell module contains a collection of tools for Microsoft 365 security tasks, Microsoft Graph functions, Azure AD management, Conditional Access, zero trust strategies, attack and defense scenarios, etc.

Install the module from the PowerShell Gallery by running:

Install-Module DCToolbox

If you already installed it, update to the latest version by running:

Update-Module DCToolbox

PowerShell Gallery package link: https://www.powershellgallery.com/packages/DCToolbox

When you have installed it, to get started, run:

Get-DCHelp

Explore and copy script examples to your clipboard with:

Copy-DCExample

Gather basic configuration settings from a Microsoft 365 tenant and crates an Excel report.

Gather basic configuration data from a Microsoft 365 tenant.

Connect to Microsoft Graph with delegated credentials (interactive login will popup).

Connect to Microsoft Graph with application credentials.

Run a Microsoft Graph query.

Activate one or more Azure AD Privileged Identity Management (PIM) role with PowerShell.

Get current public IP address information. You can use the -UseTorHttpProxy to route traffic through a running Tor network HTTP proxy that was started by Start-DCTorHttpProxy.

Start a Tor network HTTP proxy that can be used for anonymization of HTTP traffic in PowerShell. Requires proxy support in the PowerShell CMDlet you want to anonymise. Many of the tools included in DCToolbox supports this.

Test if an account exists in Azure AD for specified email addresses.

Test if common and easily guessed admin usernames exist for specified Azure AD domains.

Test if legacy authentication is allowed in Office 365 for a particular user.

Lets a guest user enumerate users and security groups/teams when 'Guest user access restrictions' in Azure AD is set to the default configuration.

This CMDlet uses Microsoft Graph to export all Conditional Access policies in the tenant to a JSON file. This JSON file can be used for backup, documentation or to deploy the same policies again with Import-DCConditionalAccessPolicyDesign.

This CMDlet uses Microsoft Graph to automatically create Conditional Access policies from a JSON file. The JSON file can be created from existing policies with Export-DCConditionalAccessPolicyDesign or manually by following the syntax described in the Microsoft Graph documentation.

Automatically generate an Excel report containing your current Conditional Access policy design.

Automatically generate an Excel report containing your current Conditional Access assignments.

Please follow me on my blog https://danielchronlund.com, on LinkedIn and on Twitter!

@DanielChronlund