One feature that stands out with Office365 Exchange is the great native spam protection it offers. My only complaint is that there is no administrative email you can configure that will show you what has been getting caught in the Quarantine. Microsoft offers ‘End user spam notifications” that will send an email to the user showing what has been quarantined for their account, but it also gives them access to release that message. Given that I still have a relatively small number of end users (160), I wanted to be the one deciding whether or not the message was actually spam.
The first command you’ll need to run will create an encrypted file which stores your Office365 account password. This allows you to then reference your password file in your script, and not have to use a plain text password. You’ll only need to run this command when you need to update your password, so I have it commented out in my final script.
| Read-Host -prompt "Enter password to be encrypted in 365securestring.txt " -assecurestring | convertfrom-securestring | out-file C:\powershell\365securestring.txt |
Once you have your password file created we then can connect to the Office365 server referencing that file.
| $pass = cat C:\powershell\365securestring.txt | convertto-securestring | |
| $mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "john@404john.com",$pass | |
| $O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection -Credential $mycred | |
| Import-PSSession $O365Session | |
| Connect-MsolService -Credential $mycred |
The next part of the script will build out a blank excel file we then can load with the quarantined messages. This command gives our excel file three column headers, ‘ReceivedTime’,'SenderAddress’, and ‘Subject’. This also pre-formats our email message.
| '' | select 'ReceivedTime','SenderAddress','Subject' | Export-Csv C:\powershell\quar.csv -NoTypeInformation |
Now for the actual working part of our script. We start by taking the current date and subtracting 1. This will give us the past 24 hours worth of spam messages. We then send those variables into our ‘Get-QuarantineMessage’ cmdlet and only pipe out our 3 column headers from before. We then need to do some more formatting, so let’s export and re-import the CSV file back into PowerShell as HTML, which will look better in an email. We also need to pass it through an ‘Out-String’ so it will look better in the final email.
| $CurrentDate = Get-Date | |
| $OneDayBack = $CurrentDate.AddDays(-1) | |
| $Quarantine = Get-QuarantineMessage -StartReceivedDate $OneDayBack -EndReceivedDate $CurrentDate | select received*,sender*,subject | |
| $Quarantine | Export-Csv C:\powershell\quar.csv -Append | |
| $import = Import-Csv C:\powershell\quar.csv | ConvertTo-Html | |
| $import | Out-String |
Now that all of the formatting is done, the last part of the script sends the email. We can use the ‘Send-MailMessage’ cmdlet to achieve this.
| Send-MailMessage -To john@404john.com -Subject "Daily Quarantine Alert" -Body $import -SmtpServer SMTP01 -from Office365@404john.com |
And that’s it! Have this run every morning from the Windows Task Scheduler and you are good to go. Here is what my final script looks like:
| #Read-Host -prompt "Enter password to be encrypted in 365securestring.txt " -assecurestring | convertfrom-securestring | out-file C:\powershell\365securestring.txt | |
| $pass = cat C:\powershell\365securestring.txt | convertto-securestring | |
| $mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist "john@404john.com",$pass | |
| $O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection -Credential $mycred | |
| Import-PSSession $O365Session | |
| Connect-MsolService -Credential $mycred | |
| '' | select 'ReceivedTime','SenderAddress','Subject' | Export-Csv C:\powershell\quar.csv -NoTypeInformation | |
| $CurrentDate = Get-Date | |
| $OneDayBack = $CurrentDate.AddDays(-1) | |
| $Quarantine = Get-QuarantineMessage -StartReceivedDate $OneDayBack -EndReceivedDate $CurrentDate | select received*,sender*,subject | |
| $Quarantine | Export-Csv C:\powershell\quar.csv -Append | |
| $import = Import-Csv C:\powershell\quar.csv | ConvertTo-Html | |
| $import | Out-String | |
| Send-MailMessage -To john@404john.com -Subject "Daily Quarantine Alert" -Body $import -SmtpServer SMTP01 -from Office365@404john.com | |
Now each morning I have the following email to reference instead of having to log into the Office365 admin portal.
Let me know if you run into any problems!
Cheers!
Thanks!