A tool for quickly addressing low Secure Score. Designed with non-techs in mind.
- requires Defender P1
- you will be asked for the following info:
- Company name: used for naming policies
- Email: this is where Quarantine Release Requests and Internal Spam Sender notifications will go to
- Username: Your 365 username. If this is what you login to your PC with, you will not need to input a password. Otherwise, you will.
- Domains: the domains you want to apply these rules to. Input all to apply to all domains on the tenant. This is recommended.
- Download Main.ps1, DomainSelection.psm1, fileLog.psm1, Variables.ps1, ThreatPolicies.psm1 to your Downloads folder.
- If you have the ExchangeOnlineManagement module for PowerShell, skip to 4. Otherwise, open PowerShell (the command line, not the ISE) as an admin. (Right-click + run as administrator)
- Run
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Confirm:$false - open cmd, input
cd %USERPROFILE%\Downloads - input
pwsh ./Main.ps1 - Follow the prompts. Log will be found on your desktop as 'SecureScore_log.txt'
- If you get an error about enabling customization, input
Enable-OrganizationCustomizationand try again.
- This will force Microsoft recommended values to various email-related policies.
- This includes blocking any automatic forwarding to external email addresses, which can have an impact on anything you have configured to automatically forward (like ticketing)
- This will also start quarantining messages. Some WILL be false flags, as it uses Microsoft AI components... Some detections are configured to go to Quarantine, some are configured to go to your Junk folder.
- It is recommmended to familiarize yourself with the Quarantine and releasing items.
- Deprecated are old iterations of this script.
- WIP are various other SecureScore components. These are split into the service/module they use.