$users = Get-DistributionGroupMember -Identity "ProjectX-Team" $users | ForEach-Object Set-Mailbox -Identity $_.PrimarySmtpAddress -LitigationHoldEnabled $true -LitigationHoldDuration 365 This is the equivalent of a batch file for legal discovery, impossible to do via GUI for 200+ users. 4. Real-Time Monitoring – "Active Office 365 CMD as a Dashboard" You can run a live, updating terminal dashboard using PowerShell loops:
Connect-MgGraph -Scopes "User.Read.All", "AuditLog.Read.All" Get-MgUser -All | Where-Object $_.SignInActivity -eq $null Uncovers service accounts, terminated employees not disabled, or shared mailboxes being used for illicit access. 3.2 License Audit – Who’s Wasting Money? Get-MgUser -All -Property Id,DisplayName,AssignedLicenses | Select-Object DisplayName, @N="Licenses";E=$_.AssignedLicenses.SkuId -join ", " | Where-Object $_.Licenses -ne "" Output: Every user with their assigned product SKUs. Run this weekly to catch ghost licenses. 3.3 Bulk Mailbox Actions (Like Old cmd but Powerful) Add "Legal Hold – Project X" to all members of a distribution group:
The "CMD" of yesterday has evolved into a programmable, powerful interface that gives you complete control over your tenant. Final command to try right now: Connect-MgGraph -Scopes "User.Read.All" Get-MgUser -Top 10 | Format-List DisplayName, UserPrincipalName End of Report
while($true) Where-Object $_.SignInActivity.LastSignInDateTime -gt (Get-Date).AddHours(-24) Write-Host "Users active last 24h: $($activeUsers.Count)" $mailboxSize = Get-MailboxStatistics -Identity "admin@contoso.com" This mimics top or htop but for your tenant. 5.1 Find All Admin Role Assignments (Who can wreck your tenant) Get-MgRoleManagementDirectoryRoleAssignment | Where-Object $_.RoleDefinitionId -eq "Global Administrator" | Select-Object PrincipalId, RoleDefinitionId 5.2 Detect Mailbox Forwarding (Common data exfiltration) Get-Mailbox -ResultSize Unlimited | Where-Object $_.ForwardingSmtpAddress -ne $null | Select-Object DisplayName, ForwardingSmtpAddress, DeliverToMailboxAndForward Interesting finding: Many attackers set DeliverToMailboxAndForward = $true to keep the user unaware. 6. Automation Script – "Office 365 Daily Health Check" Save as O365-Health.ps1 and run daily via Task Scheduler or cron:
@echo off curl -X GET "https://graph.microsoft.com/v1.0/users" -H "Authorization: Bearer %ACCESS_TOKEN%" You can get %ACCESS_TOKEN% via az account get-access-token (Azure CLI) or Connect-MgGraph then extract token. | GUI | Active CMD | |-----|-------------| | Slow navigation | Instant execution | | Error-prone clicks | Scriptable, repeatable | | Hidden properties visible only via UI | Full object properties exposed | | Manual audit | Scheduled automation |
This report focuses on the for Office 365, primarily the Microsoft Graph PowerShell SDK (the successor to deprecated MSOnline and AzureAD modules), but also includes legacy cmd tricks, real-time monitoring, and automation scripts that act like "CMD on steroids." Report: Active Office 365 CMD – Beyond the GUI, Into the Shell Date: April 14, 2026 Subject: How to control, audit, and automate Office 365 using command-line interfaces (PowerShell, CMD, and Graph API). 1. Executive Summary The graphical portal (portal.azure.com, admin.exchange.microsoft.com) is slow and click-heavy. Active CMD —specifically PowerShell 7 with the Microsoft Graph module—is the real control plane for Office 365. This report demonstrates how to execute powerful administrative commands, extract hidden user data, and automate security tasks, all from a terminal. Key takeaway: A single line of CLI can replace 15 minutes of GUI navigation. 2. The Modern "CMD" for Office 365 While cmd.exe itself can't talk to O365 natively, PowerShell is the de facto active command line. The recommended stack:
# Report summary Write-Output "=== O365 Health Report $(Get-Date) ===" Write-Output "Users: $(Get-MgUser -All).Count" Write-Output "Disabled users: $(Get-MgUser -All | Where-Object $_.AccountEnabled -eq $false).Count" Write-Output "Guest accounts: $(Get-MgUser -All | Where-Object $_.UserType -eq 'Guest').Count" Write-Output "Mailboxes > 90GB: $((Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where-Object $_.TotalItemSize.Value.ToGB() -gt 90).Count)" Though limited, native cmd can still interact with O365 via curl to Graph API with a token:
Legacy modules ( MSOnline , AzureAD , ExchangeOnlineManagement older versions) are as of 2024–2026. 3. Interesting Active Commands (Live Examples) 3.1 User Reconnaissance – Find "Hidden" Accounts List all users who have never logged in (inactive security risk):
Комментарии
Comments are closed.
Active Office 365: Cmd
$users = Get-DistributionGroupMember -Identity "ProjectX-Team" $users | ForEach-Object Set-Mailbox -Identity $_.PrimarySmtpAddress -LitigationHoldEnabled $true -LitigationHoldDuration 365 This is the equivalent of a batch file for legal discovery, impossible to do via GUI for 200+ users. 4. Real-Time Monitoring – "Active Office 365 CMD as a Dashboard" You can run a live, updating terminal dashboard using PowerShell loops:
Connect-MgGraph -Scopes "User.Read.All", "AuditLog.Read.All" Get-MgUser -All | Where-Object $_.SignInActivity -eq $null Uncovers service accounts, terminated employees not disabled, or shared mailboxes being used for illicit access. 3.2 License Audit – Who’s Wasting Money? Get-MgUser -All -Property Id,DisplayName,AssignedLicenses | Select-Object DisplayName, @N="Licenses";E=$_.AssignedLicenses.SkuId -join ", " | Where-Object $_.Licenses -ne "" Output: Every user with their assigned product SKUs. Run this weekly to catch ghost licenses. 3.3 Bulk Mailbox Actions (Like Old cmd but Powerful) Add "Legal Hold – Project X" to all members of a distribution group:
The "CMD" of yesterday has evolved into a programmable, powerful interface that gives you complete control over your tenant. Final command to try right now: Connect-MgGraph -Scopes "User.Read.All" Get-MgUser -Top 10 | Format-List DisplayName, UserPrincipalName End of Report active office 365 cmd
while($true) Where-Object $_.SignInActivity.LastSignInDateTime -gt (Get-Date).AddHours(-24) Write-Host "Users active last 24h: $($activeUsers.Count)" $mailboxSize = Get-MailboxStatistics -Identity "admin@contoso.com" This mimics top or htop but for your tenant. 5.1 Find All Admin Role Assignments (Who can wreck your tenant) Get-MgRoleManagementDirectoryRoleAssignment | Where-Object $_.RoleDefinitionId -eq "Global Administrator" | Select-Object PrincipalId, RoleDefinitionId 5.2 Detect Mailbox Forwarding (Common data exfiltration) Get-Mailbox -ResultSize Unlimited | Where-Object $_.ForwardingSmtpAddress -ne $null | Select-Object DisplayName, ForwardingSmtpAddress, DeliverToMailboxAndForward Interesting finding: Many attackers set DeliverToMailboxAndForward = $true to keep the user unaware. 6. Automation Script – "Office 365 Daily Health Check" Save as O365-Health.ps1 and run daily via Task Scheduler or cron:
@echo off curl -X GET "https://graph.microsoft.com/v1.0/users" -H "Authorization: Bearer %ACCESS_TOKEN%" You can get %ACCESS_TOKEN% via az account get-access-token (Azure CLI) or Connect-MgGraph then extract token. | GUI | Active CMD | |-----|-------------| | Slow navigation | Instant execution | | Error-prone clicks | Scriptable, repeatable | | Hidden properties visible only via UI | Full object properties exposed | | Manual audit | Scheduled automation | extract hidden user data
This report focuses on the for Office 365, primarily the Microsoft Graph PowerShell SDK (the successor to deprecated MSOnline and AzureAD modules), but also includes legacy cmd tricks, real-time monitoring, and automation scripts that act like "CMD on steroids." Report: Active Office 365 CMD – Beyond the GUI, Into the Shell Date: April 14, 2026 Subject: How to control, audit, and automate Office 365 using command-line interfaces (PowerShell, CMD, and Graph API). 1. Executive Summary The graphical portal (portal.azure.com, admin.exchange.microsoft.com) is slow and click-heavy. Active CMD —specifically PowerShell 7 with the Microsoft Graph module—is the real control plane for Office 365. This report demonstrates how to execute powerful administrative commands, extract hidden user data, and automate security tasks, all from a terminal. Key takeaway: A single line of CLI can replace 15 minutes of GUI navigation. 2. The Modern "CMD" for Office 365 While cmd.exe itself can't talk to O365 natively, PowerShell is the de facto active command line. The recommended stack:
# Report summary Write-Output "=== O365 Health Report $(Get-Date) ===" Write-Output "Users: $(Get-MgUser -All).Count" Write-Output "Disabled users: $(Get-MgUser -All | Where-Object $_.AccountEnabled -eq $false).Count" Write-Output "Guest accounts: $(Get-MgUser -All | Where-Object $_.UserType -eq 'Guest').Count" Write-Output "Mailboxes > 90GB: $((Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where-Object $_.TotalItemSize.Value.ToGB() -gt 90).Count)" Though limited, native cmd can still interact with O365 via curl to Graph API with a token: and automate security tasks
Legacy modules ( MSOnline , AzureAD , ExchangeOnlineManagement older versions) are as of 2024–2026. 3. Interesting Active Commands (Live Examples) 3.1 User Reconnaissance – Find "Hidden" Accounts List all users who have never logged in (inactive security risk):