Quest On Demand

How to Check Exchange Online User Policies in Native PowerShell

<#
.SYNOPSIS
Get-MailboxPolicies.ps1 - Get's important policy and configuration settings for mailboxes in Exchange Online

.DESCRIPTION
Generates a listing of mailboxes in an Exchange Online Tenant which includes:
- Name
- Alias
- IsMailboxEnabled
- AccountDisabled
- ActiveSyncEnabled
- ActiveSyncMailboxPolicy
- OWAEnabled
- OWAforDevicesEnabled
- OwaMailboxPolicy
- AddressBookPolicy
- RetentionPolicy
- SharingPolicy
- DataEncryptionPolicy
- ThrottlingPolicy
- RoleAssignmentPolicy

.INPUT
Manual prompt for Exchange Online Username/Password


.OUTPUTS
Mailbox policy and key settings are output to the default PowerShell pipeline in the console.

.NOTES
Written by: Curtis Johnstone
#>

Param(
[string] $mailboxIdentity
)

if ($O365PS -eq $null)
{
$Credential = Get-Credential

$ExchangeURL = "https://outlook.office365.com/powershell-liveid/"
$O365PS = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeURL `
-Credential $Credential -Authentication Basic -AllowRedirection -ErrorAction Stop -ErrorVariable ErrorConnectExchange

Import-PSSession $O365PS -AllowClobber | Out-Null
}

if ( !($O365PS) )
{
Write-Error "Cannot establish Office 365 Exchange Online Connection"
return
}

$user_MailboxPolicies = $null

if ($mailboxIdentity)
{
$user_MailboxPolicies = Get-Mailbox -Identity $mailboxIdentity | Select `
Name, Alias, Id, IsMailboxEnabled, AccountDisabled, AddressBookPolicy, RetentionPolicy, SharingPolicy, DataEncryptionPolicy, ThrottlingPolicy, RoleAssignmentPolicy
}
else
{
$user_MailboxPolicies = Get-Mailbox | Select `
Name, Alias, Id, IsMailboxEnabled, AccountDisabled, AddressBookPolicy, RetentionPolicy, SharingPolicy, DataEncryptionPolicy, ThrottlingPolicy, RoleAssignmentPolicy
}


$user_CasMailboxes = $null
$user_CasMailboxes = Get-CASMailbox | select Id, ActiveSyncEnabled, ActiveSyncMailboxPolicy, OWAEnabled, OWAforDevicesEnabled, OwaMailboxPolicy


foreach ($mailbox in $user_MailboxPolicies)
{

if ( ($mailbox -eq $null) -or ($mailbox.Id -eq $null) )
{ continue }

$casProps = $null
$casProps = $user_CasMailboxes | Where-Object { $_.Id -eq $mailbox.Id }

if ($casProps -eq $null)
{ continue }

# add the mobile and OWA properties to the mailbox object
$mailbox | Add-Member –MemberType NoteProperty –Name ActiveSyncEnabled –Value $casProps.ActiveSyncEnabled -Force
$mailbox | Add-Member –MemberType NoteProperty –Name ActiveSyncMailboxPolicy –Value $casProps.ActiveSyncMailboxPolicy -Force
$mailbox | Add-Member –MemberType NoteProperty –Name OWAEnabled –Value $casProps.OWAEnabled -Force
$mailbox | Add-Member –MemberType NoteProperty –Name OWAforDevicesEnabled –Value $casProps.OWAforDevicesEnabled -Force
$mailbox | Add-Member –MemberType NoteProperty –Name OwaMailboxPolicy –Value $casProps.OwaMailboxPolicy -Force

}

# choose your favorite output (e.g. | fl, | ft, | Out-GridView, | ConvertTo-Html)
$user_MailboxPolicies

Parents
No Data
Reply Children
No Data