Microsoft 365 & Entra Scripts

Automation scripts for Microsoft 365 services and Entra ID (Azure AD). This repository contains operational tooling for Exchange Online, SharePoint/OneDrive, Teams, Intune, Security & Compliance, Licensing, and Graph API utilities.

Primary languages: PowerShell

📊 Status & Info

🚀 Overview

This repo centralizes repeatable tasks, bulk operations, reporting, and admin automation across the Microsoft 365 tenant.

🔐 Security & Secrets

• Never commit secrets, tokens, or export tenant data that may be sensitive.
• Use a secrets manager (e.g., 1Password, Azure Key Vault, or environment variables).
• Scripts should read secrets via environment variables or injected at runtime.
• If logs may contain PII, write to a secure path and restrict permissions.

🧭 Conventions

• Script naming: Verb-Noun-Service.ps1 (e.g., Get-LicensingReport-Graph.ps1)
• Idempotency: scripts should support re-runs without unintended changes.

🔑 Authentication Patterns

Interactive (admin operator)

# Exchange Online
Connect-ExchangeOnline -ShowProgress $false

# Microsoft Graph (SDK)
Connect-MgGraph -Scopes "User.Read.All","Group.Read.All" -TenantId <tenant-id>
Select-MgProfile -Name beta  # if needed for preview endpoints

Unattended (service principal + certificate)

$TenantId = "<tenant-id>"
$ClientId = "<app-id>"
$CertThumb = "<thumbprint>"
Connect-MgGraph -TenantId $TenantId -ClientId $ClientId -CertificateThumbprint $CertThumb -NoWelcome

Device code (fallback)

```powershell
Connect-MgGraph -Scopes "User.Read.All" -TenantId <tenant-id> -UseDeviceCode
``

⚠️ Disclaimer

These scripts are provided as-is. Review, test in a non-production tenant or sandbox first, and run under the principle of least privilege. Some endpoints may require elevated roles (e.g., Compliance Administrator).