DCToolbox PowerShell Module for Microsoft 365 Security, Conditional Access Automation, and more

This month (November 2020) marks the two-year anniversary of my Microsoft Cloud Tech blog! This blog post contains a couple of celebration announcements that I like to share with you, but first I want to thank you all for your support during these two years! Your feedback and appreciation is what keeps me doing this! The blog has grown into something I did not expect and now I want to take this work to the next level.

PowerShell Toolbox for Microsoft 365 Security

If you have followed me for some time, then you know that I often write about Microsoft 365, zero trust implementation, Conditional Access, and similar security related topics. I’ve posted different PowerShell scripts on the blog and shared the different tools I use in my daily work. Many of you have expressed your appreciation for the scripts and I’m so glad that so many find them useful!

To make it easier for everyone to find and use the tools, from now on, everything I build with PowerShell will be included in a PowerShell module called DCToolbox. I’ve already included the latest versions of my Conditional Access automation tools and my PowerShell Graph functions in the module, but this will also be the home for all upcoming tools I’m working on! One module to rule them all πŸ˜‰

GitHub Repository

I’m sharing the source code for the module and all included CMDlets on GitHub. If you are interested in learning how they work, or maybe you want to modify your own versions, feel free to clone the source code to do so.


PowerShell Gallery

I’m also providing the module in the official Microsoft PowerShell Gallery. This means that you can install the module on your Windows 10 device with a single command line.

Install the module from the PowerShell Gallery by running:

Install-Module DCToolbox

If you already installed it, update to the latest version by running:

Update-Module DCToolbox

PowerShell Gallery link: https://www.powershellgallery.com/packages/DCToolbox

When you have installed it, to get started, run:


Explore and copy script examples to your clipboard with:


The examples includes instructions, guidance, complete scripts and snippets. You don’t need to invent the wheel again πŸ™‚ As always, I recommend using Visual Studio Code for the best PowerShell action!


My goal is to provide a comprehensive set of PowerShell tools in a single module for your security, automation and zero trust needs. This module will be under constant development so make sure you update it on a regular basis (Update-Module DCToolbox) to receive the latest features and fixes.

Please follow me here, on LinkedIn and on Twitter!


19 thoughts on “DCToolbox PowerShell Module for Microsoft 365 Security, Conditional Access Automation, and more

  1. I love the script, and can think of a number of uses for it to keep the system healthy.

    I did wonder though, what is the real use for the TOR network component? it doesnt feel like a suitable fit with all the other functions?

  2. Thank you Ivan!

    More is coming soon! I will add my different PoC attack tools to the module shortly. I use them to demonstrate the value of features like Azure AD Identity Protection, where anonymous IP is one of the threats it can protect you against. That’s where Tor comes in. Stay tuned!

  3. Thank you for your work. I can’t wait to use it. Do you have any idea why after running the install command nothing works? It prompts for my approval to install “All” and that completes. Then the commands will not run. They give the error “Get-DCHelp : The term ‘Get-DCHelp’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.”

  4. If I am invited as a Guest to another tenant and added to the global admin role in that tenant, what do I need to do to use your toolbox to export CA policies?

  5. There are limitations of what you can do with a guest account and PowerShell when it comes to Graph. I haven’t been able to make this work. Sorry.

  6. I created app registration with relevant delegated permissions and when running “New-DCConditionalAccessAssignmentReport” with an global admin user I’m getting:
    “Sorry, but we’re having trouble signing you in. AADSTS500113: No reply address is registered for the application.”

    Any idea what am I doing wrong?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s