DCToolbox PowerShell Module for Microsoft 365 Security, Conditional Access Automation, and more

This month (November 2020) marks the two-year anniversary of my Microsoft Cloud Tech blog! This blog post contains a couple of celebration announcements that I like to share with you, but first I want to thank you all for your support during these two years! Your feedback and appreciation is what keeps me doing this! The blog has grown into something I did not expect and now I want to take this work to the next level.

PowerShell Toolbox for Microsoft 365 Security

If you have followed me for some time, then you know that I often write about Microsoft 365, zero trust implementation, Conditional Access, and similar security related topics. I’ve posted different PowerShell scripts on the blog and shared the different tools I use in my daily work. Many of you have expressed your appreciation for the scripts and I’m so glad that so many find them useful!

To make it easier for everyone to find and use the tools, from now on, everything I build with PowerShell will be included in a PowerShell module called DCToolbox. I’ve already included the latest versions of my Conditional Access automation tools and my PowerShell Graph functions in the module, but this will also be the home for all upcoming tools I’m working on! One module to rule them all 😉

GitHub Repository

I’m sharing the source code for the module and all included CMDlets on GitHub. If you are interested in learning how they work, or maybe you want to modify your own versions, feel free to clone the source code to do so.

https://github.com/DanielChronlund/DCToolbox

PowerShell Gallery

I’m also providing the module in the official Microsoft PowerShell Gallery. This means that you can install the module on your Windows 10 device with a single command line.

Install the module from the PowerShell Gallery by running:

Install-Module DCToolbox

If you already installed it, update to the latest version by running:

Update-Module DCToolbox

PowerShell Gallery link: https://www.powershellgallery.com/packages/DCToolbox

When you have installed it, to get started, run:

Get-DCHelp

Explore and copy script examples to your clipboard with:

Copy-DCExample

The examples includes instructions, guidance, complete scripts and snippets. You don’t need to invent the wheel again 🙂 As always, I recommend using Visual Studio Code for the best PowerShell action!

Summary

My goal is to provide a comprehensive set of PowerShell tools in a single module for your security, automation and zero trust needs. This module will be under constant development so make sure you update it on a regular basis (Update-Module DCToolbox) to receive the latest features and fixes.

Please follow me here, on LinkedIn and on Twitter!

@DanielChronlund

30 thoughts on “DCToolbox PowerShell Module for Microsoft 365 Security, Conditional Access Automation, and more

  1. I love the script, and can think of a number of uses for it to keep the system healthy.

    I did wonder though, what is the real use for the TOR network component? it doesnt feel like a suitable fit with all the other functions?

  2. Thank you Ivan!

    More is coming soon! I will add my different PoC attack tools to the module shortly. I use them to demonstrate the value of features like Azure AD Identity Protection, where anonymous IP is one of the threats it can protect you against. That’s where Tor comes in. Stay tuned!

  3. Thank you for your work. I can’t wait to use it. Do you have any idea why after running the install command nothing works? It prompts for my approval to install “All” and that completes. Then the commands will not run. They give the error “Get-DCHelp : The term ‘Get-DCHelp’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.”

  4. If I am invited as a Guest to another tenant and added to the global admin role in that tenant, what do I need to do to use your toolbox to export CA policies?

  5. There are limitations of what you can do with a guest account and PowerShell when it comes to Graph. I haven’t been able to make this work. Sorry.

  6. I created app registration with relevant delegated permissions and when running “New-DCConditionalAccessAssignmentReport” with an global admin user I’m getting:
    “Sorry, but we’re having trouble signing you in. AADSTS500113: No reply address is registered for the application.”

    Any idea what am I doing wrong?

  7. Hello Daniel ..

    I’m trying to use your tool and when i execute the “New-DCConditionalAccessPolicyDesignReport”

    I have this error ..

    VERBOSE: Generating Conditional Access policy design report…
    Invoke-RestMethod : The remote server returned an error: (404) Not Found.
    At C:\Program Files\WindowsPowerShell\Modules\DCToolbox\1.0.17\DCToolbox.psm1:895 char:29
    + … ryRequest = Invoke-RestMethod -Headers $HeaderParams -Uri $GraphUri – …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

    Not sure if can help to see what i’m doing wrong .. 🙂

  8. Hello Daniel
    I have this error when try to execute ”New-DCConditionalAccessPolicyDesignReport”
    Any idea what i’m doing wrong
    VERBOSE: Generating Conditional Access policy design report…
    Invoke-RestMethod : The remote server returned an error: (404) Not Found.
    At C:\Program Files\WindowsPowerShell\Modules\DCToolbox\1.0.17\DCToolbox.psm1:895 char:29
    + … ryRequest = Invoke-RestMethod -Headers $HeaderParams -Uri $GraphUri – …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

  9. Please try to update the module with Update-Module DCToolbox. I’ve recently released a new version with some bug fixes. I hope it helps!

  10. The ‘(404) Not Found’ error when running New-DCConditionalAccessAssignmentReport or New-DCConditionalAccessPolicyDesignReport is caused by issues with one or more Conditional Access policies. These need remediating before the scripts will complete. Edit each Conditional Access policy in turn. If any errors are found, such as deleted users being referenced, then you’ll be prompted to save the policy. You don’t need to remove the users manually – saving the policy with no changes will do this for you. Once done, the scripts should complete.

  11. Hi Daniel,

    I was able to export and import using the JSON file, I was also able to Export Conditional Access Assignment Report to Excel but, I’m also getting the same error with New-DCConditionalAccessPolicyDesignReport even after updating the module… Any idea?

  12. VERBOSE: Connecting to Microsoft Graph…
    VERBOSE: Generating Conditional Access policy design report…
    Invoke-RestMethod : The remote server returned an error: (404) Not Found.
    At C:\Program Files\WindowsPowerShell\Modules\DCToolbox\1.0.18\DCToolbox.psm1:895 char:29
    + … ryRequest = Invoke-RestMethod -Headers $HeaderParams -Uri $GraphUri – …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s