SARA.ps1

# This script contains functions used in Microsoft Support and Recovery Assistant (SARA)

# Jul 8th 2019
function Call-AnalysisAPI
{
    [cmdletbinding()]
    Param(
        [ValidateSet('userInfo','tenantInfo','cloudCheck')]
        [String]$Command,
        [Parameter(ParameterSetName='AccessToken', Mandatory=$True)]
        [String]$AccessToken
    )
    Process
    {
        $userName = (Read-Accesstoken $AccessToken).upn

        $uri = "https://api.diagnostics.office.com/v1/analysis"

        switch($Command)
        {
            "userInfo" 
            {
                $body=@"
                {
                    "DiagnosisInfo": {
                        "ARE.ExecutionEnviro": 5,
                        "ARE.LoginUser": {
                            "`$type": "Microsoft.Online.CSE.HRC.Analysis.Analyzers.Common.SaraLoginUser, Microsoft.Online.CSE.HRC.Analysis.Analyzers.Common",
                            "RecipientType": ""
                        },
                        "RemoteAnalyzerType": "Microsoft.Online.CSE.HRC.Analysis.Analyzers.ExchangeCmdlets.GetUserAnalyzer",
                        "AssemblyFile": "Microsoft.Online.CSE.HRC.Analysis.Analyzers.RemoteCmdlets.dll",
                        "Timeout": 120000,
                        "SmtpAddress": "$userName"
                    },
                    "AnalyzerId": "597b1b90-b4a8-4fa0-9ddb-dcd997f0b8c2"
                }
"@

            }
            "tenantInfo"
            {
                $body=@"
                {
                    "DiagnosisInfo": {
                        "SmtpAddress": "$userName",
                        "TenantServicePlan": "MicrosoftOffice",
                        "msauser": false,
                        "Client": "SARAClient",
                        "puid": "",
                        "correlationid": "$(New-Guid)",
                        "ARE.ExecutionEnviro": 5
                    },
                    "AnalyzerId": "64fc98c3-da51-41f0-9051-1fb5921deb95"
                }
"@

            }
            "cloudCheck"
            {
                $encryptedUserName = "" # Base64 encoded encrypted username
                $encryptedPassword = "" # Base64 encoded encrypted password
                $body=@"
                {
                    "UserSMTPEmail": "$userName",
                    "Symptom": "AuthEndpointCheck",
                    "RequestTimeoutInMs": 120000,
                    "Parameters": [{
                            "Name": "UserEnvironment",
                            "Value": "0",
                            "ComplianceClassification": "Identifiable"
                        }, {
                            "Name": "SmtpAddress",
                            "Value": "nestori.syynimaa@gerenios.com",
                            "ComplianceClassification": "Identifiable"
                        }, {
                            "Name": "UserAgent",
                            "Value": "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.11328; Pro; SaRA)",
                            "ComplianceClassification": "Identifiable"
                        }, {
                            "Name": "Cred",
                            "Value": "{\"UserName\":\"$encryptedUserName\",\"Password\":\"$encryptedPassword\",\"SecurePassword\":{\"Length\":344},\"Domain\":\"\"}",
                            "ComplianceClassification": "Identifiable"
                        }
                    ],
                    "ProductName": "Outlook",
                    "ProductVersion": "16.0.11328.20318",
                    "OperatingSystem": "Windows 10 Enterprise",
                    "OperatingSystemVersion": "10.0.17134.829",
                    "IsAuthenticated": false,
                    "IsInline": null,
                    "IsTest": null
                }
"@

                $uri = "https://api.diagnostics.office.com/v1/cloudcheck"
            }
        }
        
        $headers =@{
                "Content-Type" = "application/json;odata=verbose"
                "Authorization" = $(Create-AuthorizationHeader -AccessToken $AccessToken)
        }
        
        $reply = Invoke-RestMethod -Uri $uri -Method Post -Body $body -Headers $headers
        $sessionId = $reply.SessionId

        while($reply.RequestStatus -ne "Completed")
        {
            Write-Host "Retrieving information.."
            sleep -Seconds "2"
            $reply = Invoke-RestMethod -Uri "$uri/?id=$sessionId" -Method Get -Headers $headers
        }

        # Get the results
        $results = $reply.Result.Results[0]

        # Return
        $results
    }
}

# Jul 8th 2019
<#
    .SYNOPSIS
    Gets user information using SARA API
 
    .DESCRIPTION
    Gets user information using Microsoft Support and Recovery Assistant (SARA) API
 
    .Parameter AccessToken
    Access Token
 
    .Example
    $at=Get-AADIntAccessTokenForSARA
    PS C:\>Get-AADIntSARAUserInfo -AccessToken $at
 
    AnalyzerName : AnalysisRule, Microsoft.Online.CSE.HRC.Analysis.Analyzers.ExchangeCmdlets.GetUserAnalyzer, Microsoft.Online.CSE.HRC.Analysis.Analyzers.ExchangeCmdlets, Version=16.0.3144.0, Culture=
                            neutral, PublicKeyToken=31bf3856ad364e35
    AnalyzerDesc : Attempting to get information about user "user@company.com".
    StartTime : 2019-07-08T12:29:40.4911399Z
    Duration : 00:00:51.1166849
    CoreDuration : 00:00:51.1166849
    WaitingDuration : 00:00:00
    TotalChildrenDuration : 00:00:00
    TotalWaitingDuration : 00:00:00
    ParentId : 00000000-0000-0000-0000-000000000000
    Value : true
    ResultTitle : Extracting information about Office 365 user is completed.
    ResultTitleId : Microsoft.Online.CSE.HRC.Analysis.Analyzers.ExchangeCmdlets.StringsGetUserComplete
    UserMessage : Successfully got the user information for "user@company.com".
    UserMessageId : Microsoft.Online.CSE.HRC.Analysis.Analyzers.ExchangeCmdlets.StringsGetUserSuccessDesc
    AdminMessage :
    SupportMessage :
    IsMessageShown : False
    GenericInfo :
    Severity : 2
    OverridesChildren : False
    ProblemId : 00000000-0000-0000-0000-000000000000
    TimeCached : 0001-01-01T00:00:00
    SaraSymptomId : 00000000-0000-0000-0000-000000000000
    SaraWorkflowRunId : 00000000-0000-0000-0000-000000000000
    SaraSymptomRunId : 00000000-0000-0000-0000-000000000000
    SaraSessionId : 00000000-0000-0000-0000-000000000000
    Id : d5b4c239-7619-4367-9ccb-e9fe2fe01e23
 
    DisplayName : Demo USer
    FirstName : Demo
    Guid : 67a93665-decb-4058-b42a-271d41c47c61
    Id :
    Identity : EURP185A001.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/demoo365life4.onmicrosoft.com/AdminO365life
    IsDirSynced : False
    IsValid : True
    LastName : User
    MicrosoftOnlineServicesID : user@company.com
    Name : DemoUser
    NetID : 401320004BA7A415
    RecipientType : UserMailbox
    RecipientTypeDetails : UserMailbox
    UserPrincipalName : user@company.com
    WindowsEmailAddress : user@company.com
    WindowsLiveID : user@company.com
    IsHybridTenant : False
    Forest : EURP185.PROD.OUTLOOK.COM
#>

function Get-SARAUserInfo
{
    [cmdletbinding()]
    Param(
        [Parameter(ParameterSetName='AccessToken', Mandatory=$True)]
        [String]$AccessToken
    )
    Process
    {
        # Get the results
        $results = Call-AnalysisAPI -Command userInfo -AccessToken $AccessToken
                
        # Extract the user info
        $userInfo = ([xml]$results.SupportMessage).UserInfo
        $results.SupportMessage=""
        
        $results
        $userInfo
        
    }
}

<#
    .SYNOPSIS
    Gets tenant information using SARA API
 
    .DESCRIPTION
    Gets tenant information using Microsoft Support and Recovery Assistant (SARA) API
 
    .Parameter AccessToken
    Access Token
 
    .Example
    $at=Get-AADIntAccessTokenForSARA
    PS C:\>Get-AADIntSARATenantInfo -AccessToken $at
 
    AnalyzerName : AnalysisRule, Microsoft.Online.CSE.HRC.Analysis.Analyzers.TenantInfo.TenantUserInfoAnalyzer, Microsoft.Online.CSE.HRC.Analysis.Analyzers.TenantInfo, Version=16.0.3144.0, Culture=neu
                            tral, PublicKeyToken=31bf3856ad364e35
    AnalyzerDesc : Checking your tenant and account information.
    StartTime : 2019-07-08T12:31:06.1602586Z
    Duration : 00:00:00.6250818
    CoreDuration : 00:00:00.6250818
    WaitingDuration : 00:00:00
    TotalChildrenDuration : 00:00:00
    TotalWaitingDuration : 00:00:00
    ParentId : 00000000-0000-0000-0000-000000000000
    Value : true
    ResultTitle : The licenses of your tenant and account are all good!
    ResultTitleId : Microsoft.Online.CSE.HRC.Analysis.Analyzers.TenantInfo.StringsGetTenantInfoSuccess
    UserMessage :
    UserMessageId :
    AdminMessage :
    SupportMessage : <Setup><ProductId>O365ProPlusRetail</ProductId><ReleaseTrack>False</ReleaseTrack></Setup>
    IsMessageShown : False
    GenericInfo : User Puid is not null or empty.OrgIg_User<TenantUserInfo><IsLicensed>True</IsLicensed><ProvisioningStatus>PendingInput</ProvisioningStatus><PreferredLanguage>en</PreferredLanguage/>
                            <ValidationStatus>Healthy</ValidationStatus><ReleaseTrack>Other</ReleaseTrack><LicenseInformations><LicenseInformation><SKUPartNumber>SPE_E5</SKUPartNumber><ServiceStatus><ServiceTy
                            pe>Exchange</ServiceType><ServiceName>INFORMATION_BARRIERS</ServiceName><ProvisioningStatus>PendingProvisioning</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Micro
                            softKaizala</ServiceType><ServiceName>KAIZALA_STANDALONE</ServiceName><ProvisioningStatus>PendingProvisioning</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Bing</S
                            erviceType><ServiceName>MICROSOFT_SEARCH</ServiceName><ProvisioningStatus>PendingProvisioning</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><
                            ServiceName>PREMIUM_ENCRYPTION</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>WhiteboardServices</ServiceType><ServiceName>
                            WHITEBOARD_PLAN3</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>MIP_S_CLP2</ServiceName>
                            <ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>MIP_S_CLP1</ServiceName><ProvisioningStatus>Success</P
                            rovisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>MYANALYTICS_P2</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></Servic
                            eStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>PAM_ENTERPRISE</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><Se
                            rviceType>AzureAdvancedThreatAnalytics</ServiceType><ServiceName>ATA</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>To-Do<
                            /ServiceType><ServiceName>BPOS_S_TODO_3</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>ProcessSimple</ServiceType><ServiceN
                            ame>FLOW_O365_P3</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>PowerAppsService</ServiceType><ServiceName>POWERAPPS_O365_P
                            3</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>OfficeForms</ServiceType><ServiceName>FORMS_PLAN_E5</ServiceName><Provisio
                            ningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Adallom</ServiceType><ServiceName>ADALLOM_S_STANDALONE</ServiceName><ProvisioningStatus>Disabled</
                            ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>MicrosoftStream</ServiceType><ServiceName>STREAM_O365_E5</ServiceName><ProvisioningStatus>Success</ProvisioningStatus>
                            </ServiceStatus><ServiceStatus><ServiceType>Deskless</ServiceType><ServiceName>Deskless</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><
                            ServiceType>Exchange</ServiceType><ServiceName>THREAT_INTELLIGENCE</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Teamspace
                            API</ServiceType><ServiceName>TEAMS1</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>WindowsDefenderATP</ServiceType><Servic
                            eName>WINDEFATP</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Windows</ServiceType><ServiceName>WIN10_PRO_ENT_SUB</Service
                            Name><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>RMSOnline</ServiceType><ServiceName>RMS_S_PREMIUM2</ServiceName><ProvisioningStatus>
                            Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>AADPremiumService</ServiceType><ServiceName>AAD_PREMIUM_P2</ServiceName><ProvisioningStatus>Disabled</Provis
                            ioningStatus></ServiceStatus><ServiceStatus><ServiceType>RMSOnline</ServiceType><ServiceName>RMS_S_PREMIUM</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceSta
                            tus><ServiceStatus><ServiceType>RMSOnline</ServiceType><ServiceName>RMS_S_ENTERPRISE</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><Se
                            rviceType>MultiFactorService</ServiceType><ServiceName>MFA_PREMIUM</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>SCO</Ser
                            viceType><ServiceName>INTUNE_A</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>AADPremiumService</ServiceType><ServiceName>
                            AAD_PREMIUM</ServiceName><ProvisioningStatus>Disabled</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>YammerEnterprise</ServiceType><ServiceName>YAMMER_ENTERPRISE</S
                            erviceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Sway</ServiceType><ServiceName>SWAY</ServiceName><ProvisioningStatus>Success</
                            ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>SharePoint</ServiceType><ServiceName>SHAREPOINTWAC</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></Serv
                            iceStatus><ServiceStatus><ServiceType>SharePoint</ServiceType><ServiceName>SHAREPOINTENTERPRISE</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><Service
                            Status><ServiceType>ProjectWorkManagement</ServiceType><ServiceName>PROJECTWORKMANAGEMENT</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus
                            ><ServiceType>MicrosoftOffice</ServiceType><ServiceName>OFFICESUBSCRIPTION</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>M
                            icrosoftCommunicationsOnline</ServiceType><ServiceName>MCOSTANDARD</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Microsoft
                            CommunicationsOnline</ServiceType><ServiceName>MCOMEETADV</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>MicrosoftCommunica
                            tionsOnline</ServiceType><ServiceName>MCOEV</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceNa
                            me>LOCKBOX_ENTERPRISE</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>SCO</ServiceType><ServiceName>INTUNE_O365</ServiceName
                            ><ProvisioningStatus>PendingActivation</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>EXCHANGE_S_ENTERPRISE</ServiceName><Provisi
                            oningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>EXCHANGE_ANALYTICS</ServiceName><ProvisioningStatus>Success</P
                            rovisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>EQUIVIO_ANALYTICS</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></Ser
                            viceStatus><ServiceStatus><ServiceType>PowerBI</ServiceType><ServiceName>BI_AZURE_P2</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><Ser
                            viceType>Exchange</ServiceType><ServiceName>ATP_ENTERPRISE</ServiceName><ProvisioningStatus>PendingProvisioning</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>Adall
                            om</ServiceType><ServiceName>ADALLOM_S_O365</ServiceName><ProvisioningStatus>PendingInput</ProvisioningStatus></ServiceStatus></LicenseInformation><LicenseInformation><SKUPartNumber
                            >EMSPREMIUM</SKUPartNumber><ServiceStatus><ServiceType>Exchange</ServiceType><ServiceName>EXCHANGE_S_FOUNDATION</ServiceName><ProvisioningStatus>PendingProvisioning</ProvisioningSta
                            tus></ServiceStatus><ServiceStatus><ServiceType>AzureAdvancedThreatAnalytics</ServiceType><ServiceName>ATA</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStat
                            us><ServiceStatus><ServiceType>Adallom</ServiceType><ServiceName>ADALLOM_S_STANDALONE</ServiceName><ProvisioningStatus>PendingInput</ProvisioningStatus></ServiceStatus><ServiceStatu
                            s><ServiceType>RMSOnline</ServiceType><ServiceName>RMS_S_PREMIUM2</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>RMSOnline<
                            /ServiceType><ServiceName>RMS_S_PREMIUM</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>RMSOnline</ServiceType><ServiceName>
                            RMS_S_ENTERPRISE</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>SCO</ServiceType><ServiceName>INTUNE_A</ServiceName><Provis
                            ioningStatus>PendingInput</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>AADPremiumService</ServiceType><ServiceName>AAD_PREMIUM_P2</ServiceName><ProvisioningStatus
                            >Success</ProvisioningStatus></ServiceStatus><ServiceStatus><ServiceType>MultiFactorService</ServiceType><ServiceName>MFA_PREMIUM</ServiceName><ProvisioningStatus>Success</Provision
                            ingStatus></ServiceStatus><ServiceStatus><ServiceType>AADPremiumService</ServiceType><ServiceName>AAD_PREMIUM</ServiceName><ProvisioningStatus>Success</ProvisioningStatus></ServiceS
                            tatus></LicenseInformation></LicenseInformations></TenantUserInfo>
    Severity : 2
    OverridesChildren : False
    ProblemId : 00000000-0000-0000-0000-000000000000
    TimeCached : 0001-01-01T00:00:00
    SaraSymptomId : 00000000-0000-0000-0000-000000000000
    SaraWorkflowRunId : 00000000-0000-0000-0000-000000000000
    SaraSymptomRunId : 00000000-0000-0000-0000-000000000000
    SaraSessionId : 00000000-0000-0000-0000-000000000000
    Id : 81157ffa-d946-4bf8-8d6e-a391b96e4bf6
#>

# Jul 8th 2019
function Get-SARATenantInfo
{
    [cmdletbinding()]
    Param(
        [Parameter(ParameterSetName='AccessToken', Mandatory=$True)]
        [String]$AccessToken
    )
    Process
    {
        # Get the results
        $results = Call-AnalysisAPI -Command tenantInfo -AccessToken $AccessToken
     
        $results
        
    }
}

# Jul 8th 2019
function Get-SARAAuthInfo
{
    [cmdletbinding()]
    Param(
        [Parameter(ParameterSetName='AccessToken', Mandatory=$True)]
        [String]$AccessToken
    )
    Process
    {
        # Get the results
        $results = Call-AnalysisAPI -Command cloudCheck -AccessToken $AccessToken
                
        # Extract the user info
        #$userInfo = ([xml]$results.SupportMessage).UserInfo
        #$results.SupportMessage=""
        
        $results
        #$userInfo
        
    }
}