JyskIT.Automation

0.6.8

Public/TenantConfiguration/Baseline/Add-EOPPolicies.ps1

                                function Add-EOPPolicies {

    param(

        [Parameter(Mandatory)]

        [string]$TenantId

    )

    try {

        Connect-CustomerExchange -CustomerTenantId $TenantId

        # Quarantine Policies and notifications

        $QuarantinePolicies = Get-QuarantinePolicy

        $QuarantinePolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\QuarantinePolicies" -Filter *.json

        foreach($QuarantinePolicyFile in $QuarantinePolicyFiles) {

            $QuarantinePolicy = Get-Content -Path $QuarantinePolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable

            if($QuarantinePolicies.Identity -contains $QuarantinePolicy.Name) {

                Write-Host "Quarantine policy '$($QuarantinePolicy.Name)' already exists, not creating.." -ForegroundColor Yellow

            }

            else {

                # If "DefaultGlobalTag" (used for global settings)

                if($QuarantinePolicyFile.BaseName -eq "GlobalQuarantinePolicy") {

                    $DefaultDomainName = Get-AcceptedDomain | Where-Object { $_.Default -eq $true } | Select-Object -ExpandProperty DomainName

                    $QuarantinePolicy.EndUserSpamNotificationCustomFromAddress = "quarantine@$($DefaultDomainName)"

                    # Force create global policy if hasn't been updated manually

                    $GlobalQuarantinePolicy = New-QuarantinePolicy -QuarantinePolicyType GlobalQuarantineTag -Name "DefaultGlobalTag" -ErrorAction SilentlyContinue

                    $GlobalQuarantinePolicy = Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy

                    $GlobalQuarantinePolicy | Set-QuarantinePolicy @QuarantinePolicy

                    Write-Host "Updated global quarantine policy." -ForegroundColor Green

                } else {

                    # Parse the quarantine permissions

                    $RegexMatches = [regex]::Matches($QuarantinePolicy.EndUserQuarantinePermissions, '\b(\w+)\s*:\s*(\w+)\b')

                    $QuarantinePermissions = @{}

                    foreach ($match in $RegexMatches) {

                        $key = $match.Groups[1].Value.TrimStart('n')

                        $value = if ($match.Groups[2].Value -eq "True") { $true } else { $false }

                        $QuarantinePermissions[$key] = $value

                    }              

                    $QuarantinePolicy.EndUserQuarantinePermissions = New-QuarantinePermissions @QuarantinePermissions

                    $QuarantinePolicy = New-QuarantinePolicy @QuarantinePolicy

                    Write-Host "Created quarantine policy '$($QuarantinePolicy.Name)'." -ForegroundColor Green

                }

            }

        }

        # Anti-phishing policies

        $AntiPhishingPolicies = Get-AntiPhishPolicy 

        $AntiPhishingPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiPhishingPolicies" -Filter *.json

        foreach($AntiPhishingPolicyFile in $AntiPhishingPolicyFiles) {

            $AntiPhishingPolicy = Get-Content -Path $AntiPhishingPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable

            if($AntiPhishingPolicies.Identity -contains $AntiPhishingPolicy.Name) {

                Write-Host "Anti-phishing policy '$($AntiPhishingPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow

            }

            else {

                $AntiPhishingPolicy = New-AntiPhishPolicy @AntiPhishingPolicy

                Write-Host "Created anti-phishing policy '$($AntiPhishingPolicy.Name)'." -ForegroundColor Green

            }

        }

        # Anti-spam (inbound) policies

        $AntiSpamInboundPolicies = Get-HostedContentFilterPolicy

        $AntiSpamInboundPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiSpamInboundPolicies" -Filter *.json

        foreach($AntiSpamInboundPolicyFile in $AntiSpamInboundPolicyFiles) {

            $AntiSpamInboundPolicy = Get-Content -Path $AntiSpamInboundPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable

            if($AntiSpamInboundPolicies.Identity -contains $AntiSpamInboundPolicy.Name) {

                Write-Host "Anti-spam (inbound) policy '$($AntiSpamInboundPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow

            }

            else {

                $AntiSpamInboundPolicy = New-HostedContentFilterPolicy @AntiSpamInboundPolicy

                $AntiSpamInboundPolicy | Set-HostedContentFilterPolicy -MakeDefault:$true

                Write-Host "Created anti-spam (inbound) policy '$($AntiSpamInboundPolicy.Name)'." -ForegroundColor Green

            }

        }

        # Anti-spam (outbound) policies

        $AntiSpamOutboundPolicies = Get-HostedOutboundSpamFilterPolicy

        $AntiSpamOutboundPolicyFiles = Get-ChildItem -Path "$PSScriptRoot\EOPPolicies\AntiSpamOutboundPolicies" -Filter *.json

        foreach($AntiSpamOutboundPolicyFile in $AntiSpamOutboundPolicyFiles) {

            $AntiSpamOutboundPolicy = Get-Content -Path $AntiSpamOutboundPolicyFile.FullName | ConvertFrom-Json -Depth 100 -AsHashtable

            if($AntiSpamOutboundPolicies.Identity -contains $AntiSpamOutboundPolicy.Name) {

                Write-Host "Anti-spam (outbound) policy '$($AntiSpamOutboundPolicy.Name)' already exists, not creating.." -ForegroundColor Yellow

            }

            else {

                # New can't be created, does not work correctly. Have to edit the default one.

                $DefaultAntiSpamOutboundPolicy = Get-HostedOutboundSpamFilterPolicy -Identity "Default"

                $DefaultAntiSpamOutboundPolicy | Set-HostedOutboundSpamFilterPolicy @AntiSpamOutboundPolicy

                Write-Host "Modified default anti-spam (outbound) policy '$($DefaultAntiSpamOutboundPolicy.Name)'." -ForegroundColor Green

            }

        }

    }

    catch {

        throw "Failed to create Exchange Online Protection (EOP) policies: $_"

    }

}