
     Created with: SAPIEN Technologies, Inc., PowerShell Studio
     Created on: 10/26/2023 7:46 PM
     Created by:
     Organization: MyPSFunctions
     Filename: MyPSFunctions.MgGraph.psm1
     Module Name: MyPSFunctions.MgGraph

#region Basics
############################## Basics ################

Function Find-MgScopesOfCMDlet
        [Parameter(Mandatory = $true,
                   Position = 1)]
    Find-MgGraphCommand -Command $CMDlet | Select -First 1 -ExpandProperty Permissions
Function Get-MgToken
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Mandatory = $true,
                   Position = 2)]
        [Parameter(Mandatory = $true,
                   Position = 3)]
    # Construct URI and body needed for authentication
    $URI = "" + $TenantID + "/oauth2/v2.0/token"
    $Body = @{
        Grant_Type    = "client_credentials"
        Scope          = ""
        Client_Id      = $AppID
        Client_Secret = $AppSecret
    # Get OAuth 2.0 Token
    $connection = Invoke-RestMethod -Uri $URI -Method POST -Body $body
    # Unpack Access Token
    $Token = $connection.access_token
    Return $Token
Function Check-MgADConnectLastSync
    $MgOrganization = Get-MgOrganization | select OnPremisesLastSyncDateTime
    $Time = $MgOrganization.OnPremisesLastSyncDateTime
    $NextTime = $Time.Addminutes(30)
    $ToTimeZoneObj = [system.timezoneinfo]::GetSystemTimeZones() | Where-Object { $ -eq "Eastern Standard Time" }
    $TargetZoneTime = [system.timezoneinfo]::ConvertTime($Time, $ToTimeZoneObj)
    $NextTargetZoneTime = [system.timezoneinfo]::ConvertTime($NextTime, $ToTimeZoneObj)
    Write-host "The Last Synchronization was : " -NoNewline; Write-host "$TargetZoneTime" -ForegroundColor Green
    Write-host "The Next Synchronization will be at : " -NoNewline; Write-host "$NextTargetZoneTime" -ForegroundColor Yellow

#region Users
###################### Users ########################
Function Manage-MgGroupMemberUsingCSV
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [ValidateSet('UPN', 'Mail')]
        [Parameter(Mandatory = $true,
                   Position = 2)]
        [ValidateSet('Add', 'Remove')]
        [Parameter(Mandatory = $true,
                   Position = 3)]
        [Parameter(Mandatory = $true,
                   Position = 4)]
    # Connect to MgGraph
        Write-Log warning -Message "The script try to connect to MgGraph"
        Connect-MgGraph -Scopes GroupMember.ReadWrite.All, User.ReadWrite.All
        Write-Log Info -Message "The script connected successfully"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to connect to MgGraph"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    # Find the Group ID of the security group
        Write-Log warning -Message "The script is searching for group ID of: $GroupName "
        $MgGroup = Get-MgGroup -Filter "displayName eq '$GroupName'"
        If ($MgGroup)
            $MgGroupID = $MgGroup.Id
            Write-Log Info -Message "The script find the GroupID: $MgGroupID"
            Write-Log Info -Message "The script did not find the GroupID"
            Read-Host "The script will stop"
            # Exit the script
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find $GroupName ID"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    # Import CSV File
        Read-Host "Expected CSV Column: UserID"
        $Users = Import-Csv $CSVFile
        Write-Log -Level INFO -Message "The script import successfully :$CSVFile"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log -Level Error -Message "Failed to import $CSVFile "
        Write-Log -Level Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log -Level Error -Message "Failed with Error:$ErrorMessage"
        Write-Log -Level Error -Message "The Script will stop"
        # Exit the script
        Read-Host "End of Script"
    #Initiate the Hash Table
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($Users | Measure).count
    # Loop through each user in the CSV file, get their user ID, and add them to the group
    switch ($Action)
            switch ($UserID)
                    foreach ($user in $Users)
                        $User_UserID = $Null
                        $User_UserID = $user.UserID
                        Write-Log warning -Message "The script is searching for $User_UserID ID --- $i/$Count"
                        $MgUserId = $Null
                        $MgUserId = (Get-MgUser -Filter "userPrincipalName eq '$($User_UserID)'").Id
                        If ($MgUserId)
                            Write-Log info -Message "The script found $User_UserID Id: $MgUserId"
                            $StatusFoundMgUserID = "Yes"
                                Write-Log warning -Message "The script is adding $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                New-MgGroupMember -GroupId $MgGroupID -DirectoryObjectId $MgUserId
                                Write-Log Info -Message "The script added $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                $StatusAddToGroup = "Yes"
                                $ErrorMessage = $Error[0].Exception.Message
                                $CMDLet = $Error[0].InvocationInfo.Line
                                $FailedItem = $Error[0].Exception.ItemName
                                Write-Log Error -Message "Failed to add $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                                $StatusAddToGroup = "Fail with Error: $ErrorMessage"
                            $StatusFoundMgUserID = "No"
                            $StatusAddToGroup = "Not Found"
                        $Table += New-object PSobject -Property ([Ordered] @{
                                UserId          = $User_UserID;
                                MgUserId      = $MgUserId;
                                FoundMgUserID = $StatusFoundMgUserID;
                                GroupName      = $GroupName;
                                MgGroupID      = $MgGroupID;
                                AddToGroup    = $StatusAddToGroup;
                    foreach ($user in $Users)
                        $User_UserID = $Null
                        $User_UserID = $user.UserID
                        Write-Log warning -Message "The script is searching for $User_UserID ID --- $i/$Count"
                        $MgUserId = $Null
                        $MgUserId = (Get-MgUser -Filter "mail eq '$($User_UserID)'").Id
                        If ($MgUserId)
                            Write-Log info -Message "The script ifound $User_UserID Id: $MgUserId"
                            $StatusFoundMgUserID = "Yes"
                                Write-Log warning -Message "The script is adding $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                New-MgGroupMember -GroupId $MgGroupID -DirectoryObjectId $MgUserId
                                Write-Log Info -Message "The script added $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                $StatusAddToGroup = "Yes"
                                $ErrorMessage = $Error[0].Exception.Message
                                $CMDLet = $Error[0].InvocationInfo.Line
                                $FailedItem = $Error[0].Exception.ItemName
                                Write-Log Error -Message "Failed to add $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                                $StatusAddToGroup = "Fail with Error: $ErrorMessage"
                            $StatusFoundMgUserID = "No"
                            $StatusAddToGroup = "Not Found"
                        $Table += New-object PSobject -Property ([Ordered] @{
                                UserId          = $User_UserID;
                                MgUserId      = $MgUserId;
                                FoundMgUserID = $StatusFoundMgUserID;
                                GroupName      = $GroupName;
                                MgGroupID      = $MgGroupID;
                                AddToGroup    = $StatusAddToGroup;
                    Write-Log Error -Message "Not a valid UserID"
                    Read-Host "The script will stop"
                    # Exit the script
            switch ($UserID)
                    foreach ($user in $Users)
                        $User_UserID = $Null
                        $User_UserID = $user.UserID
                        Write-Log warning -Message "The script is searching for $User_UserID ID --- $i/$Count"
                        $MgUserId = $Null
                        $MgUserId = (Get-MgUser -Filter "userPrincipalName eq '$($User_UserID)'").Id
                        If ($MgUserId)
                            Write-Log info -Message "The script found $User_UserID Id: $MgUserId"
                            $StatusFoundMgUserID = "Yes"
                                Write-Log warning -Message "The script is removing $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Remove-MgGroupMemberByRef -GroupId $MgGroupID -DirectoryObjectId $MgUserId
                                Write-Log Info -Message "The script removed $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                $StatusRemoveToGroup = "Yes"
                                $ErrorMessage = $Error[0].Exception.Message
                                $CMDLet = $Error[0].InvocationInfo.Line
                                $FailedItem = $Error[0].Exception.ItemName
                                Write-Log Error -Message "Failed to remove $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                                $StatusRemoveToGroup = "Fail with Error: $ErrorMessage"
                            $StatusFoundMgUserID = "No"
                            $StatusRemoveToGroup = "Not Found"
                        $Table += New-object PSobject -Property ([Ordered] @{
                                UserId          = $User_UserID;
                                MgUserId      = $MgUserId;
                                FoundMgUserID = $StatusFoundMgUserID;
                                GroupName      = $GroupName;
                                MgGroupID      = $MgGroupID;
                                RemoveToGroup = $StatusRemoveToGroup;
                    foreach ($user in $Users)
                        $User_UserID = $Null
                        $User_UserID = $user.UserID
                        Write-Log warning -Message "The script is searching for $User_UserID ID --- $i/$Count"
                        $MgUserId = $Null
                        $MgUserId = (Get-MgUser -Filter "mail eq '$($User_UserID)'").Id
                        If ($MgUserId)
                            Write-Log info -Message "The script found $User_UserID Id: $MgUserId"
                            $StatusFoundMgUserID = "Yes"
                                Write-Log warning -Message "The script is removing $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Remove-MgGroupMemberByRef -GroupId $MgGroupID -DirectoryObjectId $MgUserId
                                Write-Log Info -Message "The script removed $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                $StatusRemoveToGroup = "Yes"
                                $ErrorMessage = $Error[0].Exception.Message
                                $CMDLet = $Error[0].InvocationInfo.Line
                                $FailedItem = $Error[0].Exception.ItemName
                                Write-Log Error -Message "Failed to remove $User_UserID ($MgUserId) to $GroupName ($MgGroupID)"
                                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                                $StatusRemoveToGroup = "Fail with Error: $ErrorMessage"
                            $StatusFoundMgUserID = "No"
                            $StatusRemoveToGroup = "Not Found"
                        $Table += New-object PSobject -Property ([Ordered] @{
                                UserId          = $User_UserID;
                                MgUserId      = $MgUserId;
                                FoundMgUserID = $StatusFoundMgUserID;
                                GroupName      = $GroupName;
                                MgGroupID      = $MgGroupID;
                                RemoveToGroup = $StatusRemoveToGroup;
                    Write-Log Error -Message "Not a valid UserID"
                    Read-Host "The script will stop"
                    # Exit the script
            Write-Log Error -Message "Not a valid Action"
            Read-Host "The script will stop"
            # Exit the script
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_" + $Action + "_" + $GroupName + "_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "GroupMembershipUpdate" -Title "Group Membership Update" -TitleBold -WorksheetName "GroupMembershipUpdate" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"
Function Generate-MgRevokeSessionReport
    param ()
    # Connect to Microsoft Graph
    #Connect-MgGraph -Scopes "AuditLog.Read.All"
    # Define the activity to filter (use single quotes around the value in the filter)
    $filterActivity = "ActivityDisplayName eq 'Update StsRefreshTokenValidFrom Timestamp'"
    # Retrieve audit logs with the specified filter
    $AuditLogs = Get-MgAuditLogDirectoryAudit -Filter $filterActivity -All -property ActivityDateTime, InitiatedBy, TargetResources, ActivityDisplayName, OperationType, Result
    #Initiate the Hash Table
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($AuditLogs | Measure).count
    ForEach ($AuditLog in $AuditLogs)
        $ActivityDateTime = $Null
        $ActivityDateTime = $AuditLog.ActivityDateTime
        $InitiatedBy = $Null
        If ($AuditLog.InitiatedBy.User.UserprincipalName)
            $InitiatedBy = $AuditLog.InitiatedBy.User.UserprincipalName
            $InitiatedBy = $AuditLog.InitiatedBy.App.AppDisplayName
        $TargetResources = $Null
        $TargetResources = $AuditLog.TargetResources
        $ActivityDisplayName = $Null
        $ActivityDisplayName = $AuditLog.ActivityDisplayName
        $OperationType = $Null
        $OperationType = $AuditLog.OperationType
        $Result = $Null
        $Result = $AuditLog.Result
        foreach ($TargetResource in $TargetResources)
            $TargetResource_UserPrincipalName = $null
            $TargetResource_UserPrincipalName = $TargetResource.UserPrincipalName
            $TargetResource_Id = $null
            $TargetResource_Id = $TargetResource.Id
            $MgUser = $Null
            $MgUser = Get-MgUser -UserID $TargetResource_Id
            $TargetResource_DisplayName = $Null
            $TargetResource_DisplayName = $MgUser.DisplayName
            $TargetResource_Mail = $Null
            $TargetResource_Mail = $MgUser.Mail
            $Table += New-object PSobject -Property ([Ordered] @{
                    ActivityDateTime                 = $ActivityDateTime;
                    InitiatedBy                         = $InitiatedBy;
                    Result                             = $Result;
                    ActivityDisplayName                 = $ActivityDisplayName;
                    OperationType                     = $OperationType;
                    TargetResource_DisplayName         = $TargetResource_DisplayName;
                    TargetResource_UserPrincipalName = $TargetResource_UserPrincipalName;
                    TargetResource_Mail                 = $TargetResource_Mail;
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_RevokeSession_AllUsers_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "RevokeSessionAllUsers" -Title "Revoke Session All Users" -TitleBold -WorksheetName "RevokeSessionAllUsers" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"
Function Generate-MgUserMFAEnrollReport
    param ()
    # Connect to MgGraph
        Write-Log warning -Message "The script will try to connect to MgGraph"
        Connect-MgGraph -NoWelcome -Scopes AuditLog.Read.All, Directory.Read.All, UserAuthenticationMethod.Read.All, Policy.ReadWrite.AuthenticationMethod, UserAuthenticationMethod.ReadWrite.All
        Write-Log Info -Message "The scriptsuccesful connected to MgGraph"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to connect to MgGraph"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    #Retreive MFA Enrollment Status
        Write-Log warning -Message "The script retreive MFA enrollment Data"
        $AllMFAEnrollmentData = Get-MgReportAuthenticationMethodUserRegistrationDetail -All
        Write-Log Info -Message "The script successfully retreive MFA enrollment Data"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to retreive MFA enrollment Data"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    # Retreive User information
    # Initiate the Hash Table
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($AllMFAEnrollmentData | Measure).count
    ForEach ($UserMFAEnrollment in $AllMFAEnrollmentData)
        $User_UserPrincipalName = $Null
        $User_UserPrincipalName = $UserMFAEnrollment.UserPrincipalName
        $User_Id = $Null
        $User_Id = $UserMFAEnrollment.Id
        $User_IsAdmin = $Null
        $User_IsAdmin = $UserMFAEnrollment.IsAdmin
        $User_IsMfaCapable = $Null
        $User_IsMfaCapable = $UserMFAEnrollment.IsMfaCapable
        $User_IsMfaRegistered = $Null
        $User_IsMfaRegistered = $UserMFAEnrollment.IsMfaRegistered
        $User_IsPasswordlessCapable = $Null
        $User_IsPasswordlessCapable = $UserMFAEnrollment.IsPasswordlessCapable
        $User_IsSsprCapable = $Null
        $User_IsSsprCapable = $UserMFAEnrollment.IsSsprCapable
        $User_IsSsprEnabled = $Null
        $User_IsSsprEnabled = $UserMFAEnrollment.IsSsprEnabled
        $User_IsSsprRegistered = $Null
        $User_IsSsprRegistered = $UserMFAEnrollment.IsSsprRegistered
        $User_IsSystemPreferredAuthenticationMethodEnabled = $Null
        $User_IsSystemPreferredAuthenticationMethodEnabled = $UserMFAEnrollment.IsSystemPreferredAuthenticationMethodEnabled
        $User_LastUpdatedDateTime = $Null
        $User_LastUpdatedDateTime = $UserMFAEnrollment.LastUpdatedDateTime
        $User_MethodsRegistered = $Null
        $User_MethodsRegistered = $UserMFAEnrollment.MethodsRegistered -join "-"
        $User_SystemPreferredAuthenticationMethods = $Null
        $User_SystemPreferredAuthenticationMethods = $UserMFAEnrollment.SystemPreferredAuthenticationMethods -join "-"
        $User_UserPreferredMethodForSecondaryAuthentication = $Null
        $User_UserPreferredMethodForSecondaryAuthentication = $UserMFAEnrollment.UserPreferredMethodForSecondaryAuthentication
        Write-log Warning -message "The script is analyzing $User_UserPrincipalName ….. --- $i/$Count"
        $Table += New-object PSobject -Property ([Ordered] @{
                UserPrincipalName                              = $User_UserPrincipalName;
                User_Id                                          = $User_Id;
                IsAdmin                                          = $User_IsAdmin;
                IsMfaCapable                                  = $User_IsMfaCapable;
                IsMfaRegistered                                  = $User_IsMfaRegistered;
                IsPasswordlessCapable                          = $User_IsPasswordlessCapable;
                IsSsprCapable                                  = $User_IsSsprCapable;
                IsSsprEnabled                                  = $User_IsSsprEnabled;
                IsSsprRegistered                              = $User_IsSsprRegistered;
                IsSystemPreferredAuthenticationMethodEnabled  = $User_IsSystemPreferredAuthenticationMethodEnabled;
                MethodsRegistered                              = $User_MethodsRegistered;
                SystemPreferredAuthenticationMethods          = $User_SystemPreferredAuthenticationMethods;
                UserPreferredMethodForSecondaryAuthentication = $User_UserPreferredMethodForSecondaryAuthentication;
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_AllUsersMFAEnrollment_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "MFAEnrollment" -Title "All Users MFA Enrollment" -TitleBold -WorksheetName "MFAEnrollment" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"
Function Create-MgUserUsingCSVFile
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Mandatory = $true,
                   Position = 2)]
        [Parameter(Mandatory = $true,
                   Position = 3)]

    #################################################################### Variable #####################################################################
    $Date = get-date -UFormat %d%m%Y
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ServerName = [Environment]::MachineName
    ###### Create Root Folder
    $RootFolder = $psscriptRoot + "\Create_MgUsers"
    ###### Create folder Variable
    $LogPathFolder = $RootFolder + "\Log\"
    $LogFile = $LogPathFolder + "Progress_" + $Date + ".log"
    $ReportPathFolder = $RootFolder + "\Reports\"
    $ReportFilexlsx = $ReportPathFolder + "\Report_Users_Creation_" + $DateFull + ".xlsx"
    ###### Create Folder
    Create-Folder $RootFolder
    Create-Folder $LogPathFolder
    Create-Folder $ReportPathFolder
    $Transcript_File = $LogPathFolder + "Transcript_" + $Date + ".txt"
    Start-Transcript -Path $Transcript_File -Append -Force
    ########### Initiate the Process log file when the script started ############
    $Initiat_LogA = "#################### starting the Script #####################"
    $Startat = "### The Script has been launch at $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")"
    $Startwith = "The Script has been start with the following Account:" + [Environment]::UserName
    $Starton = "The Script has been start on the following Computer:" + [Environment]::MachineName
    $Initiat_LogB = "##############################################################"
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogA | Out-File -FilePath $LogFile -Append
    $Startat | Out-File -FilePath $LogFile -Append
    $Startwith | Out-File -FilePath $LogFile -Append
    $Starton | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    #################################################################### Main Script #####################################################################
    ##### Import CSV File #####
        Write-Log warning $LogFile "The script will try to Import The following CSV File: $CSVFile"
        $Users = Import-Csv $CSVFile
        Write-Log INFO $LogFile "The script Imported Te following CSV File: $CSVFile"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error $LogFile "Failed to Import The following CSV File: $CSVFile"
        Write-Log Error $LogFile "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error $LogFile "Failed with Error:$ErrorMessage"
        Write-Log Error $LogFile "The Script will stop"
        Read-Host "The script will stop"
        # Exit the script
    ##### Connect to MgGraph #####
        Write-Log Warning $LogFile "Try to Connect to Tenant using MgGraph"
        Connect-MgGraph -Scopes Domain.ReadWrite.All, Directory.ReadWrite.All, User.ReadWrite.All, Organization.Read.All, Group.ReadWrite.All
        Write-Log Info $LogFile "Successfully Connected to Tenant using MgGraph"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error $LogFile "Failed to Connect to Tenant using MgGraph"
        Write-Log Error $LogFile "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error $LogFile "Failed with Error:$ErrorMessage"
        Write-Log Error $LogFile "The Script will stop"
        Read-Host "The script will stop"
        # Exit the script
    ##### Select Default domain #####
        $FoundMgDomains = Get-MgDomain
        $SelectedMgDomainData = $FoundMgDomains | Select Id, AuthenticationType, IsAdminManaged, IsDefault | Out-GridView -PassThru -Title 'Select One Domain, then click on OK to validate your selection'
        $SelectedMgDomain = $SelectedMgDomainData.ID
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error $LogFile "Failed to retreive default domain"
        Write-Log Error $LogFile "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error $LogFile "Failed with Error:$ErrorMessage"
        Write-Log Error $LogFile "The Script will stop"
        Read-Host "The script will stop"
        # Exit the script
    ##### Get License Group Info #####
        $FoundMgLicenseGroups = Get-MgGroup -Filter "assignedLicenses/any()"
        $SelectedMgLicenseGroup = $FoundMgLicenseGroups | Select DisplayName, Id | Out-GridView -PassThru -Title 'Select One Group, then click on OK to validate your selection'
        $SelectedMgLicenseGroup_ID = $SelectedMgLicenseGroup.Id
        $SelectedMgLicenseGroup_DisplayName = $SelectedMgLicenseGroup.DisplayName
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error $LogFile "Failed to retreive License Group"
        Write-Log Error $LogFile "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error $LogFile "Failed with Error:$ErrorMessage"
        Write-Log Error $LogFile "The Script will stop"
        Read-Host "The script will stop"
        # Exit the script
    # Create Credential
    $PasswordProfile = @{
        Password = $TemporaryPassword
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($Users | Measure).count
    foreach ($User in $Users)
        $FirstName = $Null
        $LastName = $Null
        $UserPrincipalName = $Null
        $MailNickName = $Null
        $DisplayName = $Null
        $FirstName = $User.FirstName
        $LastName = $User.LastName
        $MailNickName = $FirstName + "." + $LastName
        $DisplayName = $FirstName + " " + $LastName
        $UserPrincipalName = $MailNickName + "@" + $SelectedMgDomain
        # Create Users
        $MgUser = $Null
        $MgUser = New-MgUser -DisplayName $DisplayName -GivenName $FirstName -Surname $LastName -PasswordProfile $PasswordProfile -AccountEnabled -MailNickName $MailNickName -UserPrincipalName $UserPrincipalName -UsageLocation $LicenseUsageLocation
        $MgUserID = $Null
        $MgUserID = $MgUser.ID
            Write-Log warning $LogFile "The script will try to add $DisplayName ($UserPrincipalName - $MgUserID) to LicenseGroup $SelectedMgLicenseGroup_DisplayName"
            New-MgGroupMember -GroupId $SelectedMgLicenseGroup_ID -DirectoryObjectId $MgUserID
            Write-Log INFO $LogFile "The script added $DisplayName ($UserPrincipalName - $MgUserID) to LicenseGroup $SelectedMgLicenseGroup_DisplayName "
            $StatusAddToLicenseGroup = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error $LogFile -Message "Failed to to add $DisplayName ($UserPrincipalName - $MgUserID) to LicenseGroup $SelectedMgLicenseGroup_DisplayName"
            Write-Log Error $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error $LogFile -Message "Failed with Error:$ErrorMessage"
            $StatusAddToLicenseGroup = "Failed with Error:$ErrorMessage"
        $Table += New-object PSobject -Property ([Ordered] @{
                FirstName          = $FirstName;
                LastName          = $LastName;
                DisplayName          = $DisplayName;
                UserPrincipalName = $UserPrincipalName;
                MailNickName      = $MailNickName;
                MgUserID          = $MgUserID;
                LicenseGroup      = $SelectedMgLicenseGroup_DisplayName;
                AddToLicenseGroup = $StatusAddToLicenseGroup;
    $Table | Export-Excel $ReportFilexlsx -TableName "ReportMgUsersCreation" -Title "Report MgUsers Creation" -TitleBold -WorksheetName "ReportMgUsersCreation" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO $LogFile -Message "Generate the following Report: $ReportFilexlsx"
Function Generate-MgUserMicrosoft365GroupMembership
        [Parameter(Mandatory = $true,
                   Position = 1)]
    $MgGroups = Get-MgUserMemberOf -UserId $UPN
    #Initiate the Hash Table
    $Table = $Null
    $Table = @()
    foreach ($MgGroup in $MgGroups)
        $MgGroupID = $Null
        $MgGroupID = $MgGroup.ID
        $FoundMgGroup = $Null
        $MgGroup_DisplayName = $Null
        $MgGroup_Mail = $Null
        $MgGroup_MailEnabled = $Null
        $MgGroup_SecurityEnabled = $Null
            $FoundMgGroup = Get-mgGroup -GroupId $MgGroupID -ErrorAction Stop
            $MgGroup_DisplayName = $FoundMgGroup.DisplayName
            $MgGroup_Mail = $FoundMgGroup.Mail
            $MgGroup_MailEnabled = $FoundMgGroup.MailEnabled
            $MgGroup_SecurityEnabled = $FoundMgGroup.SecurityEnabled
            $ErrorMessage = $Error[0].Exception.Message
            $FoundMgGroup = "Not Found - Failed with Error : $ErrorMessage"
            $MgGroup_DisplayName = "Not Found - Failed with Error : $ErrorMessage"
            $MgGroup_Mail = "Not Found - Failed with Error : $ErrorMessage"
            $MgGroup_MailEnabled = "Not Found - Failed with Error : $ErrorMessage"
            $MgGroup_SecurityEnabled = "Not Found - Failed with Error : $ErrorMessage"
        $Table += New-object PSobject -Property ([Ordered] @{
                GroupID            = $MgGroupID;
                DisplayName        = $MgGroup_DisplayName;
                MailEnabled        = $MgGroup_MailEnabled;
                Mail            = $MgGroup_Mail;
                SecurityEnabled = $MgGroup_SecurityEnabled;
Function Check-MgAllUsersStats
    param ()
    Connect-MgGraph -Scopes 'User.Read.All' -NoWelcome
    $MgContext = Get-MgContext
    $MgScopes = $MgContext.Scopes -join ";"
    Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
    # All MgUsers
    $AllMgUsers = Get-MgUser -all -Property DisplayName, UserPrincipalName, UserType, AccountEnabled
    # All Member MgUsers
    $AllMemberMgUsers = $AllMgUsers | where { $_.UserType -ne "Guest" }
    # All Enabled MgUsers
    $AllEnabledMgUsers = $AllMgUsers | where { $_.UserType -ne "Guest" -and $_.AccountEnabled -eq $True }
    # All Disabled MgUsers
    $AllDisabledMgUsers = $AllMgUsers | where { $_.UserType -ne "Guest" -and $_.AccountEnabled -eq $false }
    $AllMgUsersCount = ($AllMgUsers | Measure).count
    $AllMemberMgUsersCount = ($AllMemberMgUsers | Measure).count
    $AllEnabledMgUsersCount = ($AllEnabledMgUsers | Measure).count
    $AllDisabledMgUsersCount = ($AllDisabledMgUsers | Measure).count
    $Table = $Null
    $Table = @()
    $Table += New-object PSobject -Property ([Ordered] @{
            AllMgUsersCount            = $AllMgUsersCount;
            AllMemberMgUsersCount   = $AllMemberMgUsersCount;
            AllEnabledMgUsersCount  = $AllEnabledMgUsersCount;
            AllDisabledMgUsersCount = $AllDisabledMgUsersCount;
    $Table | fl
Function Generate-MyMgBetaUserSignInActivities
    Read-Host "Are you Connect to Beta MgGrap ?"
    #################################################################### Variable #####################################################################
    $Date = get-date -UFormat %d%m%Y
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ServerName = [Environment]::MachineName
    ###### Create Root Folder
    $RootFolder = $psscriptRoot + "\Users_Reports"
    ###### Create folder Variable
    $LogPathFolder = $RootFolder + "\Log\"
    $LogFile = $LogPathFolder + "Progress_" + $Date + ".log"
    $ReportPathFolder = $RootFolder + "\Reports\"
    ###### Create Folder
    Create-Folder $RootFolder
    Create-Folder $LogPathFolder
    Create-Folder $ReportPathFolder
    $Transcript_File = $LogPathFolder + "Transcript_" + $Date + ".txt"
    Start-Transcript -Path $Transcript_File -Append -Force
    ########### Initiate the Process log file when the script started ############
    $Initiat_LogA = "#################### starting the Script #####################"
    $Startat = "### The Script has been launch at $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")"
    $Startwith = "The Script has been start with the following Account:" + [Environment]::UserName
    $Starton = "The Script has been start on the following Computer:" + [Environment]::MachineName
    $Initiat_LogB = "##############################################################"
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogA | Out-File -FilePath $LogFile -Append
    $Startat | Out-File -FilePath $LogFile -Append
    $Startwith | Out-File -FilePath $LogFile -Append
    $Starton | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    #################################################################### Main Script #####################################################################
    # Found MgUsers
        #Read-Host "The script going to retreive all users from the tenant"
        # All Users

            $Users = Get-MgBetaUser -all -filter "usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInActivity, SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime, DisplayName, UserPrincipalName
            $ReportFile = $ReportPathFolder + "All_Report_Users_SigninActivities_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find All Users from the tenant"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to Find MgUsers"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
        Write-Log -Level Error -LogPath $LogFile -Message "The Script will stop"
        # Exit the script
        Read-Host "End of Script"
    # Loop
    $UsersInfo = $Null
    $UsersInfo = @()
    [Int]$i = 1
    $Count = ($Users | Measure).count
    foreach ($UserData in $Users)
        $UserUPN = $UserData.UserPrincipalName
        Write-Log -Level warning -LogPath $LogFile -Message "The script is analyzing $UserUPN --- $i/$Count"
        # MgUser
        Write-log Warning -Message "The Script is searching for the MgUser: $UserUPN"
        $FoundMgUserStatus = "Yes"
        $LastNonInteractiveSignInDateTime = $Null
        $LastSignInDateTime = $Null
        $LastSuccessfulSignInDateTime = $Null
        $SignInSessionsValidFromDateTime = $Null
        $RefreshTokensValidFromDateTime = $Null
        If ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime)
            $LastNonInteractiveSignInDateTime = Get-Date ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime) -Format "G"
            $LastNonInteractiveSignInDateTime = [datetime]::Parse($LastNonInteractiveSignInDateTime)
        If ($UserData.SignInActivity.LastSignInDateTime.DateTime)
            $LastSignInDateTime = Get-Date ($UserData.SignInActivity.LastSignInDateTime.DateTime) -Format "G"
            $LastSignInDateTime = [datetime]::Parse($LastSignInDateTime)
        If ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime)
            $LastSuccessfulSignInDateTime = Get-Date ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime) -Format "G"
            $LastSuccessfulSignInDateTime = [datetime]::Parse($LastSuccessfulSignInDateTime)
        If ($UserData.SignInSessionsValidFromDateTime.DateTime)
            $SignInSessionsValidFromDateTime = Get-Date ($UserData.SignInSessionsValidFromDateTime.DateTime) -Format "G"
            $SignInSessionsValidFromDateTime = [datetime]::Parse($SignInSessionsValidFromDateTime)
        If ($UserData.RefreshTokensValidFromDateTime.DateTime)
            $RefreshTokensValidFromDateTime = Get-Date ($UserData.RefreshTokensValidFromDateTime.DateTime) -Format "G"
            $RefreshTokensValidFromDateTime = [datetime]::Parse($RefreshTokensValidFromDateTime)
        $DisplayName = $UserData.DisplayName
        $UserPrincipalName = $UserData.UserPrincipalName
        $UsersInfo += New-object PSobject -Property ([Ordered] @{
                DisplayName                                           = $DisplayName;
                UserPrincipalName                                   = $UserPrincipalName;
                LastSuccessfulSignInDateTime                       = $LastSuccessfulSignInDateTime;
                LastNonInteractiveSignInDateTime                   = $LastNonInteractiveSignInDateTime;
                LastSignInDateTime                 = $LastSignInDateTime;
                SignInSessionsValidFromDateTime  = $SignInSessionsValidFromDateTime;
                RefreshTokensValidFromDateTime  = $RefreshTokensValidFromDateTime;
    $UsersInfo | Export-Excel $ReportFile -TableName "SignInActivities" -Title "SignIn Activities" -TitleBold -WorksheetName "SignInActivities" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFile"
Function Generate-MyMgBetaUserReport
        [Parameter(Mandatory = $true)]
        [ValidateSet('All', 'Enable', 'Disable')]
    Read-Host "Are you Connect to Beta MgGraph and EXO?"
    #################################################################### Variable #####################################################################
    $Date = get-date -UFormat %d%m%Y
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ServerName = [Environment]::MachineName
    ###### Create Root Folder
    $RootFolder = $psscriptRoot + "\Users_Reports"
    ###### Create folder Variable
    $LogPathFolder = $RootFolder + "\Log\"
    $LogFile = $LogPathFolder + "Progress_" + $Date + ".log"
    $ReportPathFolder = $RootFolder + "\Reports\"
    ###### Create Folder
    Create-Folder $RootFolder
    Create-Folder $LogPathFolder
    Create-Folder $ReportPathFolder
    $Transcript_File = $LogPathFolder + "Transcript_" + $Date + ".txt"
    Start-Transcript -Path $Transcript_File -Append -Force
    ########### Initiate the Process log file when the script started ############
    $Initiat_LogA = "#################### starting the Script #####################"
    $Startat = "### The Script has been launch at $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")"
    $Startwith = "The Script has been start with the following Account:" + [Environment]::UserName
    $Starton = "The Script has been start on the following Computer:" + [Environment]::MachineName
    $Initiat_LogB = "##############################################################"
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogA | Out-File -FilePath $LogFile -Append
    $Startat | Out-File -FilePath $LogFile -Append
    $Startwith | Out-File -FilePath $LogFile -Append
    $Starton | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    #################################################################### Main Script #####################################################################
    #Found License Name
        $LocalPath = ".\MapSKUID.csv"
        If (!(Test-Path $LocalPath))
            Write-Log warning -Message "The script Download Microsoft Licensing CSV File"
            $URL = ""
            $LocalPath = ".\MapSKUID.csv"
            Invoke-WebRequest -Uri $URL -OutFile $LocalPath
            Write-Log warning -Message "The folder $LocalPath is already exist"
        $MicrosoftSKUs = Import-Csv $LocalPath
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to download $LocalPath"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # Found MgUsers
        #Read-Host "The script going to retreive all users from the tenant"
        # All Users
        If ($Type -eq "All")
            $Users = Get-MgBetaUser -all -filter "usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "All_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find All Users from the tenant"
        # All Enable Users
        If ($Type -eq "Enable")
            $Users = Get-MgBetaUser -all -filter "accountenabled eq true and usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "Enable_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find all Enable Users from the tenant"
        # All Disabled Users
        If ($Type -eq "Disable")
            $Users = Get-MgBetaUser -all -filter "accountenabled eq false and usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "Disable_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find all Disable Users from the tenant"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to Find MgUsers"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
        Write-Log -Level Error -LogPath $LogFile -Message "The Script will stop"
        # Exit the script
        Read-Host "End of Script"
    # Loop
    $UsersInfo = $Null
    $UsersInfo = @()
    [Int]$i = 1
    $Count = ($Users | Measure).count
    foreach ($UserData in $Users)
        $UserUPN = $UserData.UserPrincipalName
        Write-Log -Level warning -LogPath $LogFile -Message "The script is analyzing $UserUPN --- $i/$Count"
        # MgUser
        Write-log Warning -Message "The Script is searching for the MgUser: $UserUPN"
        $FoundMgUserStatus = "Yes"
        $LastNonInteractiveSignInDateTime = $Null
        $LastSignInDateTime = $Null
        $LastSuccessfulSignInDateTime = $Null
        $SignInSessionsValidFromDateTime = $Null
        $RefreshTokensValidFromDateTime = $Null
        $CreatedDateTime = $Null
        $OnPremisesDistinguishedName = $Null
        $OnPremisesImmutableId = $Null
        $OnPremisesLastSyncDateTime = $Null
        $OnPremisesSamAccountName = $Null
        $OnPremisesSyncEnabled = $Null
        $OnPremisesUserPrincipalName = $Null
        $MailNickname = $Null
        $DisplayName = $Null
        $UserPrincipalName = $Null
        $Department = $Null
        $Tittle = $Null
        $AccountEnabled = $Null
        $Mail = $Null
        $LastPasswordChangeDateTime = $Null
        $UserType = $Null
        $AssignedLicenses = $Null
        $Licenses = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $Null
        If ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime)
            $LastNonInteractiveSignInDateTime = Get-Date ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime) -Format "G"
            $LastNonInteractiveSignInDateTime = [datetime]::Parse($LastNonInteractiveSignInDateTime)
        If ($UserData.SignInActivity.LastSignInDateTime.DateTime)
            $LastSignInDateTime = Get-Date ($UserData.SignInActivity.LastSignInDateTime.DateTime) -Format "G"
            $LastSignInDateTime = [datetime]::Parse($LastSignInDateTime)
        If ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime)
            $LastSuccessfulSignInDateTime = Get-Date ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime) -Format "G"
            $LastSuccessfulSignInDateTime = [datetime]::Parse($LastSuccessfulSignInDateTime)
        If ($UserData.SignInSessionsValidFromDateTime.DateTime)
            $SignInSessionsValidFromDateTime = Get-Date ($UserData.SignInSessionsValidFromDateTime.DateTime) -Format "G"
            $SignInSessionsValidFromDateTime = [datetime]::Parse($SignInSessionsValidFromDateTime)
        If ($UserData.RefreshTokensValidFromDateTime.DateTime)
            $RefreshTokensValidFromDateTime = Get-Date ($UserData.RefreshTokensValidFromDateTime.DateTime) -Format "G"
            $RefreshTokensValidFromDateTime = [datetime]::Parse($RefreshTokensValidFromDateTime)
        $CreatedDateTime = $UserData.CreatedDateTime
        $OnPremisesDistinguishedName = $UserData.OnPremisesDistinguishedName
        $OnPremisesImmutableId = $UserData.OnPremisesImmutableId
        $OnPremisesLastSyncDateTime = $UserData.OnPremisesLastSyncDateTime
        $OnPremisesSamAccountName = $UserData.OnPremisesSamAccountName
        $OnPremisesSyncEnabled = $UserData.OnPremisesSyncEnabled
        $OnPremisesUserPrincipalName = $UserData.OnPremisesUserPrincipalName
        $MailNickname = $UserData.MailNickname
        $DisplayName = $UserData.DisplayName
        $UserPrincipalName = $UserData.UserPrincipalName
        $Department = $UserData.Department
        $Tittle = $UserData.JobTitle
        $AccountEnabled = $UserData.AccountEnabled
        $Mail = $UserData.Mail
        $LastPasswordChangeDateTime = $UserData.LastPasswordChangeDateTime
        $UserType = $UserData.UserType
        $AssignedLicenses = $UserData.AssignedLicenses
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute1
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute2
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute3
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute4
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute5
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute6
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute7
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute8
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute9
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute10
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute11
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute12
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute13
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute14
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute15
        $CreatedDateTime = $UserData.CreatedDateTime
        $UserLicenses = @()
        foreach ($AssignedLicense in $AssignedLicenses)
            $SkuId = $Null
            $SkuId = $AssignedLicense.SkuId
            $UserLicenses += ($MicrosoftSKUs | where { $_.GUID -eq $SkuId } | Select -first 1).Product_Display_Name
        $Licenses = $UserLicenses -join ";"
        # Recipient
        $FoundRecipientStatus = "No"
        $DeletedItemCount = "Not a Mailbox"
        $ItemCount = "Not a Mailbox"
        $TotalDeletedItemSize = "Not a Mailbox"
        $TotalItemSize = "Not a Mailbox"
        $FoundMailboxStatisticsStatus = "Not a Mailbox"
        $IsMailboxEnabled = "Not a Mailbox"
        $Recipient = $Null
            Write-log Warning -Message "The Script is searching for the Recipient: $UserUPN"
            $Recipient = Get-Recipient $UserUPN
            If ($Recipient)
                Write-Log Info -Message "The script find the recipient $UserUPN"
                $FoundRecipientStatus = "Yes"
                $PrimarySmtpAddress = $Recipient.PrimarySmtpAddress
                $RecipientTypeDetails = $Recipient.RecipientTypeDetails
                $IsDirSynced = $Recipient.IsDirSynced
                $WhenMailboxCreated = $Recipient.WhenMailboxCreated
                $WhenSoftDeleted = $Recipient.WhenSoftDeleted
                $WhenCreated = $Recipient.WhenCreated
                Write-Log Info -Message "The script find the recipient $UserUPN"
                $FoundRecipientStatus = "Not a Recipient"
                $PrimarySmtpAddress = "Not a Recipient"
                $RecipientTypeDetails = "Not a Recipient"
                $IsDirSynced = "Not a Recipient"
                $WhenMailboxCreated = "Not a Recipient"
                $WhenSoftDeleted = "Not a Recipient"
                $WhenCreated = "Not a Recipient"
            If ($RecipientTypeDetails -like "*Mailbox")
                #Mailbox Data
                $IsMailboxEnabled = "No Data Found"
                $FoundMailboxDataStatus = "No"
                    Write-Log warning -Message "The script retreive Mailbox Data for $PrimarySmtpAddress"
                    $MailboxData = $Null
                    $MailboxData = Get-Mailbox $PrimarySmtpAddress
                    $IsMailboxEnabled = $MailboxData.IsMailboxEnabled
                    Write-Log Info -Message "The script retreived Mailbox Data for $PrimarySmtpAddress"
                    $FoundMailboxDataStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to retreive Mailbox Data for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxDataStatus = "Failed with Error:$ErrorMessage"
                $DeletedItemCount = "No Data Found"
                $ItemCount = "No Data Found"
                $TotalDeletedItemSize = "No Data Found"
                $TotalItemSize = "No Data Found"
                    Write-Log warning -Message "The script search Mailbox Statistics for $PrimarySmtpAddress"
                    $MailboxStatistics = Get-EXOMailboxStatistics $PrimarySmtpAddress
                    $DeletedItemCount = $MailboxStatistics.DeletedItemCount
                    $ItemCount = $MailboxStatistics.ItemCount
                    $TotalDeletedItemSize = $MailboxStatistics.TotalDeletedItemSize
                    $TotalItemSize = $MailboxStatistics.TotalItemSize
                    Write-Log Info -Message "The script found Mailbox Statistics info for $PrimarySmtpAddress"
                    $FoundMailboxStatisticsStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                    $DeletedItemCount = "Failed"
                    $ItemCount = "Failed"
                    $TotalDeletedItemSize = "Failed"
                    $TotalItemSize = "Failed"
                #Mailbox Permissions
                $MailboxPermissionUsers = "No Data Found"
                $MailboxPermissionAccessRights = "No Data Found"
                $RecipientPermissionTrustees = "No Data Found"
                $RecipientPermissionAccessRights = "No Data Found"
                    Write-Log warning -Message "The script search Mailbox Permissions for $PrimarySmtpAddress"
                    $EXORecipientPermissions = Get-EXORecipientPermission $PrimarySmtpAddress
                    $EXOMailboxPermissions = Get-EXOMailboxPermission $PrimarySmtpAddress
                    $MailboxPermissionUsers = $EXOMailboxPermissions.User -join ";"
                    $MailboxPermissionAccessRights = $EXOMailboxPermissions.AccessRights -join ";"
                    $RecipientPermissionTrustees = $EXORecipientPermissions.Trustee -join ";"
                    $RecipientPermissionAccessRights = $EXORecipientPermissions.AccessRights -join ";"
                    Write-Log Info -Message "The script found Mailbox Permissions info for $PrimarySmtpAddress"
                    $FoundMailboxStatisticsStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                    $MailboxPermissionUsers = "Failed"
                    $MailboxPermissionAccessRights = "Failed"
                    $RecipientPermissionTrustees = "Failed"
                    $RecipientPermissionAccessRights = "Failed"
                $DeletedItemCount = "Not a Mailbox"
                $ItemCount = "Not a Mailbox"
                $TotalDeletedItemSize = "Not a Mailbox"
                $TotalItemSize = "Not a Mailbox"
                $MailboxPermissionUsers = "Not a Mailbox"
                $MailboxPermissionAccessRights = "Not a Mailbox"
                $RecipientPermissionTrustees = "Not a Mailbox"
                $RecipientPermissionAccessRights = "Not a Mailbox"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to find MgUser $UserUPN"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $FoundRecipientStatus = "Failed with Error:$ErrorMessage"
        $UsersInfo += New-object PSobject -Property ([Ordered] @{
                DisplayName                                           = $DisplayName;
                Tittle                                               = $Tittle;
                Department                                           = $Department;
                AccountEnabled                                       = $AccountEnabled;
                Mail                                               = $Mail;
                UserPrincipalName                                   = $UserPrincipalName;
                LastSuccessfulSignInDateTime                       = $LastSuccessfulSignInDateTime;
                LastNonInteractiveSignInDateTime                   = $LastNonInteractiveSignInDateTime;
                LastSignInDateTime                                   = $LastSignInDateTime;
                SignInSessionsValidFromDateTime                       = $SignInSessionsValidFromDateTime;
                RefreshTokensValidFromDateTime                       = $RefreshTokensValidFromDateTime;
                LastPasswordChangeDateTime                           = $LastPasswordChangeDateTime;
                OnPremisesDistinguishedName                           = $OnPremisesDistinguishedName;
                OnPremisesImmutableId                               = $OnPremisesImmutableId;
                OnPremisesLastSyncDateTime                           = $OnPremisesLastSyncDateTime;
                OnPremisesSamAccountName                           = $OnPremisesSamAccountName;
                OnPremisesSyncEnabled                               = $OnPremisesSyncEnabled;
                OnPremisesUserPrincipalName                           = $OnPremisesUserPrincipalName;
                OnPremisesExtensionAttributes_ExtensionAttribute1  = $OnPremisesExtensionAttributes_ExtensionAttribute1;
                OnPremisesExtensionAttributes_ExtensionAttribute2  = $OnPremisesExtensionAttributes_ExtensionAttribute2;
                OnPremisesExtensionAttributes_ExtensionAttribute3  = $OnPremisesExtensionAttributes_ExtensionAttribute3;
                OnPremisesExtensionAttributes_ExtensionAttribute4  = $OnPremisesExtensionAttributes_ExtensionAttribute4;
                OnPremisesExtensionAttributes_ExtensionAttribute5  = $OnPremisesExtensionAttributes_ExtensionAttribute5;
                OnPremisesExtensionAttributes_ExtensionAttribute6  = $OnPremisesExtensionAttributes_ExtensionAttribute6;
                OnPremisesExtensionAttributes_ExtensionAttribute7  = $OnPremisesExtensionAttributes_ExtensionAttribute7;
                OnPremisesExtensionAttributes_ExtensionAttribute8  = $OnPremisesExtensionAttributes_ExtensionAttribute8;
                OnPremisesExtensionAttributes_ExtensionAttribute9  = $OnPremisesExtensionAttributes_ExtensionAttribute9;
                OnPremisesExtensionAttributes_ExtensionAttribute10 = $OnPremisesExtensionAttributes_ExtensionAttribute10;
                OnPremisesExtensionAttributes_ExtensionAttribute11 = $OnPremisesExtensionAttributes_ExtensionAttribute11;
                OnPremisesExtensionAttributes_ExtensionAttribute12 = $OnPremisesExtensionAttributes_ExtensionAttribute12;
                OnPremisesExtensionAttributes_ExtensionAttribute13 = $OnPremisesExtensionAttributes_ExtensionAttribute13;
                OnPremisesExtensionAttributes_ExtensionAttribute14 = $OnPremisesExtensionAttributes_ExtensionAttribute14;
                OnPremisesExtensionAttributes_ExtensionAttribute15 = $OnPremisesExtensionAttributes_ExtensionAttribute15;
                CreatedDateTime                                       = $CreatedDateTime;
                MailNickname                                       = $MailNickname;
                UserType                                           = $UserType;
                Licenses                                           = $Licenses;
                FoundRecipient                                       = $FoundRecipientStatus;
                PrimarySmtpAddress                                   = $PrimarySmtpAddress;
                RecipientTypeDetails                               = $RecipientTypeDetails;
                IsDirSynced                                           = $IsDirSynced;
                IsMailboxEnabled                                   = $IsMailboxEnabled;
                WhenMailboxCreated                                   = $WhenMailboxCreated;
                WhenSoftDeleted                                       = $WhenSoftDeleted;
                WhenCreated                                           = $WhenCreated;
                FoundMailboxStatistics                               = $FoundMailboxStatisticsStatus;
                DeletedItemCount                                   = $DeletedItemCount;
                ItemCount                                           = $ItemCount;
                TotalDeletedItemSize                               = $TotalDeletedItemSize;
                TotalItemSize                                       = $TotalItemSize;
                MailboxPermissionUsers                               = $MailboxPermissionUsers;
                MailboxPermissionAccessRights                       = $MailboxPermissionAccessRights;
                RecipientPermissionTrustees                           = $RecipientPermissionTrustees;
                RecipientPermissionAccessRights                       = $RecipientPermissionAccessRights;
    $UsersInfo | Export-Excel $ReportFile -TableName "UsersReport" -Title "Users Report" -TitleBold -WorksheetName "UsersReport" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFile"
Function Generate-MyMgUserReport
        [Parameter(Mandatory = $true)]
        [ValidateSet('All', 'Enable', 'Disable')]
    Read-Host "Are you Connect to MgGraph and EXO?"
    #################################################################### Variable #####################################################################
    $Date = get-date -UFormat %d%m%Y
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ServerName = [Environment]::MachineName
    ###### Create Root Folder
    $RootFolder = $psscriptRoot + "\Users_Reports"
    ###### Create folder Variable
    $LogPathFolder = $RootFolder + "\Log\"
    $LogFile = $LogPathFolder + "Progress_" + $Date + ".log"
    $ReportPathFolder = $RootFolder + "\Reports\"
    ###### Create Folder
    Create-Folder $RootFolder
    Create-Folder $LogPathFolder
    Create-Folder $ReportPathFolder
    $Transcript_File = $LogPathFolder + "Transcript_" + $Date + ".txt"
    Start-Transcript -Path $Transcript_File -Append -Force
    ########### Initiate the Process log file when the script started ############
    $Initiat_LogA = "#################### starting the Script #####################"
    $Startat = "### The Script has been launch at $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")"
    $Startwith = "The Script has been start with the following Account:" + [Environment]::UserName
    $Starton = "The Script has been start on the following Computer:" + [Environment]::MachineName
    $Initiat_LogB = "##############################################################"
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogA | Out-File -FilePath $LogFile -Append
    $Startat | Out-File -FilePath $LogFile -Append
    $Startwith | Out-File -FilePath $LogFile -Append
    $Starton | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    #################################################################### Main Script #####################################################################
    #Found License Name
        $LocalPath = ".\MapSKUID.csv"
        If (!(Test-Path $LocalPath))
            Write-Log warning -Message "The script Download Microsoft Licensing CSV File"
            $URL = ""
            $LocalPath = ".\MapSKUID.csv"
            Invoke-WebRequest -Uri $URL -OutFile $LocalPath
            Write-Log warning -Message "The folder $LocalPath is already exist"
        $MicrosoftSKUs = Import-Csv $LocalPath
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to download $LocalPath"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # Found MgUsers
        #Read-Host "The script going to retreive all users from the tenant"
        # All Users
        If ($Type -eq "All")
            $Users = Get-MgUser -all -filter "usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "All_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find All Users from the tenant"
        # All Enable Users
        If ($Type -eq "Enable")
            $Users = Get-MgUser -all -filter "accountenabled eq true and usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "Enable_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find all Enable Users from the tenant"
        # All Disabled Users
        If ($Type -eq "Disable")
            $Users = Get-MgUser -all -filter "accountenabled eq false and usertype ne 'Guest'" -Countvariable CountVar -ConsistencyLevel eventual -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
            $ReportFile = $ReportPathFolder + "Disable_Report_Users_" + $DateFull + ".xlsx"
            Write-Log -Level INFO -Message "The script find all Disable Users from the tenant"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to Find MgUsers"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
        Write-Log -Level Error -LogPath $LogFile -Message "The Script will stop"
        # Exit the script
        Read-Host "End of Script"
    # Loop
    $UsersInfo = $Null
    $UsersInfo = @()
    [Int]$i = 1
    $Count = ($Users | Measure).count
    foreach ($UserData in $Users)
        $UserUPN = $UserData.UserPrincipalName
        Write-Log -Level warning -LogPath $LogFile -Message "The script is analyzing $UserUPN --- $i/$Count"
        # MgUser
        Write-log Warning -Message "The Script is searching for the MgUser: $UserUPN"
        $FoundMgUserStatus = "Yes"
        $LastNonInteractiveSignInDateTime = $Null
        $LastSignInDateTime = $Null
        $SignInSessionsValidFromDateTime = $Null
        $RefreshTokensValidFromDateTime = $Null
        $CreatedDateTime = $Null
        $OnPremisesDistinguishedName = $Null
        $OnPremisesImmutableId = $Null
        $OnPremisesLastSyncDateTime = $Null
        $OnPremisesSamAccountName = $Null
        $OnPremisesSyncEnabled = $Null
        $OnPremisesUserPrincipalName = $Null
        $MailNickname = $Null
        $DisplayName = $Null
        $UserPrincipalName = $Null
        $Department = $Null
        $Tittle = $Null
        $AccountEnabled = $Null
        $Mail = $Null
        $LastPasswordChangeDateTime = $Null
        $UserType = $Null
        $AssignedLicenses = $Null
        $Licenses = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $Null
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $Null
        If ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime)
            $LastNonInteractiveSignInDateTime = Get-Date ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime) -Format "G"
            $LastNonInteractiveSignInDateTime = [datetime]::Parse($LastNonInteractiveSignInDateTime)
        If ($UserData.SignInActivity.LastSignInDateTime.DateTime)
            $LastSignInDateTime = Get-Date ($UserData.SignInActivity.LastSignInDateTime.DateTime) -Format "G"
            $LastSignInDateTime = [datetime]::Parse($LastSignInDateTime)
        If ($UserData.SignInSessionsValidFromDateTime.DateTime)
            $SignInSessionsValidFromDateTime = Get-Date ($UserData.SignInSessionsValidFromDateTime.DateTime) -Format "G"
            $SignInSessionsValidFromDateTime = [datetime]::Parse($SignInSessionsValidFromDateTime)
        If ($UserData.RefreshTokensValidFromDateTime.DateTime)
            $RefreshTokensValidFromDateTime = Get-Date ($UserData.RefreshTokensValidFromDateTime.DateTime) -Format "G"
            $RefreshTokensValidFromDateTime = [datetime]::Parse($RefreshTokensValidFromDateTime)
        $OnPremisesDistinguishedName = $UserData.OnPremisesDistinguishedName
        $OnPremisesImmutableId = $UserData.OnPremisesImmutableId
        $OnPremisesLastSyncDateTime = $UserData.OnPremisesLastSyncDateTime
        $OnPremisesSamAccountName = $UserData.OnPremisesSamAccountName
        $OnPremisesSyncEnabled = $UserData.OnPremisesSyncEnabled
        $OnPremisesUserPrincipalName = $UserData.OnPremisesUserPrincipalName
        $MailNickname = $UserData.MailNickname
        $DisplayName = $UserData.DisplayName
        $UserPrincipalName = $UserData.UserPrincipalName
        $Department = $UserData.Department
        $Tittle = $UserData.JobTitle
        $AccountEnabled = $UserData.AccountEnabled
        $Mail = $UserData.Mail
        $LastPasswordChangeDateTime = $UserData.LastPasswordChangeDateTime
        $UserType = $UserData.UserType
        $AssignedLicenses = $UserData.AssignedLicenses
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute1
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute2
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute3
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute4
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute5
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute6
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute7
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute8
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute9
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute10
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute11
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute12
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute13
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute14
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute15
        $CreatedDateTime = $UserData.CreatedDateTime
        $UserLicenses = @()
        foreach ($AssignedLicense in $AssignedLicenses)
            $SkuId = $Null
            $SkuId = $AssignedLicense.SkuId
            $UserLicenses += ($MicrosoftSKUs | where { $_.GUID -eq $SkuId } | Select -first 1).Product_Display_Name
        $Licenses = $UserLicenses -join ";"
        # Recipient
        $FoundRecipientStatus = "No"
        $DeletedItemCount = "Not a Mailbox"
        $ItemCount = "Not a Mailbox"
        $TotalDeletedItemSize = "Not a Mailbox"
        $TotalItemSize = "Not a Mailbox"
        $FoundMailboxStatisticsStatus = "Not a Mailbox"
        $IsMailboxEnabled = "Not a Mailbox"
        $Recipient = $Null
        $FoundRecipientStatus = "No"
            Write-log Warning -Message "The Script is searching for the Recipient: $UserUPN"
            $Recipient = $Recipient = Get-Recipient $UserUPN
            Write-Log Info -Message "The script find the recipient $UserUPN"
            $FoundRecipientStatus = "Yes"
            $PrimarySmtpAddress = $Recipient.PrimarySmtpAddress
            $RecipientTypeDetails = $Recipient.RecipientTypeDetails
            $IsDirSynced = $Recipient.IsDirSynced
            $WhenMailboxCreated = $Recipient.WhenMailboxCreated
            $WhenSoftDeleted = $Recipient.WhenSoftDeleted
            $WhenCreated = $Recipient.WhenCreated
            $DeletedItemCount = "Not a Mailbox"
            $ItemCount = "Not a Mailbox"
            $TotalDeletedItemSize = "Not a Mailbox"
            $TotalItemSize = "Not a Mailbox"
            $FoundMailboxStatisticsStatus = "Not a Mailbox"
            $IsMailboxEnabled = "Not a Mailbox"
            If ($RecipientTypeDetails -like "*Mailbox")
                #Mailbox Data
                $IsMailboxEnabled = "No Data Found"
                    Write-Log warning -Message "The script retreive Mailbox Data for $PrimarySmtpAddress"
                    $MailboxData = $Null
                    $MailboxData = Get-Mailbox $PrimarySmtpAddress
                    $IsMailboxEnabled = $MailboxData.IsMailboxEnabled
                    Write-Log Info -Message "The script retreived Mailbox Data for $PrimarySmtpAddress"
                    $FoundMailboxDataStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to retreive Mailbox Data for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxDataStatus = "Failed with Error:$ErrorMessage"
                $DeletedItemCount = "No Data Found"
                $ItemCount = "No Data Found"
                $TotalDeletedItemSize = "No Data Found"
                $TotalItemSize = "No Data Found"
                    Write-Log warning -Message "The script search Mailbox Statistics for $PrimarySmtpAddress"
                    $MailboxStatistics = Get-EXOMailboxStatistics $PrimarySmtpAddress
                    $DeletedItemCount = $MailboxStatistics.DeletedItemCount
                    $ItemCount = $MailboxStatistics.ItemCount
                    $TotalDeletedItemSize = $MailboxStatistics.TotalDeletedItemSize
                    $TotalItemSize = $MailboxStatistics.TotalItemSize
                    Write-Log Info -Message "The script found Mailbox Statistics info for $PrimarySmtpAddress"
                    $FoundMailboxStatisticsStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                    $DeletedItemCount = "Failed"
                    $ItemCount = "Failed"
                    $TotalDeletedItemSize = "Failed"
                    $TotalItemSize = "Failed"
                #Mailbox Permissions
                $MailboxPermissionUsers = "No Data Found"
                $MailboxPermissionAccessRights = "No Data Found"
                $RecipientPermissionTrustees = "No Data Found"
                $RecipientPermissionAccessRights = "No Data Found"
                    Write-Log warning -Message "The script search Mailbox Permissions for $PrimarySmtpAddress"
                    $EXORecipientPermissions = Get-EXORecipientPermission $PrimarySmtpAddress
                    $EXOMailboxPermissions = Get-EXOMailboxPermission $PrimarySmtpAddress
                    $MailboxPermissionUsers = $EXOMailboxPermissions.User -join ";"
                    $MailboxPermissionAccessRights = $EXOMailboxPermissions.AccessRights -join ";"
                    $RecipientPermissionTrustees = $EXORecipientPermissions.Trustee -join ";"
                    $RecipientPermissionAccessRights = $EXORecipientPermissions.AccessRights -join ";"
                    Write-Log Info -Message "The script found Mailbox Permissions info for $PrimarySmtpAddress"
                    $FoundMailboxStatisticsStatus = "Yes"
                    $ErrorMessage = $Error[0].Exception.Message
                    $CMDLet = $Error[0].InvocationInfo.Line
                    $FailedItem = $Error[0].Exception.ItemName
                    Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                    Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                    Write-Log Error -Message "Failed with Error:$ErrorMessage"
                    $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                    $MailboxPermissionUsers = "Failed"
                    $MailboxPermissionAccessRights = "Failed"
                    $RecipientPermissionTrustees = "Failed"
                    $RecipientPermissionAccessRights = "Failed"
                $DeletedItemCount = "Not a Mailbox"
                $ItemCount = "Not a Mailbox"
                $TotalDeletedItemSize = "Not a Mailbox"
                $TotalItemSize = "Not a Mailbox"
                $MailboxPermissionUsers = "Not a Mailbox"
                $MailboxPermissionAccessRights = "Not a Mailbox"
                $RecipientPermissionTrustees = "Not a Mailbox"
                $RecipientPermissionAccessRights = "Not a Mailbox"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to find MgUser $UserUPN"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $FoundRecipientStatus = "Failed with Error:$ErrorMessage"
        $UsersInfo += New-object PSobject -Property ([Ordered] @{
                DisplayName                                           = $DisplayName;
                Tittle                                               = $Tittle;
                Department                                           = $Department;
                AccountEnabled                                       = $AccountEnabled;
                Mail                                               = $Mail;
                UserPrincipalName                                   = $UserPrincipalName;
                LastNonInteractiveSignInDateTime                   = $LastNonInteractiveSignInDateTime;
                LastSignInDateTime                                   = $LastSignInDateTime;
                SignInSessionsValidFromDateTime                       = $SignInSessionsValidFromDateTime;
                RefreshTokensValidFromDateTime                       = $RefreshTokensValidFromDateTime;
                LastPasswordChangeDateTime                           = $LastPasswordChangeDateTime;
                OnPremisesDistinguishedName                           = $OnPremisesDistinguishedName;
                OnPremisesImmutableId                               = $OnPremisesImmutableId;
                OnPremisesLastSyncDateTime                           = $OnPremisesLastSyncDateTime;
                OnPremisesSamAccountName                           = $OnPremisesSamAccountName;
                OnPremisesSyncEnabled                               = $OnPremisesSyncEnabled;
                OnPremisesUserPrincipalName                           = $OnPremisesUserPrincipalName;
                OnPremisesExtensionAttributes_ExtensionAttribute1  = $OnPremisesExtensionAttributes_ExtensionAttribute1;
                OnPremisesExtensionAttributes_ExtensionAttribute2  = $OnPremisesExtensionAttributes_ExtensionAttribute2;
                OnPremisesExtensionAttributes_ExtensionAttribute3  = $OnPremisesExtensionAttributes_ExtensionAttribute3;
                OnPremisesExtensionAttributes_ExtensionAttribute4  = $OnPremisesExtensionAttributes_ExtensionAttribute4;
                OnPremisesExtensionAttributes_ExtensionAttribute5  = $OnPremisesExtensionAttributes_ExtensionAttribute5;
                OnPremisesExtensionAttributes_ExtensionAttribute6  = $OnPremisesExtensionAttributes_ExtensionAttribute6;
                OnPremisesExtensionAttributes_ExtensionAttribute7  = $OnPremisesExtensionAttributes_ExtensionAttribute7;
                OnPremisesExtensionAttributes_ExtensionAttribute8  = $OnPremisesExtensionAttributes_ExtensionAttribute8;
                OnPremisesExtensionAttributes_ExtensionAttribute9  = $OnPremisesExtensionAttributes_ExtensionAttribute9;
                OnPremisesExtensionAttributes_ExtensionAttribute10 = $OnPremisesExtensionAttributes_ExtensionAttribute10;
                OnPremisesExtensionAttributes_ExtensionAttribute11 = $OnPremisesExtensionAttributes_ExtensionAttribute11;
                OnPremisesExtensionAttributes_ExtensionAttribute12 = $OnPremisesExtensionAttributes_ExtensionAttribute12;
                OnPremisesExtensionAttributes_ExtensionAttribute13 = $OnPremisesExtensionAttributes_ExtensionAttribute13;
                OnPremisesExtensionAttributes_ExtensionAttribute14 = $OnPremisesExtensionAttributes_ExtensionAttribute14;
                OnPremisesExtensionAttributes_ExtensionAttribute15 = $OnPremisesExtensionAttributes_ExtensionAttribute15;
                CreatedDateTime                                       = $CreatedDateTime;
                MailNickname                                       = $MailNickname;
                UserType                                           = $UserType;
                Licenses                                           = $Licenses;
                FoundRecipient                                       = $FoundRecipientStatus;
                PrimarySmtpAddress                                   = $PrimarySmtpAddress;
                RecipientTypeDetails                               = $RecipientTypeDetails;
                IsDirSynced                                           = $IsDirSynced;
                IsMailboxEnabled                                   = $IsMailboxEnabled;
                WhenMailboxCreated                                   = $WhenMailboxCreated;
                WhenSoftDeleted                                       = $WhenSoftDeleted;
                WhenCreated                                           = $WhenCreated;
                FoundMailboxStatistics                               = $FoundMailboxStatisticsStatus;
                DeletedItemCount                                   = $DeletedItemCount;
                ItemCount                                           = $ItemCount;
                TotalDeletedItemSize                               = $TotalDeletedItemSize;
                TotalItemSize                                       = $TotalItemSize;
                MailboxPermissionUsers                               = $MailboxPermissionUsers;
                MailboxPermissionAccessRights                       = $MailboxPermissionAccessRights;
                RecipientPermissionTrustees                           = $RecipientPermissionTrustees;
                RecipientPermissionAccessRights                       = $RecipientPermissionAccessRights;
    $UsersInfo | Export-Excel $ReportFile -TableName "UsersReport" -Title "Users Report" -TitleBold -WorksheetName "UsersReport" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFile"
Function Disable-UserMailboxForDepartureUsingCSV
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Mandatory = $true,
                   Position = 2)]
    #################################################################### Variable #####################################################################
    $Date = get-date -UFormat %d%m%Y
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ServerName = [Environment]::MachineName
    ###### Create Root Folder
    $RootFolder = $psscriptRoot + "\DisabledUsers"
    ###### Create folder Variable
    $LogPathFolder = $RootFolder + "\Log\"
    $LogFile = $LogPathFolder + "Progress_" + $Date + ".log"
    $ReportPathFolder = $RootFolder + "\Reports\"
    $ReportFile = $ReportPathFolder + "DisabledUsers_" + $DateFull + ".xlsx"
    ###### Create Folder
    Create-Folder $RootFolder
    Create-Folder $LogPathFolder
    Create-Folder $ReportPathFolder
    $Transcript_File = $LogPathFolder + "Transcript_" + $Date + ".txt"
    Start-Transcript -Path $Transcript_File -Append -Force
    ########### Initiate the Process log file when the script started ############
    $Initiat_LogA = "#################### starting the Script #####################"
    $Startat = "### The Script has been launch at $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")"
    $Startwith = "The Script has been start with the following Account:" + [Environment]::UserName
    $Starton = "The Script has been start on the following Computer:" + [Environment]::MachineName
    $Initiat_LogB = "##############################################################"
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogA | Out-File -FilePath $LogFile -Append
    $Startat | Out-File -FilePath $LogFile -Append
    $Startwith | Out-File -FilePath $LogFile -Append
    $Starton | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    $Initiat_LogB | Out-File -FilePath $LogFile -Append
    #################################################################### Main Script #####################################################################
    # Import CSVFile
        Read-Host "Expected CSV Column: UPN"
        $Users = Import-Csv $CSVFile
        Write-Log -Level INFO -LogPath $LogFile -Message "The script import successfully :$CSVFile"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to import $CSVFile "
        Write-Log -Level Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log -Level Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
        Write-Log -Level Error -LogPath $LogFile -Message "The Script will stop"
        # Exit the script
        Read-Host "End of Script"
    #Initiate the Hash Table
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($Users | Measure).count
    foreach ($User in $Users)
        $Primary = $null
        $Primary = $User.UPN
        # Disable MgUser
            Write-Log warning -LogPath $LogFile -Message "The script will Disable MgUser $Primary --- $i/$Count"
            Disable-MgAccount -UPN $Primary -Confirm
            Write-Log Info -LogPath $LogFile -Message "The script Disable MgUser $Primary"
            $DisabledMgUserStatus = "success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to Disable MgUser $Primary"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $DisabledMgUserStatus = "Failed with Error:$ErrorMessage"
        # Get Mailbox Data
            Write-Log warning -LogPath $LogFile -Message "The script will get $Primary to Maiblox Data"
            $Mailbox = $Null
            $Mailbox = Get-Mailbox $Primary
            Write-Log Info -LogPath $LogFile -Message "The script get Mailbox Data for $Primary"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to get Mailbox Data for $Primary"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $GetMailboxDataStatus = "Failed with Error:$ErrorMessage"
        # Change Name
            $DisplayName = $Null
            $Name = $Null
            $DisplayName = $Mailbox.DisplayName
            $Name = $Mailbox.Name
            $NewDisplayName = $Null
            $NewName = $Null
            $NewDisplayName = "[Disable] - " + $DisplayName
            $NewName = "[Disable] - " + $Name
            Write-Log warning -LogPath $LogFile -Message "The script will change $Primary DisplayName From $DisplayName to $NewDisplayName - Name from $Name to $NewName"
            Set-Mailbox $Primary -DisplayName $NewDisplayName -Name $NewName
            Write-Log Info -LogPath $LogFile -Message "The script changed $Primary DisplayName From $DisplayName to $NewDisplayName - Name from $Name to $NewName"
            $ChangeNamesStatus = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to change $Primary DisplayName From $DisplayName to $NewDisplayName - Name from $Name to $NewName"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $ChangeNamesStatus = "Failed with Error:$ErrorMessage"
        # Convert to shared
            Write-Log warning -LogPath $LogFile -Message "The script will convert $Primary to Shared mailbox"
            Set-Mailbox $Primary -Type Shared
            Write-Log Info -LogPath $LogFile -Message "The script converted $Primary to shared mailbox"
            $ConvertToSharedStatus = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to convert $Primary to Shared Mailbox"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $ConvertToSharedStatus = "Failed with Error:$ErrorMessage"
        # Disable Mail Flow
            Write-Log warning -LogPath $LogFile -Message "The script will disable Mail Flow for $Primary"
            Set-Mailbox $Primary -RequireSenderAuthenticationEnabled $True -AcceptMessagesOnlyFrom $Primary
            Write-Log Info -LogPath $LogFile -Message "The script disabled Mail Flow for $Primary"
            $DisableMailFlowStatus = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to disable Mail Flow for $Primary"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $DisableMailFlowStatus = "Failed with Error:$ErrorMessage"
        # Hide from the GAL
            Write-Log warning -LogPath $LogFile -Message "The script will hide the mailbox $Primary from the GAL"
            Set-Mailbox $Primary -RequireSenderAuthenticationEnabled $True -HiddenFromAddressListsEnabled $True -AcceptMessagesOnlyFrom $Primary
            Write-Log Info -LogPath $LogFile -Message "The script hid the mailbox $Primary from the GAL"
            $HiddenFromGALStatus = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to hide the mailbox $Primary from the GAL"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $HiddenFromGALStatus = "Failed with Error:$ErrorMessage"
        # Full Access Permission without AutoMapping
            Write-Log warning -LogPath $LogFile -Message "The script will grant $Admin Full Access without AutoMapping to $Primary"
            Add-MailboxPermission -Identity $Primary -User $Admin -AccessRights FullAccess -AutoMapping:$false
            Write-Log Info -LogPath $LogFile -Message "The script disabled Mail Flow and hide the mailbox from the GAL"
            $GrantFullAccessStatus = "Success"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -LogPath $LogFile -Message "Failed to disable Mail Flow and hide the mailbox from the GAL"
            Write-Log Error -LogPath $LogFile -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -LogPath $LogFile -Message "Failed with Error:$ErrorMessage"
            $GrantFullAccessStatus = "Failed with Error:$ErrorMessage"
        $Table += New-object PSobject -Property ([Ordered] @{
                Primary                  = $Primary;
                DisplayName              = $DisplayName;
                NewDisplayName          = $NewDisplayName;
                Name                  = $Name;
                NewName                  = $NewName;
                DisabledMgUserStatus  = $DisabledMgUserStatus;
                ChangeNamesStatus      = $ChangeNamesStatus;
                ConvertToSharedStatus = $ConvertToSharedStatus;
                DisableMailFlowStatus = $DisableMailFlowStatus;
                HiddenFromGALStatus   = $HiddenFromGALStatus;
                GrantFullAccessStatus = $GrantFullAccessStatus
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_DisabledUsers_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "DisabledUsers" -Title "Disabled Users" -TitleBold -WorksheetName "DisabledUsers" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -LogPath $LogFile -Message "Generate the following Report: $ReportFilexlsx"
Function Get-MgRecipientUser
        [Parameter(Mandatory = $true,
                   Position = 1)]
    $MgRecipientUser = @()
    #Found License Name
        $LocalPath = ".\MapSKUID.csv"
        If (!(Test-Path $LocalPath))
            Write-Log warning -Message "The script Download Microsoft Licensing CSV File"
            $URL = ""
            $LocalPath = ".\MapSKUID.csv"
            Invoke-WebRequest -Uri $URL -OutFile $LocalPath
            Write-Log warning -Message "The folder $LocalPath is already exist"
        $MicrosoftSKUs = Import-Csv $LocalPath
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to download $LocalPath"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # MgUser
    $FoundMgUserStatus = "No"
        Write-log Warning -Message "The Script is searching for the MgUser: $UPN"
        $User = Get-MgUser -UserId $UPN
        $UserIdentity = $User.ID
        $UserData = Get-MgUser -UserId $UserIdentity -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime, CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
        Write-Log Info -Message "The script find the MgUser $UPN (DN: $UserIdentity)"
        $FoundMgUserStatus = "Yes"
        If ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime)
            $LastNonInteractiveSignInDateTime = Get-Date ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime) -Format "G"
            $LastNonInteractiveSignInDateTime = [datetime]::Parse($LastNonInteractiveSignInDateTime)
        If ($UserData.SignInActivity.LastSignInDateTime.DateTime)
            $LastSignInDateTime = Get-Date ($UserData.SignInActivity.LastSignInDateTime.DateTime) -Format "G"
            $LastSignInDateTime = [datetime]::Parse($LastSignInDateTime)
        If ($UserData.SignInSessionsValidFromDateTime.DateTime)
            $SignInSessionsValidFromDateTime = Get-Date ($UserData.SignInSessionsValidFromDateTime.DateTime) -Format "G"
            $SignInSessionsValidFromDateTime = [datetime]::Parse($SignInSessionsValidFromDateTime)
        If ($UserData.RefreshTokensValidFromDateTime.DateTime)
            $RefreshTokensValidFromDateTime = Get-Date ($UserData.RefreshTokensValidFromDateTime.DateTime) -Format "G"
            $RefreshTokensValidFromDateTime = [datetime]::Parse($RefreshTokensValidFromDateTime)
        $OnPremisesDistinguishedName = $UserData.OnPremisesDistinguishedName
        $OnPremisesImmutableId = $UserData.OnPremisesImmutableId
        $OnPremisesLastSyncDateTime = $UserData.OnPremisesLastSyncDateTime
        $OnPremisesSamAccountName = $UserData.OnPremisesSamAccountName
        $OnPremisesSyncEnabled = $UserData.OnPremisesSyncEnabled
        $OnPremisesUserPrincipalName = $UserData.OnPremisesUserPrincipalName
        $MailNickname = $UserData.MailNickname
        $DisplayName = $UserData.DisplayName
        $UserPrincipalName = $UserData.UserPrincipalName
        $Department = $UserData.Department
        $Tittle = $UserData.JobTitle
        $AccountEnabled = $UserData.AccountEnabled
        $Mail = $UserData.Mail
        $LastPasswordChangeDateTime = $UserData.LastPasswordChangeDateTime
        $UserType = $UserData.UserType
        $AssignedLicenses = $UserData.AssignedLicenses
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute1
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute2
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute3
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute4
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute5
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute6
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute7
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute8
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute9
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute10
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute11
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute12
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute13
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute14
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute15
        $CreatedDateTime = $UserData.CreatedDateTime
        $UserLicenses = @()
        foreach ($AssignedLicense in $AssignedLicenses)
            $SkuId = $Null
            $SkuId = $AssignedLicense.SkuId
            $UserLicenses += ($MicrosoftSKUs | where { $_.GUID -eq $SkuId } | Select -first 1).Product_Display_Name
        $Licenses = $UserLicenses -join ";"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find MgUser $UPN"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        $FoundMgUserStatus = "Failed with Error:$ErrorMessage"
    # Recipient
    $FoundRecipientStatus = "No"
        Write-log Warning -Message "The Script is searching for the Recipient: $UPN"
        $Recipient = $Recipient = Get-Recipient $UPN
        Write-Log Info -Message "The script find the recipient $UPN (DN: $UserIdentity)"
        $FoundRecipientStatus = "Yes"
        $PrimarySmtpAddress = $Recipient.PrimarySmtpAddress
        $RecipientTypeDetails = $Recipient.RecipientTypeDetails
        $IsDirSynced = $Recipient.IsDirSynced
        $WhenMailboxCreated = $Recipient.WhenMailboxCreated
        $WhenSoftDeleted = $Recipient.WhenSoftDeleted
        $WhenCreated = $Recipient.WhenCreated
        $DeletedItemCount = "Not a Mailbox"
        $ItemCount = "Not a Mailbox"
        $TotalDeletedItemSize = "Not a Mailbox"
        $TotalItemSize = "Not a Mailbox"
        $FoundMailboxStatisticsStatus = "Not a Mailbox"
        $IsMailboxEnabled = "Not a Mailbox"
        If ($RecipientTypeDetails -like "*Mailbox")
            #Mailbox Data
            $IsMailboxEnabled = "No Data Found"
                Write-Log warning -Message "The script retreive Mailbox Data for $PrimarySmtpAddress"
                $MailboxData = $Null
                $MailboxData = Get-Mailbox $PrimarySmtpAddress
                $IsMailboxEnabled = $MailboxData.IsMailboxEnabled
                Write-Log Info -Message "The script retreived Mailbox Data for $PrimarySmtpAddress"
                $FoundMailboxDataStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to retreive Mailbox Data for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxDataStatus = "Failed with Error:$ErrorMessage"
            $DeletedItemCount = "No Data Found"
            $ItemCount = "No Data Found"
            $TotalDeletedItemSize = "No Data Found"
            $TotalItemSize = "No Data Found"
                Write-Log warning -Message "The script search Mailbox Statistics for $PrimarySmtpAddress"
                $MailboxStatistics = Get-EXOMailboxStatistics $PrimarySmtpAddress
                $DeletedItemCount = $MailboxStatistics.DeletedItemCount
                $ItemCount = $MailboxStatistics.ItemCount
                $TotalDeletedItemSize = $MailboxStatistics.TotalDeletedItemSize
                $TotalItemSize = $MailboxStatistics.TotalItemSize
                Write-Log Info -Message "The script found Mailbox Statistics info for $PrimarySmtpAddress"
                $FoundMailboxStatisticsStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                $DeletedItemCount = "Failed"
                $ItemCount = "Failed"
                $TotalDeletedItemSize = "Failed"
                $TotalItemSize = "Failed"
            #Mailbox Permissions
            $MailboxPermissionUsers = "No Data Found"
            $MailboxPermissionAccessRights = "No Data Found"
            $RecipientPermissionTrustees = "No Data Found"
            $RecipientPermissionAccessRights = "No Data Found"
                Write-Log warning -Message "The script search Mailbox Permissions for $PrimarySmtpAddress"
                $EXORecipientPermissions = Get-EXORecipientPermission $PrimarySmtpAddress
                $EXOMailboxPermissions = Get-EXOMailboxPermission $PrimarySmtpAddress
                $MailboxPermissionUsers = $EXOMailboxPermissions.User -join ";"
                $MailboxPermissionAccessRights = $EXOMailboxPermissions.AccessRights -join ";"
                $RecipientPermissionTrustees = $EXORecipientPermissions.Trustee -join ";"
                $RecipientPermissionAccessRights = $EXORecipientPermissions.AccessRights -join ";"
                Write-Log Info -Message "The script found Mailbox Permissions info for $PrimarySmtpAddress"
                $FoundMailboxStatisticsStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                $MailboxPermissionUsers = "Failed"
                $MailboxPermissionAccessRights = "Failed"
                $RecipientPermissionTrustees = "Failed"
                $RecipientPermissionAccessRights = "Failed"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find MgUser $UPN"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        $FoundRecipientStatus = "Failed with Error:$ErrorMessage"
    $MgRecipientUser += New-object PSobject -Property ([Ordered] @{
            UPN                                                   = $UPN;
            Identity                                           = $UserIdentity;
            FoundMgUser                                           = $FoundMgUserStatus;
            DisplayName                                           = $DisplayName;
            Tittle                                               = $Tittle;
            Department                                           = $Department;
            AccountEnabled                                       = $AccountEnabled;
            Mail                                               = $Mail;
            UserPrincipalName                                   = $UserPrincipalName;
            LastNonInteractiveSignInDateTime                   = $LastNonInteractiveSignInDateTime;
            LastSignInDateTime                                   = $LastSignInDateTime;
            SignInSessionsValidFromDateTime                       = $SignInSessionsValidFromDateTime;
            RefreshTokensValidFromDateTime                       = $RefreshTokensValidFromDateTime;
            LastPasswordChangeDateTime                           = $LastPasswordChangeDateTime;
            OnPremisesDistinguishedName                           = $OnPremisesDistinguishedName;
            OnPremisesImmutableId                               = $OnPremisesImmutableId;
            OnPremisesLastSyncDateTime                           = $OnPremisesLastSyncDateTime;
            OnPremisesSamAccountName                           = $OnPremisesSamAccountName;
            OnPremisesSyncEnabled                               = $OnPremisesSyncEnabled;
            OnPremisesUserPrincipalName                           = $OnPremisesUserPrincipalName;
            OnPremisesExtensionAttributes_ExtensionAttribute1  = $OnPremisesExtensionAttributes_ExtensionAttribute1;
            OnPremisesExtensionAttributes_ExtensionAttribute2  = $OnPremisesExtensionAttributes_ExtensionAttribute2;
            OnPremisesExtensionAttributes_ExtensionAttribute3  = $OnPremisesExtensionAttributes_ExtensionAttribute3;
            OnPremisesExtensionAttributes_ExtensionAttribute4  = $OnPremisesExtensionAttributes_ExtensionAttribute4;
            OnPremisesExtensionAttributes_ExtensionAttribute5  = $OnPremisesExtensionAttributes_ExtensionAttribute5;
            OnPremisesExtensionAttributes_ExtensionAttribute6  = $OnPremisesExtensionAttributes_ExtensionAttribute6;
            OnPremisesExtensionAttributes_ExtensionAttribute7  = $OnPremisesExtensionAttributes_ExtensionAttribute7;
            OnPremisesExtensionAttributes_ExtensionAttribute8  = $OnPremisesExtensionAttributes_ExtensionAttribute8;
            OnPremisesExtensionAttributes_ExtensionAttribute9  = $OnPremisesExtensionAttributes_ExtensionAttribute9;
            OnPremisesExtensionAttributes_ExtensionAttribute10 = $OnPremisesExtensionAttributes_ExtensionAttribute10;
            OnPremisesExtensionAttributes_ExtensionAttribute11 = $OnPremisesExtensionAttributes_ExtensionAttribute11;
            OnPremisesExtensionAttributes_ExtensionAttribute12 = $OnPremisesExtensionAttributes_ExtensionAttribute12;
            OnPremisesExtensionAttributes_ExtensionAttribute13 = $OnPremisesExtensionAttributes_ExtensionAttribute13;
            OnPremisesExtensionAttributes_ExtensionAttribute14 = $OnPremisesExtensionAttributes_ExtensionAttribute14;
            OnPremisesExtensionAttributes_ExtensionAttribute15 = $OnPremisesExtensionAttributes_ExtensionAttribute15;
            CreatedDateTime                                       = $CreatedDateTime;
            MailNickname                                       = $MailNickname;
            UserType                                           = $UserType;
            Licenses                                           = $Licenses;
            FoundRecipient                                       = $FoundRecipientStatus;
            PrimarySmtpAddress                                   = $PrimarySmtpAddress;
            RecipientTypeDetails                               = $RecipientTypeDetails;
            IsDirSynced                                           = $IsDirSynced;
            IsMailboxEnabled                                   = $IsMailboxEnabled;
            WhenMailboxCreated                                   = $WhenMailboxCreated;
            WhenSoftDeleted                                       = $WhenSoftDeleted;
            WhenCreated                                           = $WhenCreated;
            FoundMailboxStatistics                               = $FoundMailboxStatisticsStatus;
            DeletedItemCount                                   = $DeletedItemCount;
            ItemCount                                           = $ItemCount;
            TotalDeletedItemSize                               = $TotalDeletedItemSize;
            TotalItemSize                                       = $TotalItemSize;
            MailboxPermissionUsers                               = $MailboxPermissionUsers;
            MailboxPermissionAccessRights                       = $MailboxPermissionAccessRights;
            RecipientPermissionTrustees                           = $RecipientPermissionTrustees;
            RecipientPermissionAccessRights                       = $RecipientPermissionAccessRights;
    Return $MgRecipientUser
Function Get-MgBetaRecipientUser
        [Parameter(Mandatory = $true,
                   Position = 1)]
    $MgRecipientUser = @()
    #Found License Name
        $LocalPath = ".\MapSKUID.csv"
        If (!(Test-Path $LocalPath))
            Write-Log warning -Message "The script Download Microsoft Licensing CSV File"
            $URL = ""
            $LocalPath = ".\MapSKUID.csv"
            Invoke-WebRequest -Uri $URL -OutFile $LocalPath
            Write-Log warning -Message "The folder $LocalPath is already exist"
        $MicrosoftSKUs = Import-Csv $LocalPath
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to download $LocalPath"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # MgUser
    $FoundMgUserStatus = "No"
        Write-log Warning -Message "The Script is searching for the MgUser: $UPN"
        $User = Get-MgBetaUser -UserId $UPN
        $UserIdentity = $User.ID
        $UserData = Get-MgBetaUser -UserId $UserIdentity -Property SignInSessionsValidFromDateTime, RefreshTokensValidFromDateTime,CreatedDateTime, OnPremisesDistinguishedName, OnPremisesImmutableId, OnPremisesLastSyncDateTime, OnPremisesSamAccountName, OnPremisesSyncEnabled, OnPremisesUserPrincipalName, SignInActivity, MailNickname, UserType, AssignedLicenses, DisplayName, UserPrincipalName, JobTitle, Department, AccountEnabled, Mail, LastPasswordChangeDateTime, OnPremisesExtensionAttributes
        Write-Log Info -Message "The script find the MgUser $UPN (DN: $UserIdentity)"
        $FoundMgUserStatus = "Yes"
        If ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime)
            $LastNonInteractiveSignInDateTime = Get-Date ($UserData.signinActivity.LastNonInteractiveSignInDateTime.DateTime) -Format "G"
            $LastNonInteractiveSignInDateTime = [datetime]::Parse($LastNonInteractiveSignInDateTime)
        If ($UserData.SignInActivity.LastSignInDateTime.DateTime)
            $LastSignInDateTime = Get-Date ($UserData.SignInActivity.LastSignInDateTime.DateTime) -Format "G"
            $LastSignInDateTime = [datetime]::Parse($LastSignInDateTime)
        If ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime)
            $LastSuccessfulSignInDateTime = Get-Date ($UserData.SignInActivity.LastSuccessfulSignInDateTime.DateTime) -Format "G"
            $LastSuccessfulSignInDateTime = [datetime]::Parse($LastSuccessfulSignInDateTime)
        If ($UserData.SignInSessionsValidFromDateTime.DateTime)
            $SignInSessionsValidFromDateTime = Get-Date ($UserData.SignInSessionsValidFromDateTime.DateTime) -Format "G"
            $SignInSessionsValidFromDateTime = [datetime]::Parse($SignInSessionsValidFromDateTime)
        If ($UserData.RefreshTokensValidFromDateTime.DateTime)
            $RefreshTokensValidFromDateTime = Get-Date ($UserData.RefreshTokensValidFromDateTime.DateTime) -Format "G"
            $RefreshTokensValidFromDateTime = [datetime]::Parse($RefreshTokensValidFromDateTime)
        $OnPremisesDistinguishedName = $UserData.OnPremisesDistinguishedName
        $OnPremisesImmutableId = $UserData.OnPremisesImmutableId
        $OnPremisesLastSyncDateTime = $UserData.OnPremisesLastSyncDateTime
        $OnPremisesSamAccountName = $UserData.OnPremisesSamAccountName
        $OnPremisesSyncEnabled = $UserData.OnPremisesSyncEnabled
        $OnPremisesUserPrincipalName = $UserData.OnPremisesUserPrincipalName
        $MailNickname = $UserData.MailNickname
        $DisplayName = $UserData.DisplayName
        $UserPrincipalName = $UserData.UserPrincipalName
        $Department = $UserData.Department
        $Tittle = $UserData.JobTitle
        $AccountEnabled = $UserData.AccountEnabled
        $Mail = $UserData.Mail
        $LastPasswordChangeDateTime = $UserData.LastPasswordChangeDateTime
        $UserType = $UserData.UserType
        $AssignedLicenses = $UserData.AssignedLicenses
        $OnPremisesExtensionAttributes_ExtensionAttribute1 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute1
        $OnPremisesExtensionAttributes_ExtensionAttribute2 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute2
        $OnPremisesExtensionAttributes_ExtensionAttribute3 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute3
        $OnPremisesExtensionAttributes_ExtensionAttribute4 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute4
        $OnPremisesExtensionAttributes_ExtensionAttribute5 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute5
        $OnPremisesExtensionAttributes_ExtensionAttribute6 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute6
        $OnPremisesExtensionAttributes_ExtensionAttribute7 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute7
        $OnPremisesExtensionAttributes_ExtensionAttribute8 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute8
        $OnPremisesExtensionAttributes_ExtensionAttribute9 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute9
        $OnPremisesExtensionAttributes_ExtensionAttribute10 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute10
        $OnPremisesExtensionAttributes_ExtensionAttribute11 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute11
        $OnPremisesExtensionAttributes_ExtensionAttribute12 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute12
        $OnPremisesExtensionAttributes_ExtensionAttribute13 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute13
        $OnPremisesExtensionAttributes_ExtensionAttribute14 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute14
        $OnPremisesExtensionAttributes_ExtensionAttribute15 = $UserData.OnPremisesExtensionAttributes.ExtensionAttribute15
        $CreatedDateTime = $UserData.CreatedDateTime
        $UserLicenses = @()
        foreach ($AssignedLicense in $AssignedLicenses)
            $SkuId = $Null
            $SkuId = $AssignedLicense.SkuId
            $UserLicenses += ($MicrosoftSKUs | where { $_.GUID -eq $SkuId } | Select -first 1).Product_Display_Name
        $Licenses = $UserLicenses -join ";"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find MgUser $UPN"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        $FoundMgUserStatus = "Failed with Error:$ErrorMessage"
    # Recipient
    $FoundRecipientStatus = "No"
        Write-log Warning -Message "The Script is searching for the Recipient: $UPN"
        $Recipient = $Recipient = Get-Recipient $UPN
        Write-Log Info -Message "The script find the recipient $UPN (DN: $UserIdentity)"
        $FoundRecipientStatus = "Yes"
        $PrimarySmtpAddress = $Recipient.PrimarySmtpAddress
        $RecipientTypeDetails = $Recipient.RecipientTypeDetails
        $IsDirSynced = $Recipient.IsDirSynced
        $WhenMailboxCreated = $Recipient.WhenMailboxCreated
        $WhenSoftDeleted = $Recipient.WhenSoftDeleted
        $WhenCreated = $Recipient.WhenCreated
        $DeletedItemCount = "Not a Mailbox"
        $ItemCount = "Not a Mailbox"
        $TotalDeletedItemSize = "Not a Mailbox"
        $TotalItemSize = "Not a Mailbox"
        $FoundMailboxStatisticsStatus = "Not a Mailbox"
        $IsMailboxEnabled = "Not a Mailbox"
        If ($RecipientTypeDetails -like "*Mailbox")
            #Mailbox Data
            $IsMailboxEnabled = "No Data Found"
                Write-Log warning -Message "The script retreive Mailbox Data for $PrimarySmtpAddress"
                $MailboxData = $Null
                $MailboxData = Get-Mailbox $PrimarySmtpAddress
                $IsMailboxEnabled = $MailboxData.IsMailboxEnabled
                Write-Log Info -Message "The script retreived Mailbox Data for $PrimarySmtpAddress"
                $FoundMailboxDataStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to retreive Mailbox Data for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxDataStatus = "Failed with Error:$ErrorMessage"
            $DeletedItemCount = "No Data Found"
            $ItemCount = "No Data Found"
            $TotalDeletedItemSize = "No Data Found"
            $TotalItemSize = "No Data Found"
                Write-Log warning -Message "The script search Mailbox Statistics for $PrimarySmtpAddress"
                $MailboxStatistics = Get-EXOMailboxStatistics $PrimarySmtpAddress
                $DeletedItemCount = $MailboxStatistics.DeletedItemCount
                $ItemCount = $MailboxStatistics.ItemCount
                $TotalDeletedItemSize = $MailboxStatistics.TotalDeletedItemSize
                $TotalItemSize = $MailboxStatistics.TotalItemSize
                Write-Log Info -Message "The script found Mailbox Statistics info for $PrimarySmtpAddress"
                $FoundMailboxStatisticsStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                $DeletedItemCount = "Failed"
                $ItemCount = "Failed"
                $TotalDeletedItemSize = "Failed"
                $TotalItemSize = "Failed"
            #Mailbox Permissions
            $MailboxPermissionUsers = "No Data Found"
            $MailboxPermissionAccessRights = "No Data Found"
            $RecipientPermissionTrustees = "No Data Found"
            $RecipientPermissionAccessRights = "No Data Found"
                Write-Log warning -Message "The script search Mailbox Permissions for $PrimarySmtpAddress"
                $EXORecipientPermissions = Get-EXORecipientPermission $PrimarySmtpAddress
                $EXOMailboxPermissions = Get-EXOMailboxPermission $PrimarySmtpAddress
                $MailboxPermissionUsers = $EXOMailboxPermissions.User -join ";"
                $MailboxPermissionAccessRights = $EXOMailboxPermissions.AccessRights -join ";"
                $RecipientPermissionTrustees = $EXORecipientPermissions.Trustee -join ";"
                $RecipientPermissionAccessRights = $EXORecipientPermissions.AccessRights -join ";"
                Write-Log Info -Message "The script found Mailbox Permissions info for $PrimarySmtpAddress"
                $FoundMailboxStatisticsStatus = "Yes"
                $ErrorMessage = $Error[0].Exception.Message
                $CMDLet = $Error[0].InvocationInfo.Line
                $FailedItem = $Error[0].Exception.ItemName
                Write-Log Error -Message "Failed to Retreive MailboxStatistics for $PrimarySmtpAddress"
                Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
                Write-Log Error -Message "Failed with Error:$ErrorMessage"
                $FoundMailboxStatisticsStatus = "Failed with Error:$ErrorMessage"
                $MailboxPermissionUsers = "Failed"
                $MailboxPermissionAccessRights = "Failed"
                $RecipientPermissionTrustees = "Failed"
                $RecipientPermissionAccessRights = "Failed"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find MgUser $UPN"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        $FoundRecipientStatus = "Failed with Error:$ErrorMessage"
    $MgRecipientUser += New-object PSobject -Property ([Ordered] @{
            UPN                                                   = $UPN;
            Identity                                           = $UserIdentity;
            FoundMgUser                                           = $FoundMgUserStatus;
            DisplayName                                           = $DisplayName;
            Tittle                                               = $Tittle;
            Department                                           = $Department;
            AccountEnabled                                       = $AccountEnabled;
            Mail                                               = $Mail;
            UserPrincipalName                                   = $UserPrincipalName;
            LastSuccessfulSignInDateTime                       = $LastSuccessfulSignInDateTime;
            LastNonInteractiveSignInDateTime                   = $LastNonInteractiveSignInDateTime;
            LastSignInDateTime                                   = $LastSignInDateTime;
            SignInSessionsValidFromDateTime                       = $SignInSessionsValidFromDateTime;
            RefreshTokensValidFromDateTime                       = $RefreshTokensValidFromDateTime;
            LastPasswordChangeDateTime                           = $LastPasswordChangeDateTime;
            OnPremisesDistinguishedName                           = $OnPremisesDistinguishedName;
            OnPremisesImmutableId                               = $OnPremisesImmutableId;
            OnPremisesLastSyncDateTime                           = $OnPremisesLastSyncDateTime;
            OnPremisesSamAccountName                           = $OnPremisesSamAccountName;
            OnPremisesSyncEnabled                               = $OnPremisesSyncEnabled;
            OnPremisesUserPrincipalName                           = $OnPremisesUserPrincipalName;
            OnPremisesExtensionAttributes_ExtensionAttribute1  = $OnPremisesExtensionAttributes_ExtensionAttribute1;
            OnPremisesExtensionAttributes_ExtensionAttribute2  = $OnPremisesExtensionAttributes_ExtensionAttribute2;
            OnPremisesExtensionAttributes_ExtensionAttribute3  = $OnPremisesExtensionAttributes_ExtensionAttribute3;
            OnPremisesExtensionAttributes_ExtensionAttribute4  = $OnPremisesExtensionAttributes_ExtensionAttribute4;
            OnPremisesExtensionAttributes_ExtensionAttribute5  = $OnPremisesExtensionAttributes_ExtensionAttribute5;
            OnPremisesExtensionAttributes_ExtensionAttribute6  = $OnPremisesExtensionAttributes_ExtensionAttribute6;
            OnPremisesExtensionAttributes_ExtensionAttribute7  = $OnPremisesExtensionAttributes_ExtensionAttribute7;
            OnPremisesExtensionAttributes_ExtensionAttribute8  = $OnPremisesExtensionAttributes_ExtensionAttribute8;
            OnPremisesExtensionAttributes_ExtensionAttribute9  = $OnPremisesExtensionAttributes_ExtensionAttribute9;
            OnPremisesExtensionAttributes_ExtensionAttribute10 = $OnPremisesExtensionAttributes_ExtensionAttribute10;
            OnPremisesExtensionAttributes_ExtensionAttribute11 = $OnPremisesExtensionAttributes_ExtensionAttribute11;
            OnPremisesExtensionAttributes_ExtensionAttribute12 = $OnPremisesExtensionAttributes_ExtensionAttribute12;
            OnPremisesExtensionAttributes_ExtensionAttribute13 = $OnPremisesExtensionAttributes_ExtensionAttribute13;
            OnPremisesExtensionAttributes_ExtensionAttribute14 = $OnPremisesExtensionAttributes_ExtensionAttribute14;
            OnPremisesExtensionAttributes_ExtensionAttribute15 = $OnPremisesExtensionAttributes_ExtensionAttribute15;
            CreatedDateTime                                       = $CreatedDateTime;
            MailNickname                                       = $MailNickname;
            UserType                                           = $UserType;
            Licenses                                           = $Licenses;
            FoundRecipient                                       = $FoundRecipientStatus;
            PrimarySmtpAddress                                   = $PrimarySmtpAddress;
            RecipientTypeDetails                               = $RecipientTypeDetails;
            IsDirSynced                                           = $IsDirSynced;
            IsMailboxEnabled                                   = $IsMailboxEnabled;
            WhenMailboxCreated                                   = $WhenMailboxCreated;
            WhenSoftDeleted                                       = $WhenSoftDeleted;
            WhenCreated                                           = $WhenCreated;
            FoundMailboxStatistics                               = $FoundMailboxStatisticsStatus;
            DeletedItemCount                                   = $DeletedItemCount;
            ItemCount                                           = $ItemCount;
            TotalDeletedItemSize                               = $TotalDeletedItemSize;
            TotalItemSize                                       = $TotalItemSize;
            MailboxPermissionUsers                               = $MailboxPermissionUsers;
            MailboxPermissionAccessRights                       = $MailboxPermissionAccessRights;
            RecipientPermissionTrustees                           = $RecipientPermissionTrustees;
            RecipientPermissionAccessRights                       = $RecipientPermissionAccessRights;
    Return $MgRecipientUser
Function Create-MgAccount
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Mandatory = $true,
                   Position = 2)]
        [Parameter(Mandatory = $true,
                   Position = 3)]
        [Parameter(Mandatory = $true,
                   Position = 4)]
        [Parameter(Mandatory = $true,
                   Position = 5)]
        [Parameter(Mandatory = $true,
                   Position = 6)]
        [Parameter(Mandatory = $true,
                   Position = 7)]
        [Parameter(Mandatory = $true,
                   Position = 8)]
        [Parameter(Position = 9)]
    If ($Confirm)
        Write-Log Warning -Message "Please make sure you are connected to MgGraph using the following Scopes Domain.ReadWrite.All, Directory.ReadWrite.All, User.ReadWrite.All, Organization.Read.All, Group.ReadWrite.All"
        Read-Host "Are you ready to continue?"

    $PasswordProfile = @{
        Password = $TempPassword
    # Create Users
        Write-Log warning -Message "The script will try to create the user: $DisplayName ($UserName)"
        $MgUser = $Null
        $MgUser = New-MgUser -DisplayName $DisplayName -GivenName $FirstName -Surname $LastName -PasswordProfile $PasswordProfile -AccountEnabled -MailNickName $MailNickName -UserPrincipalName $UserName -UsageLocation $UsageLocation
        $MgUserID = $Null
        $MgUserID = $MgUser.ID
        Write-Log INFO -Message "The script created the user: $DisplayName ($UserName)"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to create the user: $DisplayName ($UserName)"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    #Find License Group
        Write-Log warning -Message "The script will try find the group $LicenseGroupName"
        $MgLicenseGroup = Get-MgGroup -Filter "DisplayName eq '$LicenseGroupName'"
        $LicenseGroupNameID = $Null
        $LicenseGroupNameID = $MgLicenseGroup.Id
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to find the group $LicenseGroupName"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    #Add User to license Group
    If ($LicenseGroupNameID)
            Write-Log INFO -Message "The script found $LicenseGroupName"
            Write-Log warning -Message "The script will try to add $DisplayName ($UserPrincipalName - $MgUserID) to $LicenseGroupName"
            New-MgGroupMember -GroupId $LicenseGroupNameID -DirectoryObjectId $MgUserID
            Write-Log INFO -Message "The script added $DisplayName ($UserPrincipalName - $MgUserID) to $LicenseGroupName"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to add $DisplayName ($UserPrincipalName - $MgUserID) to $LicenseGroupName"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Write-Log Error -Message "Failed to find the group $LicenseGroupName"
Function Disable-MgAccount
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Position = 2)]
    # Find User
        $MgUser = Get-MgUser -UserId $UPN
        $DisplayName = $MgUser.DisplayName
        $UserID = $MgUser.ID
        Write-Host "The script find the user: $DisplayName (UPN:$UPN) with the following ObjectID: $UserID" -ForegroundColor Green
        If (!($Confirm)) { Read-Host "Are you sure you want to Disable the AAD Account & revoke all Azure Tokens of $DisplayName? Press Any Key to continue or CTRL+C to Cancel" }
        $ErrorMessage = $Error[0].Exception.Message
        Write-Host "Failed with Error:$ErrorMessage" -ForegroundColor Red
        Write-Host "The script will stop" -ForegroundColor Red
    # Disable AAD Account
        Update-MgUser -UserId $UserID -AccountEnabled:$false
        Write-Host "The script disabled AAD Account $UPN" -ForegroundColor green
    { $ErrorMessage = $Error[0].Exception.Message; Write-Host "Failed with Error:$ErrorMessage" -ForegroundColor Red }
    # Revoke AAD Tokens
        Revoke-MgUserSignInSession -UserId $UserID
        Write-Host "The script revoke all tokens for $UPN" -ForegroundColor Green
    { $ErrorMessage = $Error[0].Exception.Message; Write-Host "Failed with Error:$ErrorMessage" -ForegroundColor Red }
Function Revoke-MgUserToken
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Position = 2)]
    # Find User
        $MgUser = Get-MgUser -UserId $UPN
        $DisplayName = $MgUser.DisplayName
        $UserID = $MgUser.ID
        Write-Host "The script find the user: $DisplayName (UPN:$UPN) with the following ObjectID: $UserID" -ForegroundColor Green
        If (!($Confirm)) { Read-Host "Are you sure you want to revoke all EntraID Tokens of $DisplayName? Press Any Key to continue or CTRL+C to Cancel" }
        $ErrorMessage = $Error[0].Exception.Message
        Write-Host "Failed with Error:$ErrorMessage" -ForegroundColor Red
        Write-Host "The script will stop" -ForegroundColor Red
        Read-Host "End of the Script"
    # Revoke EntraID Tokens
        Revoke-MgUserSignInSession -UserId $UserID
        Write-Host "The script revoke all tokens for $UPN" -ForegroundColor Green
    { $ErrorMessage = $Error[0].Exception.Message; Write-Host "Failed with Error:$ErrorMessage" -ForegroundColor Red }


#region Groups
Function Get-MgNestedGroupMembers
    param (
        [Parameter(Mandatory = $true)]
    $MgGroupFound = Get-MgGroup -Filter "DisplayName eq '$GroupName'"
    If ($MgGroupFound)
        $GroupId = $MgGroupFound.Id
        $Table = $Null
        $Table = @()
        $GroupName = (Get-MgGroup -GroupId $GroupId).DisplayName
        # Get the direct members of the group
        $DirectMembers = Get-MgGroupMember -GroupId $GroupId
        # Loop through each direct member
        foreach ($member in $DirectMembers)
            # Check if the member is a group
            $ObjectType = $Null
            $ObjectType = $member.AdditionalProperties.'@odata.type'
            $ObjectId = $Null
            $ObjectId = $member.Id
            $ObjectName = $Null
            $ObjectName = $member.AdditionalProperties.displayName
            if ($ObjectType -eq "")
                # If it's a group, recursively call the function to get its members
                Get-MgNestedGroupMembers -GroupName $ObjectName
                # If it's not a group, output the member's details
                $DisplayName = $member.AdditionalProperties.displayName
                $PrimarySmtpAddress = $member.AdditionalProperties.userPrincipalName
                $GroupName = (Get-MgGroup -GroupId $GroupId).DisplayName
                $Table += New-object PSobject -Property ([Ordered] @{
                        DisplayName           = $DisplayName;
                        PrimarySmtpAddress = $PrimarySmtpAddress;
                        GroupName           = $GroupName;
        Return $Table
        Write-Log Warning -Message "Group NOT Found"

#region Licenses
##################### Licenses ########################
Function Generate-MgLicenseReportPerSKU
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    # Generate list of available licenses on the tenant
    $URL = ""
    $LocalPath = ".\MapSKUID_" + $DateFull + ".csv"
    Invoke-WebRequest -Uri $URL -OutFile $LocalPath
    $MicrosoftSKUs = Import-Csv $LocalPath
    $TenantSKUs = Get-MgSubscribedSku
    $TenantName = $TenantSKUs.AccountName | select -First 1
    $SKUs = $Null
    $SKUs = @()
    foreach ($TenantSKU in $TenantSKUs)
        $TenantSKU_SkuId = $Null
        $TenantSKU_Name = $Null
        $TenantSKU_ConsumedUnits = $Null
        $TenantSKU_SkuPartNumber = $Null
        $TenantSKU_SkuId = $TenantSKU.SkuId
        $TenantSKU_ConsumedUnits = $TenantSKU.ConsumedUnits
        $TenantSKU_SkuPartNumber = $TenantSKU.SkuPartNumber
        $TenantSKU_Name = ($MicrosoftSKUs | where { $_.GUID -eq $TenantSKU_SkuId } | Select -first 1).Product_Display_Name
        $SKUs += New-object PSobject -Property ([Ordered] @{
                Name          = $TenantSKU_Name;
                ConsumedUnits = $TenantSKU_ConsumedUnits;
                SkuPartNumber = $TenantSKU_SkuPartNumber;
                SkuId          = $TenantSKU_SkuId;
    #Generate for selected SKU
    $SKUs | ft
    $SelectedSKU = $SKUs | Out-GridView -PassThru
    $SelectedSKUGUID = $SelectedSKU.Skuid
    $SelectedSKUName = $SelectedSKU.Name
    $SelectedSkuPartNumber = $SelectedSKU.SkuPartNumber
    Write-Log warning -Message "Selected SKU is: $SelectedSKUName"
    [Array]$MgUsers = Get-MgUser -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records -All -Property displayName, userPrincipalName, country, department, assignedlicenses, createdDateTime, jobTitle | Sort-Object DisplayName
    $Users = $Null
    $Users = @()
    Foreach ($MgUser in $MgUsers)
        $displayName = $Null
        $userPrincipalName = $Null
        $country = $Null
        $department = $Null
        $assignedlicenses = $Null
        $createdDateTime = $Null
        $jobTitle = $Null
        $displayName = $MgUser.displayName
        $userPrincipalName = $MgUser.userPrincipalName
        $country = $
        $department = $MgUser.department
        $assignedlicenses = $MgUser.assignedlicenses.Skuid -join ";"
        $createdDateTime = $MgUser.createdDateTime
        $jobTitle = $MgUser.jobTitle
        $Users += New-object PSobject -Property ([Ordered] @{
                displayName          = $displayName;
                userPrincipalName = $userPrincipalName;
                country              = $country;
                department          = $department;
                assignedlicenses  = $assignedlicenses;
                createdDateTime   = $createdDateTime;
                jobTitle          = $jobTitle;
    $UsersCount = ($Users | Measure).count
    Write-Log warning -Message "The tenant has $UsersCount users"
    $LicensedUsers = $Users | where { $_.AssignedLicenses -like "*$($SelectedSKUGUID)*" } | select displayName, userPrincipalName, country, department, createdDateTime, jobTitle
    $LicensedUsersCount = ($LicensedUsers | Measure).count
    Write-Log warning -Message "The selected SKU $SelectedSKUName has $LicensedUsersCount users"
    $ReportFilexlsx = "LicensesReport_" + $TenantName + "_" + $SelectedSkuPartNumber + "_" + $DateFull + ".xlsx"
    $LicensedUsers | Export-Excel $ReportFilexlsx --TableName "AssignedLicenses" -Title "Assigned Licenses" -TitleBold -WorksheetName "AssignedLicenses" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"

Function Generate-MgLicenseReport
    param ()
    $URL = ""
    $LocalPath = ".\MapSKUID.csv"
    Invoke-WebRequest -Uri $URL -OutFile $LocalPath
    $SKUs = Import-csv  $LocalPath
    [Array]$Users = Get-MgUser -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records -All -Property id, displayName, userPrincipalName, country, department, assignedlicenses, createdDateTime, jobTitle, signInActivity, AccountEnabled | Sort-Object DisplayName
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($Users | Measure).count
    foreach ($User in $Users)
        $DisplayName = $Null
        $DisplayName = $User.DisplayName
        $id = $Null
        $id = $
        $userPrincipalName = $Null
        $userPrincipalName = $User.userPrincipalName
        $AssignedLicenses = $Null
        $AssignedLicenses = $User.assignedlicenses
        $LastSigninDateTime = $Null
        $LastSigninDateTime = $User.signInActivity.LastSigninDateTime
        $LastNonInteractiveSignInDateTime = $Null
        $LastNonInteractiveSignInDateTime = $User.signInActivity.LastNonInteractiveSignInDateTime
        $jobTitle = $Null
        $jobTitle = $User.jobTitle
        $department = $Null
        $department = $User.department
        $AccountEnabled = $Null
        $AccountEnabled = $User.AccountEnabled
        $SKU_NameData = $Null
        $SKU_NameData = @()
        write-log warning -message "Analyzing $DisplayName ($UserprincipalName) --- $i/$Count"
        Foreach ($AssignedLicense in $AssignedLicenses)
            $AssignedLicense_SKUID = $AssignedLicense.Skuid
            $SKU_Name = $Null
            $SKU_Name = ($SKUs | where { $_.GUID -eq $AssignedLicense_SKUID } | Select -first 1).Product_Display_Name
            write-log Info -message "Find the following license for : $DisplayName - LicenseName:$SKU_Name ($AssignedLicense_SKUID) "
            $SKU_NameData += $SKU_Name
        $SKU_Names = $SKU_NameData -join ";"
        $Table += New-object PSobject -Property ([Ordered] @{
                DisplayName                         = $DisplayName;
                userPrincipalName                 = $userPrincipalName;
                id                                 = $id;
                AccountEnabled                     = $AccountEnabled;
                JobTitle                         = $jobTitle;
                Department                         = $department;
                SKU_Names                         = $SKU_Names;
                LastSigninDateTime                 = $LastSigninDateTime;
                LastNonInteractiveSignInDateTime = $LastNonInteractiveSignInDateTime;
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_LicensedUsers_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "LicensedUsers" -Title "Licensed Users" -TitleBold -WorksheetName "LicensedUsers" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"


#region App
###################### Apps #########################
Function Generate-MgReportOauthAuditReportToExcel
    param ()
    $MissingModules = $null
    $MissingModules = @()
    If (!(Get-InstalledModule -Name "MSIdentityTools" -ErrorAction SilentlyContinue)) { Write-Log Error -Message "MS Identity Tools Powershell module is not installed. The script will try to install the module"; $MissingModules += "Missing Powershell Module MSIdentityTools" }
    If (!(Get-InstalledModule -Name "ImportExcel" -ErrorAction SilentlyContinue)) { Write-Log Error -Message "ImportExcel Powershell module is not installed. The script will try to install the module"; $MissingModules += "Missing Powershell Module ImportExcel" }
    If ($MissingModules.count -eq 0)
        Write-Log Info -Message "MSIdentityTools & ImportExcel modules are installed"
            Write-Log warning -Message "Script will prompt to connect to your tenant using MSGraph with Application.Read.all Scope"
            Connect-MgGraph -Scopes Directory.Read.All -NoWelcome
            $MgContext = Get-MgContext
            $MgScopes = $MgContext.Scopes -join ";"
            Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
            Write-Log Info -Message "Script connected to your tenant using MSGraph"
            $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
            $ReportFile = "ReportAppConsentGrant_" + $DateFull + ".xlsx"
            Export-MsIdAppConsentGrantReport -ReportOutputType Excelworkbook -ExcelWorkbookPath $ReportFile
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to "
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $Status = "Failed"
        If (!(Get-InstalledModule -Name "MSIdentityTools" -ErrorAction SilentlyContinue))
            Write-Log Error -Message "MS Identity Tools Powershell module will be installed"
            Install-Module -Name MSIdentityTools -SkipPublisherCheck -Scope CurrentUser -Force -AllowClobber -Confirm:$False; Write-Log info -Message "MSIdentityTools Powershell module is installed"
        If (!(Get-InstalledModule -Name "ImportExcel" -ErrorAction SilentlyContinue))
            Write-Log Error -Message "ImportExcel Powershell module will be installed"
            Install-Module -Name ImportExcel -SkipPublisherCheck -Scope CurrentUser -Force -AllowClobber -Confirm:$False; Write-Log info -Message "ImportExcel Powershell module is installed"
Function Generate-MgEnterpriseAppsAssignmentsConsentsSettingsReport
    param ()
    # Get All Enterprise Applications & App Registration
    $Applications = Get-MgServicePrincipal -All
    #Initiate the Hash Table
    [Int]$i = 1
    $Table = $Null
    $Table = @()
    $Count = ($Applications | Measure).count
    ForEach ($Application in $Applications)
        # Name,AppID,VisibleToUser, AssignedRequired
        $AccountEnabled = $Application.AccountEnabled
        $DisplayName = $Application.DisplayName
        $AppDescription = $Application.AppDescription
        $Description = $Application.Description
        $Notes = $Application.Notes
        $AppId = $Application.Id
        $AppRoleAssignmentRequired = $Application.AppRoleAssignmentRequired
        $LoginUrl = $Application.LoginUrl
        $ResourceSpecificApplicationPermissions = $Application.ResourceSpecificApplicationPermissions
        $ServicePrincipalType = $Application.ServicePrincipalType
        $SignInAudience = $Application.SignInAudience
        $CreatedDate = $Application.AdditionalProperties.createdDateTime
        Write-log Warning -message "The script is analyzing $DisplayName ….. --- $i/$Count"
        #Assigments (Users,Groups,SPs) to ServicePrincipals
        $Assignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $AppId -All
        $AssignedUsers = $Null
        $AssignedUsers = @()
        $AssignedGroups = $Null
        $AssignedGroups = @()
        $AssignedServicePrincipals = $Null
        $AssignedServicePrincipals = @()
        $AssignedOthers = $Null
        $AssignedOthers = @()
        foreach ($Assignment in $Assignments)
            $PrincipalType = $Null
            $PrincipalType = $Assignment.PrincipalType
            $PrincipalDisplayName = $Null
            $PrincipalDisplayName = $Assignment.PrincipalDisplayName
            switch ($PrincipalType)
                    $AssignedUsers += New-object PSobject -Property ([Ordered] @{
                            DisplayName = $PrincipalDisplayName;
                    $AssignedGroups += New-object PSobject -Property ([Ordered] @{
                            DisplayName = $PrincipalDisplayName;
                    $AssignedServicePrincipals += New-object PSobject -Property ([Ordered] @{
                            DisplayName = $PrincipalDisplayName;
                    $AssignedOthers += New-object PSobject -Property ([Ordered] @{
                            DisplayName = $PrincipalDisplayName;
        $ListAssignedUsers = $AssignedUsers.DisplayName -join ";"
        $ListAssignedGroups = $AssignedGroups.DisplayName -join ";"
        $ListAssignedServicePrincipals = $AssignedServicePrincipals.DisplayName -join ";"
        $ListAssignedOthers = $AssignedOthers.DisplayName -join ";"
        # Permissions (Delegate)
        $Oauth2Permissions = $Null
        $Oauth2Permissions = Get-MgServicePrincipalOauth2PermissionGrant -ServicePrincipalId $AppId -All
        if ($Oauth2Permissions)
            foreach ($Oauth2Permission in $Oauth2Permissions)
                $ConsentType = $Null
                $ConsentType = $Oauth2Permission.ConsentType
                If ($ConsentType -eq "AllPrincipals")
                    $AdminConsentScopes = $null
                    $AdminConsentScopes = $Oauth2Permission.Scope
                If ($ConsentType -eq "Principal")
                    $UserConsentScopes = $null
                    $UserConsentScopes = $Oauth2Permission.Scope
        $Table += New-object PSobject -Property ([Ordered] @{
                DisplayName                  = $DisplayName;
                Description                  = $Description;
                Notes                      = $Notes;
                ServicePrincipalType      = $ServicePrincipalType;
                Id                          = $AppId;
                AppRoleAssignmentRequired = $AppRoleAssignmentRequired;
                AccountEnabled              = $AccountEnabled;
                SignInAudience              = $SignInAudience;
                CreatedDate                  = $CreatedDate;
                AssignedUsers              = $ListAssignedUsers;
                AssignedGroups              = $ListAssignedGroups;
                AssignedServicePrincipals = $ListAssignedServicePrincipals;
                AssignedOthers              = $ListAssignedOthers;
                AdminConsent              = $AdminConsentScopes;
                UserConsent                  = $UserConsentScopes;
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_EnterpriseApplicationsUsage_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx -TableName "" -Title "" -TitleBold -WorksheetName "" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"
Function Generate-MgEnterpriseAppsCertificatesSecretsReport
    param ()
    # Connect to Graph
        Write-Log Info -Message "The script is trying to connect to Graph with the following scope Application.ReadWrite.All"
        Connect-MgGraph -Scopes 'Application.ReadWrite.All'
        $MgContext = Get-MgContext
        $MgScopes = $MgContext.Scopes -join ";"
        Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
        Write-Log warning -Message "The script connected to Graph with the following scope Application.ReadWrite.All"
        $StatusMgConnection = "Success"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to Connect to MgGraph"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        $StatusMgConnection = "Failed"
    # Retreive Service Principals
        Write-Log Info -Message "The script is trying to retreive all Service Principals on the tenant"
        $ServicePrincipals = Get-MgServicePrincipal -all
        Write-Log Info -Message "The script retreived all Service Principals on the tenant"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to retreive all Service Principals on the tenant"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # Retreive App Registrations
        Write-Log Info -Message "The script is trying to retreive all App Registrations on the tenant"
        $AppRegistrations = Get-MgApplication -all
        Write-Log Info -Message "The script retreived all App Registrations on the tenant"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to retreive all App Registrations on the tenant"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    #Initiate the Hash Table
    [Int]$i = 1
    $SPTable = $Null
    $SPTable = @()
    $SPCount = ($ServicePrincipals | Measure).count
    [Int]$ii = 1
    $ARTable = $Null
    $ARTable = @()
    $ARCount = ($AppRegistrations | Measure).count
    $Now = Get-Date
    ForEach ($ServicePrincipal in $ServicePrincipals)
        $ServicePrincipal_Name = $ServicePrincipal.DisplayName
        $ServicePrincipal_ID = $ServicePrincipal.Id
        $ServicePrincipal_AppID = $ServicePrincipal.AppId
        Write-log Warning -message "The script is analyzing $ServicePrincipal_Name ($ServicePrincipal_ID) ….. --- $i/$SPCount"
            Write-Log Info -Message "The script is trying to retreive Service Principal owners for $ServicePrincipal_Name ($ServicePrincipal_ID)"
            $Owners = $Null
            $Owners = Get-MgServicePrincipalOwner -ServicePrincipalId $ServicePrincipal_ID
            $Usernames = $Null
            $Usernames = $Owners.AdditionalProperties.userPrincipalName -join ';'
            $OwnerIDs = $Null
            $OwnerIDs = $Owners.Id -join ';'
            Write-Log Info -Message "The script retreived Service Principal owners"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to retreive Service Principal owners of $ServicePrincipal_Name ($ServicePrincipal_ID)"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $Usernames = $Null
            $OwnerIDs = $Null
        # Retreive Secrets and Certificates
            Write-Log Info -Message "The script is trying to retreive Service Principal Secrets and certificates for $ServicePrincipal_Name ($ServicePrincipal_ID )"
            $AppCreds = $Null
            Write-Log Info -Message "The script retreived Service Principals Secrets and certificates"
            $Secrets = $Null
            $Secrets = $AppCreds.PasswordCredentials
            $Certs = $Null
            $Certs = $AppCreds.KeyCredentials
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to retreive all Service Principals Secrets and certificates"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $Secrets = $Null
            $Certs = $Null
        # Secrets
        foreach ($Secret in $Secrets)
            $Secret_StartDate = $Null
            $Secret_EndDate = $Null
            $Secret_SecretName = $Null
            $Secret_StartDate = $Secret.StartDateTime
            $Secret_EndDate = $Secret.EndDateTime
            $Secret_SecretName = $Secret.DisplayName
            $SPTable += New-object PSobject -Property ([Ordered] @{
                    'ApplicationName'   = $ServicePrincipal_Name;
                    'Object ID'            = $ServicePrincipal_ID;
                    'ApplicationID'        = $ServicePrincipal_AppID;
                    'Secret Name'        = $Secret_SecretName;
                    'Secret Start Date' = $Secret_StartDate;
                    'Secret End Date'   = $Secret_EndDate;
                    'Owners'            = $Usernames;
                    'Owner_ObjectIDs'   = $OwnerIDs;
        # Certificates
        foreach ($Cert in $Certs)
            $Cert_StartDate = $Null
            $Cert_EndDate = $Null
            $Cert_CertName = $Null
            $Cert_StartDate = $Cert.StartDateTime
            $Cert_EndDate = $Cert.EndDateTime
            $Cert_CertName = $Cert.DisplayName
            $SPTable += New-object PSobject -Property ([Ordered] @{
                    'ApplicationName'         = $ServicePrincipal_Name;
                    'Object ID'                 = $ServicePrincipal_ID;
                    'ApplicationID'             = $ServicePrincipal_AppID;
                    'Certificate Name'         = $Cert_CertName;
                    'Certificate Start Date' = $Cert_StartDate;
                    'Certificate End Date'   = $Cert_EndDate;
                    'Owners'                 = $Usernames;
                    'Owner_ObjectIDs'         = $OwnerIDs;
    ForEach ($AppRegistration in $AppRegistrations)
        $AppRegistration_Name = $AppRegistration.DisplayName
        $AppRegistration_ID = $AppRegistration.Id
        $AppRegistration_AppID = $AppRegistration.AppId
        Write-log Warning -message "The script is analyzing $AppRegistration_Name ($AppRegistration_ID) ….. --- $i/$ARCount"
            Write-Log Info -Message "The script is trying to retreive App Registrations owners for $AppRegistration_Name ($AppRegistration_ID)"
            $Owners = $Null
            $Owners = Get-MgApplicationOwner -ApplicationId $AppRegistration_ID
            $Usernames = $Null
            $Usernames = $Owners.AdditionalProperties.userPrincipalName -join ';'
            $OwnerIDs = $Null
            $OwnerIDs = $Owners.Id -join ';'
            Write-Log Info -Message "The script retreived App Registrations owners"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to retreive App Registrations owners of $AppRegistration_Name ($AppRegistration_ID)"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $Usernames = $Null
            $OwnerIDs = $Null
        # Retreive Secrets and Certificates
            Write-Log Info -Message "The script is trying to retreive App Registration Secrets and certificates for $AppRegistration_Name ($AppRegistration_ID )"
            $AppCreds = $Null
            $AppCreds = Get-MgApplication -ApplicationId $AppRegistration_ID | Select-Object PasswordCredentials, KeyCredentials
            Write-Log Info -Message "The script retreived App Registration Secrets and certificates"
            $Secrets = $Null
            $Secrets = $AppCreds.PasswordCredentials
            $Certs = $Null
            $Certs = $AppCreds.KeyCredentials
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to retreive all App Registration Secrets and certificates"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            $Secrets = $Null
            $Certs = $Null
        # Secrets
        foreach ($Secret in $Secrets)
            $Secret_StartDate = $Null
            $Secret_EndDate = $Null
            $Secret_SecretName = $Null
            $Secret_StartDate = $Secret.StartDateTime
            $Secret_EndDate = $Secret.EndDateTime
            $Secret_SecretName = $Secret.DisplayName
            $ARTable += New-object PSobject -Property ([Ordered] @{
                    'ApplicationName'   = $AppRegistration_Name;
                    'Object ID'            = $AppRegistration_ID;
                    'ApplicationID'        = $AppRegistration_AppID;
                    'Secret Name'        = $Secret_SecretName;
                    'Secret Start Date' = $Secret_StartDate;
                    'Secret End Date'   = $Secret_EndDate;
                    'Owners'            = $Usernames;
                    'Owner_ObjectIDs'   = $OwnerIDs;
        # Certificates
        foreach ($Cert in $Certs)
            $Cert_StartDate = $Null
            $Cert_EndDate = $Null
            $Cert_CertName = $Null
            $Cert_StartDate = $Cert.StartDateTime
            $Cert_EndDate = $Cert.EndDateTime
            $Cert_CertName = $Cert.DisplayName
            $SPTable += New-object PSobject -Property ([Ordered] @{
                    'ApplicationName'         = $AppRegistration_Name;
                    'Object ID'                 = $AppRegistration_ID;
                    'ApplicationID'             = $AppRegistration_AppID;
                    'Certificate Name'         = $Cert_CertName;
                    'Certificate Start Date' = $Cert_StartDate;
                    'Certificate End Date'   = $Cert_EndDate;
                    'Owners'                 = $Usernames;
                    'Owner_ObjectIDs'         = $OwnerIDs;
        $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
        $ReportFilexlsx = ".\Report_ServicePrincipals_AppRegistrations_" + $DateFull + ".xlsx"
        $SPTable | Export-Excel $ReportFilexlsx -TableName "ServicePrincipals" -Title "Service Principals" -TitleBold -WorksheetName "ServicePrincipals" -TableStyle Medium9 -AutoSize -AutoFilter
        $ARTable | Export-Excel $ReportFilexlsx -TableName "AppRegistrations" -Title "App Registrations" -TitleBold -WorksheetName "AppRegistrations" -TableStyle Medium9 -AutoSize -AutoFilter -Append
        Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"

Function Remove-MgLegacyServicePrincipal
    If ($Name)
        $Filter = "DisplayName eq '" + $Name + "'"
        $ServicePrincipal = Get-MgServicePrincipal -Filter $Filter
        $ServicePrincipal = Get-MgServicePrincipal -ServicePrincipalId
    $ServicePrincipal | ft
    $Validation = Read-Host "Are you sure you want Remove this Service Principal (Service Principal will be deleted without restore options)? Y <Yes> , N <No>"
    If ($Validation -eq "Y")
        $servicePrincipalId = $ServicePrincipal.ID
        Remove-MgServicePrincipal -ServicePrincipalId $servicePrincipalId
        Write-Host "No Action was taken"

Function Generate-MgLegacyServicePrincipalReport
    param ()
    Write-Log Info -Message "The script is trying to connect to Graph with the following scope Application.ReadWrite.All"
    Connect-MgGraph -Scopes 'Application.ReadWrite.All'
    $MgContext = Get-MgContext
    $MgScopes = $MgContext.Scopes -join ";"
    Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
    Write-Log warning -Message "The script connected to Graph with the following scope Application.ReadWrite.All"
    $AllServicePrincipals = Get-MgServicePrincipal -all
    $LegacyServicePrincipals = $AllServicePrincipals | Where { $_.ServicePrincipalType -eq "Legacy" }
    $Table = $Null
    $Table = @()
    foreach ($LegacyServicePrincipal in $LegacyServicePrincipals)
        $ReplyUrls = $Null
        $ReplyUrls = $LegacyServicePrincipal.ReplyUrls
        $ReplyUrls = $ReplyUrls -join ";"
        $DisplayName = $Null
        $DisplayName = $LegacyServicePrincipal.DisplayName
        $AppId = $Null
        $AppId = $LegacyServicePrincipal.AppId
        $Id = $Null
        $Id = $LegacyServicePrincipal.Id
        $ServicePrincipal_ServicePrincipalNames = $Null
        $ServicePrincipalNames = $Null
        $ServicePrincipal_ServicePrincipalNames = $LegacyServicePrincipal.ServicePrincipalNames
        $ServicePrincipalNames = $ServicePrincipal_ServicePrincipalNames -join ";"
        $ServicePrincipalType = $Null
        $ServicePrincipalType = $LegacyServicePrincipal.ServicePrincipalType
        $CreatedDateTime = $Null
        $CreatedDateTime = $LegacyServicePrincipal.AdditionalProperties.createdDateTime
        $Table += New-object PSobject -Property ([Ordered] @{
                DisplayName              = $DisplayName;
                AppId                  = $AppId;
                Id                      = $Id;
                ReplyUrls              = $ReplyUrls;
                ServicePrincipalNames = $ServicePrincipalNames;
                ServicePrincipalType  = $ServicePrincipalType;
                CreatedDateTime          = $CreatedDateTime;
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFilexlsx = ".\Report_LegacyServicePrincipals_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx --TableName "ServicePrincipals" -Title "Legacy Service Principals" -TitleBold -WorksheetName "ServicePrincipals" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"

Function Generate-MgServicePrincipalReport
    param ()
    Write-Log Info -Message "The script is trying to connect to Graph with the following scope Application.ReadWrite.All"
    Connect-MgGraph -Scopes 'Application.ReadWrite.All'
    $MgContext = Get-MgContext
    $MgScopes = $MgContext.Scopes -join ";"
    Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
    Write-Log warning -Message "The script connected to Graph with the following scope Application.ReadWrite.All"
    $ServicePrincipals = Get-MgServicePrincipal -all
    $Table = $Null
    $Table = @()
    foreach ($ServicePrincipal in $ServicePrincipals)
        $ReplyUrls = $Null
        $ReplyUrls = $ServicePrincipal.ReplyUrls
        $ReplyUrls = $ReplyUrls -join ";"
        $DisplayName = $Null
        $DisplayName = $ServicePrincipal.DisplayName
        $AppId = $Null
        $AppId = $ServicePrincipal.AppId
        $Id = $Null
        $Id = $ServicePrincipal.Id
        $ServicePrincipal_ServicePrincipalNames = $Null
        $ServicePrincipalNames = $Null
        $ServicePrincipal_ServicePrincipalNames = $ServicePrincipal.ServicePrincipalNames
        $ServicePrincipalNames = $ServicePrincipal_ServicePrincipalNames -join ";"
        $ServicePrincipalType = $Null
        $ServicePrincipalType = $ServicePrincipal.ServicePrincipalType
        $CreatedDateTime = $Null
        $CreatedDateTime = $ServicePrincipal.AdditionalProperties.createdDateTime
        $OAuthPermissions = $Null
        $OAuthPermissions = $ServicePrincipal.Oauth2PermissionScopes
        If ($OAuthPermissions)
            foreach ($OAuthPermission in $OAuthPermissions)
                $IsEnabled = $Null
                $IsEnabled = $OAuthPermission.IsEnabled
                $Type = $Null
                $Type = $OAuthPermission.Type
                $Value = $Null
                $Value = $OAuthPermission.Value
                $Table += New-object PSobject -Property ([Ordered] @{
                        DisplayName              = $DisplayName;
                        AppId                  = $AppId;
                        Id                      = $Id;
                        ReplyUrls              = $ReplyUrls;
                        ServicePrincipalNames = $ServicePrincipalNames;
                        ServicePrincipalType  = $ServicePrincipalType;
                        CreatedDateTime          = $CreatedDateTime;
                        OAuthPermission          = $Value + ":" + $Type + "(" + $IsEnabled + ")"
            $Table += New-object PSobject -Property ([Ordered] @{
                    DisplayName              = $DisplayName;
                    AppId                  = $AppId;
                    Id                      = $Id;
                    ReplyUrls              = $ReplyUrls;
                    ServicePrincipalNames = $ServicePrincipalNames;
                    ServicePrincipalType  = $ServicePrincipalType;
                    CreatedDateTime          = $CreatedDateTime;
                    OAuthPermission          = "no Permission"
    $DateFull = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $ReportFile = ".\Mg_ServicesPrincipals_" + $DateFull + ".csv"
    $Table | Export-Csv $ReportFile -NoTypeInformation -Encoding UTF8
    $ReportFilexlsx = ".\Report_ServicesPrincipals_" + $DateFull + ".xlsx"
    $Table | Export-Excel $ReportFilexlsx --TableName "ServicePrincipals" -Title "Service Principals" -TitleBold -WorksheetName "ServicePrincipals" -TableStyle Medium9 -AutoSize -AutoFilter
    Write-log INFO -Message "Generate the following Report: $ReportFilexlsx"


#region EntraID
Function Update-MgConditionalAccessPolicyNameLocationsUsingJSONFile
        [Parameter(Mandatory = $true,
                   Position = 1)]
        [Parameter(Mandatory = $true,
                   Position = 2)]
    # Connect to Microsoft Graph with the required scopes
        Write-Log warning -Message "The script is trying to connect to MgGraph"
        Connect-MgGraph -Scopes 'Policy.Read.All', 'Policy.ReadWrite.ConditionalAccess'
        Write-Log Info -Message "The script connected to MgGraph"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to connect to MgGraph"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    # Read the JSON file
        Write-Log warning -Message "The script is trying to import JSON File: $JSONFile"
        $jsonContent = Get-Content -Path $JSONFile | ConvertFrom-Json
        Write-Log Info -Message "The script imported JSON File: $JSONFile"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to import JSON File: $JSONFile"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        Read-Host "The script will stop"
        # Exit the script
    # Get the existing named location
    Write-Log warning -Message "The script is trying to retreive NameLocation $NameLocation"
    $ExistingLocation = $Null
    $ExistingLocation = @()
    $ExistingLocation = Get-MgIdentityConditionalAccessNamedLocation -Filter "DisplayName eq '$NameLocation'"
    Write-Log Info -Message "The script retreived NameLocation $NameLocation"
    If ($ExistingLocation)
        # Create a hashtable with the parameters for the updated named location
        $params = @{
            "@odata.type" = "#microsoft.graph.ipNamedLocation"
            DisplayName   = $ExistingLocation.DisplayName
            IsTrusted      = $ExistingLocation.AdditionalProperties.IsTrusted
            IpRanges      = @()
        # Add each IP range from the JSON file to the hashtable
        foreach ($Cell in $jsonContent.PSObject.Properties)
            foreach ($Range in $Cell.Value.ip_ranges)
                $IpRange = @{
                    "@odata.type" = "#microsoft.graph.iPv4CidrRange"
                    CidrAddress   = $Range
                $params.IpRanges += $IpRange
        # Update the existing named location
            Write-Log warning -Message "The script is trying to update the Name Location $NameLocation with the IPRanges from $JsonFile"
            Update-MgIdentityConditionalAccessNamedLocation -NamedLocationId $ExistingLocation.Id -BodyParameter $params
            Write-Log Info -Message "The script updated the Name Location $NameLocation with the IPRanges from $JsonFile"
            $ErrorMessage = $Error[0].Exception.Message
            $CMDLet = $Error[0].InvocationInfo.Line
            $FailedItem = $Error[0].Exception.ItemName
            Write-Log Error -Message "Failed to update the Name Location $NameLocation with the IPRanges from $JsonFile"
            Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
            Write-Log Error -Message "Failed with Error:$ErrorMessage"
            Read-Host "The script will stop"
            # Exit the script
        Write-Log Error -Message "Failed to find NameLocation $Namelocation"

Function Check-MgO365GroupCreationSettings
    param ()
    #Read-Host 'Are you connected to MgGraph Beta? using Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Group.Read.All"'
    $GroupUnifiedSetttings = (Get-MgBetaDirectorySetting | Where { $_.DisplayName -eq "group.unified" }).values
    $GroupCreationAllowedGroupId = ($GroupUnifiedSetttings | where { $_.Name -eq "GroupCreationAllowedGroupId" }).Value
    $EnableGroupCreation = ($GroupUnifiedSetttings | where { $_.Name -eq "EnableGroupCreation" }).Value
    If ($GroupCreationAllowedGroupId)
        $MgGroupName = (Get-MgGroup -GroupId $GroupCreationAllowedGroupId).DisplayName
        Write-Host "Allowed Office 365 Group Creation Name is: " -NoNewline; Write-host "$MgGroupName" -ForegroundColor Yellow
        Write-Host "Office 365 Group creation is enabled: " -NoNewline; Write-host "$EnableGroupCreation" -ForegroundColor Yellow
        Write-Host "No Group was found:" -ForegroundColor Yellow

Function Block-MgO365GroupCreation
        [Parameter(Mandatory = $false,
                   Position = 1)]
    if ($GroupName)
        # Check if group exist
        Write-Host "Searching for a Group with Name: " -NoNewline; Write-host "$GroupName" -ForegroundColor Yellow
        $FoundMgGroup = Get-MgGroup -Filter "DisplayName eq '$GroupName'"
        if (!$FoundMgGroup)
            Write-Host "Group with Name $GroupName was not Found"
            # Create Group if does not exist
            Write-Host "Creating a new Group with Name: " -NoNewline; Write-host "$GroupName" -ForegroundColor Green
            $NewMgGroup = New-MgGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled
            $MgGroupObjectID = $NewMgGroup.Id
            Write-Host "Group with Name $GroupName already existed" -ForegroundColor Yellow
            $MgGroupObjectID = $FoundMgGroup.Id}
        # Check if group exist
        $FoundMgGroup = Get-MgGroup -Filter "DisplayName eq 'GroupCreationAllowedGroup'"
        if (!$FoundMgGroup)
            Write-Host "No Group Name was provided so the script will create the following group:" -NoNewline; Write-host "GroupCreationAllowedGroup" -ForegroundColor Green
            # Create Group if does not exist
            $NewMgGroup = New-MgGroup -DisplayName $GroupName -MailEnabled:$False -MailNickName $GroupName -SecurityEnabled
            $MgGroupObjectID = $NewMgGroup.Id
            If ($NewMgGroup) { Write-Host "The Following Mg Group has been created: GroupCreationAllowedGroup" }
            Write-Host "No Group Name was provided but the group already exist with the following Name:" -NoNewline; Write-host "GroupCreationAllowedGroup" -ForegroundColor Red
            $MgGroupObjectID = $FoundMgGroup.Id
    # Update Settings
    $AllowGroupCreation = "False"
    Write-Host "Updating Group Creation Restriction Settings" -NoNewline; Write-host " - 1/2" -ForegroundColor Red
    $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id
    if (!$settingsObjectID)
        $DirectorySettingParameters = @{
            templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
            values       = @(
                    name  = "EnableMSStandardBlockedWords"
                    value = "true"
        New-MgBetaDirectorySetting -BodyParameter $DirectorySettingParameters
        $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).Id
    $NewDirectorySettingParameters = @{
        templateId = "62375ab9-6b52-47ed-826b-58e47e0e304b"
        values       = @(
                name  = "EnableGroupCreation"
                value = $AllowGroupCreation
                name  = "GroupCreationAllowedGroupId"
                value = $MgGroupObjectID
    Write-Host "Updating Group Creation Restriction Settings" -NoNewline; Write-host " - 2/2" -ForegroundColor Red
    Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $NewDirectorySettingParameters

Function Generate-MgConditionalAccessPoliciesReport
    # Find Tenant Name :Microsoft.Graph.Identity.DirectoryManagement
    #Check if Module ImportExcel is installed
    If (!(Get-InstalledModule -Name ImportExcel -ErrorAction Silentlycontinue))
        Write-Log Error -Message "ImportExcel module is not installed - Please use the following CMDLet : Install-Module ImportExcel"
        #Start-Sleep -Seconds 10
        Read-Host "Pause before closing Powershell - Please use CTRL+C to cancel"
    #Connect using MgGraph
        Write-Log Warning -Message "Trying to connect to MgGraph"
        Connect-MgGraph -Scopes 'Policy.Read.All', 'Directory.Read.All' -NoWelcome
        $MgContext = Get-MgContext
        $MgScopes = $MgContext.Scopes -join ";"
        Write-Log Info -Message "Connected to MgGraph with the following scopes: $MgScopes"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to connect to MgGraph"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
        #Start-Sleep -Seconds 10
        Read-Host "Pause before closing Powershell - Please use CTRL+C to cancel"
    # Tenant Name
    $OnMicrosoft = (Get-MgDomain | where { $_.IsInitial }).Id
    $TenantName = $OnMicrosoft.Substring(0, $OnMicrosoft.IndexOf("."))
    # Variable
    $Date = Get-Date -Format "ddMMyyyy_HH-mm-ss"
    $Filename = "Report_ConditionalAccessPolicies_" + $TenantName + "_" + $Date
    $NamedLocationsFileName = "NamedLocations - " + $TenantName + "_" + $Date
    $ConditionalAccessPoliciesFileName = "Backup_ConditionalAccessPolicies - " + $TenantName + "_" + $Date
    function Report-DirectoryApps
        param (
            [Parameter(Mandatory = $true)]
        ($servicePrincipals | Where-Object { $_.AppID -eq $AppID }).DisplayName
    function Report-NamedLocations
        param (
            [Parameter(Mandatory = $true)]
        switch ($ID)
            '00000000-0000-0000-0000-000000000000' { 'Unknown Site' }
            'All' { 'All' }
            'AllTrusted' { 'AllTrusted' }
            Default {
                ($namedLocations | Where-Object { $_.ID -eq $ID }).displayName
    function Get-TypeOfNamedLocations
        param (
            [Parameter(Mandatory = $true)]
        switch ($TypeString)
            '#microsoft.graph.ipNamedLocation' { 'ipNamedLocation' }
            '#microsoft.graph.countryNamedLocation' { 'countryNamedLocation' }
            Default {
    function Report-Users
        param (
            [Parameter(Mandatory = $true)]
        switch ($ID)
            'GuestsOrExternalUsers' { 'GuestsOrExternalUsers' }
            'All' { 'All' }
            Default {
                $user = (Get-MgUser -UserId "$($ID)" -ErrorAction SilentlyContinue).userprincipalname
                if ($user)
    function Report-Groups
        param (
            [Parameter(Mandatory = $true)]
        switch ($ID)
            'GuestsOrExternalUsers' { 'GuestsOrExternalUsers' }
            'All' { 'All' }
            Default {
                $group = (Get-MgGroup -GroupId "$($ID)" -ErrorAction silentlycontinue).displayname
                if ($group)
    # Collect Named Locations
        Write-Log warning -Message "Collecting Named Locations..."
        $namedLocations = Get-MgIdentityConditionalAccessNamedLocation | select-object displayname, id,`
                                                                                       @{ name = "Type"; expression = { ($_.AdditionalProperties.'@odata.type' | ForEach-Object { Get-TypeOfNamedLocations -TypeString $_ }) } },`
                                                                                       @{ name = "isTrusted"; expression = { $_.additionalproperties.isTrusted } },`
                                                                                       @{ name = "ipRanges"; expression = { $_.additionalproperties.ipRanges.cidrAddress -join "," } },`
                                                                                       @{ name = "Country"; express = { $_.additionalproperties.countriesAndRegions -join "," } },`
                                                                                       @{ name = "includeUnknownCountriesAndRegions"; expression = { $_.additionalproperties.includeUnknownCountriesAndRegions } },`
                                                                                       @{ name = "countryLookupMethod"; expression = { $_.additionalproperties.countryLookupMethod } }
        Write-Log Info -Message "Named Locations have been collected"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to Collect Named Locations"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # Collect Service Principals
        Write-Log warning -Message "Collecting Service Principals..."
        $servicePrincipals = Get-MgServicePrincipal -All | Select-Object DisplayName, AppId
        Write-Log Info -Message " Service Principals have been collected"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to collect Service Principals"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    # Collect ConditionalAccess Policies Data
        Write-Log warning -Message "Collecting Conditional Access Policies..."
        $MgConditionalAccessPolicies = Get-MgIdentityConditionalAccessPolicy -All
        Write-Log Info -Message "Conditional Access Policies have been collected"
        $ErrorMessage = $Error[0].Exception.Message
        $CMDLet = $Error[0].InvocationInfo.Line
        $FailedItem = $Error[0].Exception.ItemName
        Write-Log Error -Message "Failed to collect Conditional Access Policies"
        Write-Log Error -Message "Failed to run the following CMDLet: $CMDLet"
        Write-Log Error -Message "Failed with Error:$ErrorMessage"
    $Report = @()
    #Collects the conditional access policies using the mgconditionalaccesspolicy command.
    foreach ($pol in $MgConditionalAccessPolicies)
        $Report += New-Object PSobject -Property @{
            'Displayname' = $pol.displayName
            'Description' = $pol.Description
            'State'          = $pol.state
            'ID'          = $
            'createdDateTime' = if ($pol.createdDateTime) { $pol.createdDateTime } else { 'Null' }
            'ModifiedDateTime' = if ($pol.ModifiedDateTime) { $pol.ModifiedDateTime } else { 'Null' }
            'UserIncludeUsers' = if ($pol.Conditions.Users.IncludeUsers) { ($pol.Conditions.Users.IncludeUsers | ForEach-Object { (Report-Users -ID $_) }) -join ',' } else { 'Not Configured' }
            'UserExcludeUsers' = if ($pol.Conditions.Users.ExcludeUsers) { ($pol.Conditions.Users.ExcludeUsers | ForEach-Object { (Report-Users -ID $_) }) -join ',' } else { 'Not Configured' }
            'UserIncludeGroups' = if ($pol.Conditions.Users.IncludeGroups) { ($pol.Conditions.Users.IncludeGroups | ForEach-Object { (Report-Groups -ID $_) }) -join ',' } else { 'Not Configured' }
            'UserExcludeGroups' = if ($pol.Conditions.Users.ExcludeGroups) { ($pol.Conditions.Users.ExcludeGroups | ForEach-Object { (Report-Groups -ID $_) }) -join ',' } else { 'Not Configured' }
            'ConditionSignInRiskLevels' = if ($pol.Conditions.SignInRiskLevels) { $pol.Conditions.SignInRiskLevels -join ',' } else { 'Not Configured' }
            'ConditionClientAppTypes' = if ($pol.Conditions.ClientAppTypes) { $pol.Conditions.ClientAppTypes -join ',' } else { 'Not Configured' }
            'PlatformIncludePlatforms' = if ($pol.Conditions.Platforms.IncludePlatforms) { $pol.Conditions.Platforms.IncludePlatforms -join ',' } else { 'Not Configured' }
            'PlatformExcludePlatforms' = if ($pol.Conditions.Platforms.ExcludePlatforms) { $pol.Conditions.Platforms.ExcludePlatforms -join ',' } else { 'Not Configured' }
            'DevicesFilterStatesMode' = if ($pol.Conditions.Devices.DeviceFilter.Mode) { $pol.Conditions.Devices.DeviceFilter.Mode -join "," } else { "Failed to Report" }
            'DevicesFilterStatesRule' = if ($pol.Conditions.Devices.DeviceFilter.Rule) { $pol.Conditions.Devices.DeviceFilter.Rule -join "," } else { "Failed to Report" }
            'ApplicationIncludeApplications' = if ($pol.Conditions.Applications.IncludeApplications) { ($pol.Conditions.Applications.IncludeApplications | ForEach-Object { Report-DirectoryApps -AppID $_ }) -join ',' } else { 'Not Configured' }
            'ApplicationExcludeApplications' = if ($pol.Conditions.Applications.ExcludeApplications) { ($pol.Conditions.Applications.ExcludeApplications | ForEach-Object { Report-DirectoryApps -AppID $_ }) -join ',' } else { 'Not Configured' }
            'ApplicationIncludeUserActions' = if ($pol.Conditions.Applications.IncludeUserActions) { $pol.Conditions.Applications.IncludeUserActions -join ',' } else { 'Not Configured' }
            'LocationIncludeLocations' = if ($pol.Conditions.Locations.IncludeLocations) { ($pol.Conditions.Locations.IncludeLocations | ForEach-Object { Report-NamedLocations -ID $_ }) -join ',' } else { 'Not Configured' }
            'LocationExcludeLocations' = if ($pol.Conditions.Locations.ExcludeLocations) { ($pol.Conditions.Locations.ExcludeLocations | ForEach-Object { Report-NamedLocations -ID $_ }) -join ',' } else { 'Not Configured' }
            'GrantControlBuiltInControls' = if ($pol.GrantControls.BuiltInControls) { $pol.GrantControls.BuiltInControls -join ',' } else { 'Not Configured' }
            'GrantControlTermsOfUse' = if ($pol.GrantControls.TermsOfUse) { $pol.GrantControls.TermsOfUse -join ',' } else { 'Not Configured' }
            'GrantControlOperator' = if ($pol.GrantControls.Operator) { $pol.GrantControls.Operator } else { 'Not Configured' }
            'GrantControlCustomAuthenticationFactors' = if ($pol.GrantControls.CustomAuthenticationFactors) { $pol.GrantControls.CustomAuthenticationFactors -join ',' } else { 'Not Configured' }
            'CloudAppSecurityCloudAppSecurityType' = if ($pol.SessionControls.CloudAppSecurity.CloudAppSecurityType) { $pol.SessionControls.CloudAppSecurity.CloudAppSecurityType } else { 'Not Configured' }
            'ApplicationEnforcedRestrictions' = if ($pol.SessionControls.ApplicationEnforcedRestrictions.IsEnabled) { $pol.SessionControls.ApplicationEnforcedRestrictions.IsEnabled } else { 'Not Configured' }
            'CloudAppSecurityIsEnabled' = if ($pol.SessionControls.CloudAppSecurity.IsEnabled) { $pol.SessionControls.CloudAppSecurity.IsEnabled } else { 'Not Configured' }
            'PersistentBrowserIsEnabled' = if ($pol.SessionControls.PersistentBrowser.IsEnabled) { $pol.SessionControls.PersistentBrowser.IsEnabled } else { 'Not Configured' }
            'PersistentBrowserMode' = if ($pol.SessionControls.PersistentBrowser.Mode) { $pol.SessionControls.PersistentBrowser.Mode } else { 'Not Configured' }
            'SignInFrequencyIsEnabled' = if ($pol.SessionControls.SignInFrequency.IsEnabled) { $pol.SessionControls.SignInFrequency.IsEnabled } else { 'Not Configured' }
            'SignInFrequencyType' = if ($pol.SessionControls.SignInFrequency.Type) { $pol.SessionControls.SignInFrequency.Type } else { 'Not Configured' }
            'SignInFrequencyValue' = if ($pol.SessionControls.SignInFrequency.Value) { $pol.SessionControls.SignInFrequency.Value } else { 'Not Configured' }
    Write-Log warning -Message 'Generating the Reports & backups ...'
    $ReportData = $Report | Select-Object -Property Displayname, Description, State, ID, createdDateTime, ModifiedDateTime, UserIncludeUsers, UserExcludeUsers, UserIncludeGroups, UserExcludeGroups, ConditionSignInRiskLevels, ConditionClientAppTypes, PlatformIncludePlatforms, PlatformExcludePlatforms, DevicesFilterStatesMode, DevicesFilterStatesRule, ApplicationIncludeApplications, ApplicationExcludeApplications, ApplicationIncludeUserActions, LocationIncludeLocations, LocationExcludeLocations, GrantControlBuiltInControls, GrantControlTermsOfUse, GrantControlOperator, GrantControlCustomAuthenticationFactors, ApplicationEnforcedRestrictions, CloudAppSecurityCloudAppSecurityType, CloudAppSecurityIsEnabled, PersistentBrowserIsEnabled, PersistentBrowserMode, SignInFrequencyIsEnabled, SignInFrequencyType, SignInFrequencyValue | Sort-Object -Property Displayname
    Write-Log warning -Message "Generating the Excel Reports. $($Filename.xlsx)"
    $ReportData | Export-excel -Path "$Filename.xlsx"
    Write-Log warning -Message "Generating the Excel Reports for Named locations. $($NamedLocationsFileName.xlsx)"
    $namedLocations | Export-excel -Path "$NamedLocationsFileName.xlsx"
    Write-Log warning -Message "Generating the Conditional Access policies Backup File. $($ConditionalAccessPoliciesFileName.xml)"
    $MgConditionalAccessPolicies | Export-Clixml "$ConditionalAccessPoliciesFileName.xml"
    Write-Log warning -Message 'Disconnecting from Microsoft Graph'
