What is the difference between the WorkshopPOEReport script and the EngagementPOEReport script? they have the same synopsis

Start-Process $outputfile is not allowed with a limited user on MacOS:

Start-Process: /Users/<user>/CompliancePartnerWorkshops/ComplianceActivationAssessment.ps1:700
Line |
 700 |  Start-Process $outputfile
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~
     | An error occurred trying to start process '/Users/<user>/CompliancePartnerWorkshops/ActivationReport_2023022344.html' with working directory
     | '/Users/<user>/CompliancePartnerWorkshops'. Permission denied

ClientId              : <clientid>
TenantId              : <tenantid>
CertificateThumbprint :
Scopes                : {Directory.AccessAsUser.All, Directory.Read.All, openid, Organization.Read.All…}
AuthType              : Delegated
AuthProviderType      : InteractiveAuthenticationProvider
CertificateName       :
Account               : user@domain.com
AppName               : Microsoft Graph PowerShell
ContextScope          : CurrentUser
Certificate           :
PSHostVersion         : 7.3.2
ClientTimeout         : 00:05:00

Most of our users are not local administrators on their machines and have no access to an admin account. I wonder if it's possible to change the script so it can run as a regular user account? I am not a PowerShell guru by any means, but it does not seem like the script does anything that should truly require local admin privileges?

When running it as a regular user we see the following error -

Checking Permissions
get-command : The term 'get-dlpcompliancepolicy' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that
the path is correct and try again.
At C:\Users\pharrison\OneDrive - CWSI\Desktop\EngagementPOEReport.ps1:203 char:6
+ if ((get-command get-dlpcompliancepolicy) -and (get-command Get-Organ ...
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (get-dlpcompliancepolicy:String) [Get-Command], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand



At least one needed cmdlet is missing, check account permissions described in the delivery guide and try again.

Strangely if I run Connect-IPPSSession followed by Connect-ExchangeOnline myself the get-dlpcompliancepolicy cmdlet is available.

Thanks for any thoughts!

Probably should get fixed with the new Graph modules that are currently being built but Get-MGUserLicenseReport fails on non-Windows OS-es with the following errors (aside that, it should probably be reported in another repo, but it affects your script):

Join-Path: Cannot bind argument to parameter 'Path' because it is null.
Out-File: Cannot bind argument to parameter 'FilePath' because it is null.
Join-Path: /Users/<user>/.local/share/powershell/Modules/MSOLLicenseManagement/3.0.4/Cmdlet/Get-MGUserLicenseReport.ps1:210
Line |
 210 |          $RootPath = Join-path $env:LOCALAPPDATA ("License_Report_" +  …
     |                                ~~~~~~~~~~~~~~~~~
     | Cannot bind argument to parameter 'Path' because it is null.

Given that this script is provided from Microsoft to partners to be run on customer's sites, I (representing a customer) am somewhat disappointed, as I had to fix the script before it was able to give the intended results. Some of it was certainly due to the fact that I generally use StrictMode enabled, but it would be good form to prepare for that, I think. (Or at least check for or explicitly disable StrictMode during the script run).

We have been using version 3.0 of the script.

1. The script is gathering ALL compliance searches (and DLP policies) in the tenant. Given that the MS engagement provides naming conventions for those objects created during the engagement, it should be easy to filter for them. The other existing searches etc. are of no concern to Microsoft and should not be part of the report.
2. Around line 246, a variable $coveredsits is used that is defined nowhere. With StrictMode enabled, the whole $itemtable and consequently the $POEChart cannot be created because of that, even though the rest of the data is there.
3. Around line 290, the variables $IsMacOS and $IsLinux also are nowhere defined (I assume they will not magically be set to true on a Mac or Linux system?), so again, with StrictMode enabled, the whole if / then fails, and one has to find and open the created HTML report manually.
4. "Section 2" of the script, around line 230, seems a little illogical: First you get all Compliance searches into $search, and in the next line, when going through these searches, you again get them one by one from the API, when the objects are already in the array. Especially given that Get-ComplianceSearch is not really fast, this is quite unnecessary.

I hope this helps in improving the script, so it can run more smoothly for future engagements.

Best regards
Sascha Seipp

Ao executar o script ComplianceActivationAssessment.ps1 as bibliotecas não estão sendo reconhecidas porque elas foram descontinuadas. Estou entregando o Workshops Usage Protect and Govern Sensitive data e o Usage Mitigate Compliance and Privacy Risks. Preciso, por gentileza, do script atualizado ou o caminho para download das bibliotecas.

ComplianceActivationAssessment.ps1 doesn't work on non-Windows OS-es due to $env:LOCALAPPDATA not being valid outside of Windows Operating Systems

Hi,

customer of mine has disabled WinRM Basic Authentication on their clients via Group Policy, therefore trying to do a Connect-IPPSSession does not connect with error:

Connecting to Security & Compliance Center. Please logon in the new window
WARNING: Please note that you can only use above 9 new EXO cmdlets (the one with *-EXO* naming pattern).You can't use other cmdlets as we couldn't establish a Remote PowerShell session as bas
ic auth is disabled in your client machine. To enable Basic Auth, please check instruction here https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchang
e-ps#prerequisites-for-the-exo-v2-module
Create Powershell Session is failed using OAuth
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21
+                     throw $_.Exception;
+                     ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], Exception
    + FullyQualifiedErrorId : Create Powershell Session is failed using OAuth

Based on the current documentation (afaik) LearnWebSite - there is currently no way around this even with the V3 ExchangePowerShell Module.

Is there any way to run this compliance report without enabling basic authentication?

BG Christoph

HI,
When attempting to run the script, we are getting the following error:
Connecting to remote server nam10b.ps.compliance.protection.outlook.com failed with the following error message : For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.1.0\netFramework\ExchangeOnlineManagement.psm1:733 char:21

•                 throw $_.Exception;
  

•                 ~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ResourceUnavailable: (:) [], ParentContainsErrorRecordException
  • FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException

We are correctly logging into the 0365 and authenticating with MFA. Can you verify that the code is still correct?