Documentation
Powered by

# AutomateCompromisedAccountRemediation.ps1

  • Purpose
  • Dependencies
  • Function
  • Usage
  • Inputs
  • Variables
  • Command Line Flags
  • Outputs
  • Notes

# Purpose

Automates Microsoft 365/Entra ID (Azure AD) compromised account remediation using 8 best-practice steps. Handles module installation, logs all actions, and supports both interactive and bulk operation.

# Dependencies

# Function

  1. Loads and validates required modules (installs if missing, with user confirmation).
  2. Connects to Microsoft Graph and Exchange Online (supports certificate-based auth).
  3. Accepts user(s) via parameter, CSV, or interactive prompt.
  4. Presents a menu of 8 remediation actions (disable user, sign out, reset password, review MFA, disable inbox rules, review/remove forwarding, get audit log) or "all".
  5. Performs selected actions for each user, logging results and errors to output files.
  6. Exports status, password, invalid user, and error logs to the script directory.
  7. Offers to open the output file at completion.

# Usage 

./AutomateCompromisedAccountRemediation.ps1

The script is interactive and supports both single and bulk operation. User(s) can be provided via parameter, CSV, or prompt.

# Inputs

  • UserPrincipalName(s) via parameter, CSV file, or interactive prompt
  • Optional: TenantId, ClientId, CertificateThumbprint for CBA

# Variables

  • $UPNs: Array of user principal names to remediate
  • $Actions: Array of selected remediation actions
  • $ExportCSV, $PasswordLogFile, $InvalidUserLogFile, $ErrorsLogFile: Output file paths

# Command Line Flags

None for standard use. (Parameters are supported for automation.)

# Outputs

  • CSV and TXT logs of all actions, passwords, invalid users, and errors
  • Console and pop-up feedback for each step

# Notes

  • Requires PowerShell 7, Microsoft Graph, and Exchange Online Management modules
  • Local script Require-Pwsh7.ps1 must be accessible
  • See script header for official documentation links and further details