To get started with the Microsoft-Extractor-Suite, check out the Microsoft-Extractor-Suite docs.
Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft.
The following Microsoft data sources are supported:
- Unified Audit Log
- Admin Audit Log
- Mailbox Audit Log
- Mailbox Rules
- Transport Rules
- Message Trace Logs
- Azure AD Sign-In Logs
- Azure AD Audit Logs
- Registered OAuth applications in Azure AD
Microsoft-Extractor-Suite was created by Joey Rentenaar and Korstiaan Stam and is maintained by the Invcitus IR team.
To get started with the Microsoft-Extractor-Suite tool, make sure the requirements are met. If you do not have the Connect-ExchangeOnline, AZ module or/and Connect-AzureAD installed check the installation guide.
The first step is to import the Microsoft-Extractor-Suite:
Import-Module .\Microsoft-Extractor-Suite.psd1
You must sign-in to Microsoft 365 or Azure depending on your use case before running the functions. To sign in, use the cmdlets:
Connect-M365
Connect-Azure
Connect-AzureAZ
Connect-GraphAPI