Exchange Online - Aggressive Termination script


As more and more customers migrate Exchange on premises data to Exchange online, there are some limitations that may need work arounds that might need to be performed from time to time.

Download the script from the MS Script Center: https://gallery.technet.microsoft.com/Exchange-Online-Aggressive-fc144a91

O365 is designed to run day in and day out without any interruptions. There are several processes that assist with making sure that users can access their data anytime, anywhere. However, occasionally, sometimes a users’ access to O365 needs to be terminated quickly, or ‘aggressively’ disable all access to resources online.

I built this script to assist with customers needing some guidance in helping to quickly deny access to Exchange Online resources. Following several guidelines on which services to suspend, the following processes are currently in this version of the script:

EXO steps

  • Disable web services
    • MAPIEnabled
    • OWAEnabled
    • OWAforDevicesEnabled
    • PopEnabled
    • ImapEnabled
    • EWSEnabled
  • Disable ActiveSync
    • ActiveSyncEnabled
  • Prevent sending/receiving messages
    • IssueWarningQuota
    • ProhibitSendQuota
    • ProhibitSendReceiveQuota

MS Online user

  • Remove O365 access
    • Block Credential logon
    • Remove MSOL user license

Script screen shots

When you run the script either in Windows PowerShell ISE or Windows PowerShell, you do need to already be logged onto O365. One simple way is to use the O365_Logon module, then run the script.

First, input the user’s alias that you need to disable services within O365:

UserInput

You are then presented with the current settings of the user you selected. (Bandit is one of my cats I use in demos):

Settings1

A confirmation prompt is then presented if you want to continue with the modificaitons of settings and remove the licensing, or to cancel the process either in Windows PowerShell ISE:

Confirm1

Or in Windows PowerShell:

Confirm2

Once you confirm you want to commit the changes, the changes are made and then the updated information is presented.

If you need to, built into the script, in each of the functions, you can ‘undo’ the changes. The best way is to run the individual lines in ISE using the F8 function. You do have to run the lines at the same time you disable the user as there are several variables defined that you will lose if you close the current memory space, or re-run the script with a different user.

This is the first iteration of this script that works with Exchange online access. I hope to add other applications and/or features that follow O365 guidelines to terminate access to online data. Please feel free to adopt and customize the script for your environment. I have been asked for several additional processes, but feel as a seeding process, this is a good start for many people.

Thank you for looking and feel free to send feedback.

 

Comments (4)

    1. Mike_O'Neill says:

      You're welcome. Hope the code helps make the terminating process easier and quicker for people.

  1. turbomcp says:

    you might want to add remove tokens for adal when azure powershell v2 is out of public preview
    otherwise the user can still use its outlook without any connection to his user being disabled....

    1. Mike_O'Neill says:

      Agreed, many changes occurring to help this process. Some day I'd like to add other applications to the script.

Skip to main content