Skip to content

scalva/Export-MDOConfig

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.vscode
.vscode
 
 
.gitignore
.gitignore
 
 
Export-MDOConfig.ps1
Export-MDOConfig.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Export-MDOConfig

Credits

This project is based on original work created by Joan Fontanillas.

The script has been adapted, extended and modernized for PowerShell 7 compatibility, improved export reliability, and customer audit scenarios.

PowerShell Release License

Export configuration data from Microsoft Defender for Office 365 and Exchange Online into CSV files to support security reviews, tenant assessments, troubleshooting, and customer audits.

Quick Start

Install required module:

Install-Module ExchangeOnlineManagement -Scope CurrentUser

Run interactively (UPN prompt):

pwsh .\Export-MDOConfig.ps1

Run specifying a user:

pwsh .\Export-MDOConfig.ps1 -UserPrincipalName admin@contoso.com

What the script exports

The script collects commonly requested Microsoft Defender for Office 365 and Exchange Online configuration data including:

  • Anti-Phishing policies and rules
  • Anti-Spam policies and rules
  • Safe Links policies and rules
  • Safe Attachments policies and rules
  • Malware filtering configuration
  • Tenant Allow/Block List (TABL)
  • Transport rules
  • Inbound and outbound connectors
  • Message Trace (V2 when available)
  • Unified Audit Log submissions (when available)
  • Domain authentication checks (optional)

Exports continue even if some commands are unavailable or permissions are missing.

Requirements

  • PowerShell 7 or later
  • ExchangeOnlineManagement module (version 3.x or later)
  • Appropriate Exchange Online permissions

Install module:

Install-Module ExchangeOnlineManagement -Scope CurrentUser

Usage Examples

Run default export:

pwsh .\Export-MDOConfig.ps1

Specify connection account:

pwsh .\Export-MDOConfig.ps1 -UserPrincipalName admin@contoso.com

Change audit and trace time range:

pwsh .\Export-MDOConfig.ps1 -DaysBack 30

Specify output directory:

pwsh .\Export-MDOConfig.ps1 -OutputPath C:\Temp

Skip DKIM/SPF/DMARC verification:

pwsh .\Export-MDOConfig.ps1 -SkipDomainAuthCheck

Example Output

After execution the script creates a timestamped folder such as:

MDO_Export_20260302_1405

Typical contents:

AntiPhishPolicy.csv
AntiPhishRule.csv
AntiSpamPolicy.csv
AntiSpamRule.csv
SafeLinksPolicy.csv
SafeLinksRule.csv
SafeAttachmentsPolicy.csv
SafeAttachmentsRule.csv
MalwarePolicy.csv
MalwareRule.csv
TABL_Senders.csv
TABL_Urls.csv
TABL_IPs.csv
TABL_FileHashes.csv
TABL_BulkSenders.csv
InboundConnectors.csv
OutboundConnectors.csv
TransportRules.csv
MessageTrace.csv
UserReportedSubmissions.csv (if available)
DomainAuthStatus.csv (optional)

Notes

  • Some exports depend on tenant configuration and RBAC permissions.
  • Unified Audit Log exports require audit logging enabled.
  • Message Trace automatically uses the modern V2 cmdlet when available.
  • The script attempts to continue execution even if some exports fail.

Intended Use

This tool is intended for:

  • Security assessments
  • Customer onboarding reviews
  • Tenant baseline documentation
  • Troubleshooting exercises

Always ensure you have authorization before exporting configuration data from a tenant.

License

MIT License.

About

Export Microsoft Defender for Office 365 and Exchange Online configuration to CSV for audits and tenant assessments.

Topics

security-audit powershell-script exchange-online mdo defender-for-office365 m365-security

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Mar 2, 2026

Packages

 
 
 

Contributors

Languages