M365_Groups_Enum – Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata:

  • name
  • visibility: public or private
  • description
  • email address
  • owners
  • members
  • Teams enabled?
  • SharePoint URL (e.g. for Teams shared files)

All of this, even for private Groups! Read more about this on my blog article “Risks of Microsoft Teams and Microsoft 365 Groups”

The reporting.py script will take the JSON output from all_groups.py and generates a CSV files allowing to quickly identify sensitive private or public groups.

Installation

Requirement:

  1. Download the repository
  2. Install requirements with
pip install -r requirements.txt

Usage

You will need a valid account on the tenant. Different authentication methods are supported:

  • via login + password (MFA not supported)
python all_groups.py -u myuser@example.onmicrosoft.com -p MyPassw0rd
  • via device authentication, which supports MFA via the browser. Launch then follow instructions
python all_groups.py --device-code

Other methods are also offered. You can read the ROADTools documentation or run the script without any argument to get help.

python all_groups.py

That’s all, you don’t need more options! The script output will be in all_groups.json in the current directory.

Then, if you want a nicer and more concise output from this JSON, use reporting.py to transform it:

python reporting.py

It automatically takes all_groups.json in the current directory, and outputs to all_groups.csv in the same directory.

Acknowledgements

This project uses for authentication the very helpful roadlib from ROADTools by @dirkjanm

M365_Groups_Enum – Enumerate Microsoft 365 Groups In A Tenant With Their Metadata

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata:

  • name
  • visibility: public or private
  • description
  • email address
  • owners
  • members
  • Teams enabled?
  • SharePoint URL (e.g. for Teams shared files)

All of this, even for private Groups! Read more about this on my blog article “Risks of Microsoft Teams and Microsoft 365 Groups”

The reporting.py script will take the JSON output from all_groups.py and generates a CSV files allowing to quickly identify sensitive private or public groups.

Installation

Requirement:

  1. Download the repository
  2. Install requirements with
pip install -r requirements.txt

Usage

You will need a valid account on the tenant. Different authentication methods are supported:

  • via login + password (MFA not supported)
python all_groups.py -u myuser@example.onmicrosoft.com -p MyPassw0rd
  • via device authentication, which supports MFA via the browser. Launch then follow instructions
python all_groups.py --device-code

Other methods are also offered. You can read the ROADTools documentation or run the script without any argument to get help.

python all_groups.py

That’s all, you don’t need more options! The script output will be in all_groups.json in the current directory.

Then, if you want a nicer and more concise output from this JSON, use reporting.py to transform it:

python reporting.py

It automatically takes all_groups.json in the current directory, and outputs to all_groups.csv in the same directory.

Acknowledgements

This project uses for authentication the very helpful roadlib from ROADTools by @dirkjanm

By admin