Impersonation protected user upload script

,

Impersonation is when the sender of an email message looks similar to a real or expected sender’s email address. Attackers often use impersonated sender email addresses in phishing or other types of attacks to gain the trust of the recipient.

User impersonation: Contains subtle differences in the email alias. For example, louiis@gmail.com impersonates louis@gmail.com.

Anti-phishing

Microsoft Defender for Office allows us to define up to 350 users to protect against user impersonation. Microsoft recommends adding your most important people to this list: CEO, CFO, CTO,… But I also tend to add people from the accounting department and HR. I have seen phishing attacks that also tried to abuse confusion around their identity.

Adding the users manually

The process of adding these users is doable if you only have a couple of them. But I had to add more than 66 VIP users and more are on their way to be added.

You can’t add a group or distribution list. You have to manually enter the email address, select the user, and press add. Now do it a 100 times!

Can I automate it?

I don’t think I’m the only one who came up with this idea. I frantically searched all over the internet, GitHub repositories, forums, etc., but couldn’t find a script that someone had already written for what I was looking for. And if somebody already has written it and I missed it, well, it was a good exercise to dust off my PowerShell skills (which are slim to none).

Looking at the Exchange Online module, I saw that I could create an anti-phish policy. The only thing I needed to figure out was which property allows me to add those users. I found in the docs that it was the -EnableTargetedUserProtection parameter

The Script

So I did what I had to do… I wrote an upload script based on a CSV file that uploads the users directly to the anti-phish policy of your choice.

Before running the script, ensure you have the Exchange Online connect module installed. Additionally, don’t forget to fill in your User Principal Name (UPN) in the script.

I’ve included a sample CSV with dummy data to demonstrate how you need to structure your data. Simply enter the location of the CSV file, press ENTER, and let the magic happen.

You can find the complete script and up to script on my GITHUB repo


Leave a Reply

Your email address will not be published. Required fields are marked *