Hey Checkyourlogs Fans,
Today I was asked by a client to verify the deployment of MDE and Cisco DUO in an infrastructure.
As many servers are being added and removed, I felt it would be best to run this as a PowerShell Script scheduled Daily.
This was an easy script to come up with as I reused some of my old functions for the mail-to.
I could see right away that we had missed some WDATP and DUO installs, even though they were automated.
Here is the code for the script
#Script to Check if critical Security Services are running
#Script written to double check DUO Install and status of Sense (MDE) Services
# Function to check if a service is running on a remote computer
function IsServiceRunning($computerName, $serviceName) {
$service = Get-Service -ComputerName $computerName -Name $serviceName -ErrorAction SilentlyContinue
return ($service -ne $null -and $service.Status -eq 'Running')
}
# Function to check if a program is installed on a remote computer
function IsProgramInstalled($computerName, $programName) {
$installedProgram = Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name = '$programName'" -ComputerName $computerName -ErrorAction SilentlyContinue
return ($installedProgram -ne $null)
}
# Get all servers from Active Directory
$servers = Get-ADComputer -Filter {OperatingSystem -like "Windows*Server*"} | Select-Object -ExpandProperty Name
# Create an array to store results
$results = @()
# Function to check if a server is online
function Test-ConnectionStatus {
param (
[string]$computerName
)
$online = Test-Connection -ComputerName $computerName -Count 2 -Quiet -ErrorAction SilentlyContinue
return $online
}
# Function to generate HTML report
# Function to generate HTML report and send it via email
function Generate-HTMLReport {
param (
[array]$results
)
$currentDateTime = Get-Date -Format "yyyyMMdd-HHmmss"
$htmlReportPath = "C:\post-install\092-MDEDUODailyReport\ServerStatusReport_$currentDateTime.html"
$htmlReport = @"
<!DOCTYPE html>
<html>
<head>
<style>
body {
background-color: #E0E0E0; /* Grey background color */
font-family: Arial, sans-serif;
}
table {
border-collapse: collapse;
width: 80%;
margin: 20px;
}
th, td {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
th {
background-color: #555555;
color: white;
}
tr:nth-child(even) {
background-color: #f2f2f2;
}
.True {
color: green;
}
.False {
color: red;
}
</style>
</head>
<body>
<h2>MDE/DUO Compliance Status Report</h2>
<p>Generated on: $($currentDateTime)</p>
<p>Generated by: Dave Kawula-MVP <p>
<table>
<tr>
<th>Server Name</th>
<th>Status</th>
<th>WDATP Service</th>
<th>Cisco DUO Installed</th>
</tr>
"@
foreach ($result in $results) {
$htmlReport += @"
<tr>
<td>$($result.ServerName)</td>
<td>$($result.Status)</td>
<td class="$($result.WDATPServiceStatus)">$($result.WDATPServiceStatus)</td>
<td class="$($result.CiscoDUOInstalled)">$($result.CiscoDUOInstalled)</td>
</tr>
"@
}
$htmlReport += @"
</table>
</body>
</html>
"@
$htmlReport | Out-File -FilePath $htmlReportPath -Force
Write-Host "HTML report generated: $htmlReportPath"
#Generate the output file
#Write-Verbose "Writing Output to File $OutPutFile"
#$output | Out-File $OutPutFile -Force
#$emailbody = get-content $htmlreport
$Username ="apikey"
$Password = <BLAH>
$credential = <BLAH>
$SMTPServer = "smtp.sendgrid.net"
$EmailFrom = <BLAH>
#$EmailTo = Blah@Blah.com
$Subject = "Daily MDE and Duo Status Report"
$EmailTo = Blah@blah.com
#Mail the Report
#If ($MailTo -and $MailFrom -and $MailServer)
#Fore Mail to go with Hard Coded Parameters for now
# Foreach ($Email in $Emailto)
# {
Send-MailMessage -From $EmailFrom -To $EmailTo -SmtpServer $SMTPServer -Credential $credential -Port 587 -Subject $Subject -Encoding UTF8 -BodyAsHtml -Body $htmlreport
# }
Write-Host "Email sent with the Server Status Report."
}
# Loop through each server
foreach ($server in $servers) {
Write-Host "Checking server: $server"
# Check if the server is online
$isOnline = Test-ConnectionStatus -computerName $server
if ($isOnline) {
# Check if Windows Defender Advanced Threat Protection service "Sense" is running
$wdatpServiceStatus = IsServiceRunning -computerName $server -serviceName "Sense"
# Check if Cisco DUO is installed
$duoInstalled = IsProgramInstalled -computerName $server -programName "Duo Authentication for Windows Logon x64"
# Add results to the array
$result = [PSCustomObject]@{
ServerName = $server
Status = "Online"
WDATPServiceStatus = $wdatpServiceStatus
CiscoDUOInstalled = $duoInstalled
}
} else {
# Add offline server to the array
$result = [PSCustomObject]@{
ServerName = $server
Status = "Offline"
WDATPServiceStatus = $null
CiscoDUOInstalled = $null
}
}
$results += $result
}
# Display results in a table view
#$results | Format-Table -AutoSize
# Generate HTML report
Generate-HTMLReport -results $results
You can also find a copy on my GitHub repo.
https://github.com/dkawula/Operations/blob/master/MDE/MDE_DUO_Daily_Compliance_Report.ps1
You need to schedule it to run as a daily task on a management server, and it is good to go.
Hope you enjoy the post,
Dave
