[CoIT-Security] FW: Adding Custom Banned Words for Office 365 Group Creation

CoIT Security coit-security at lists.onenet.net
Thu Sep 13 12:02:31 CDT 2018


I thought this was an interesting addition to our repertoire of defense tools against misuse of the O365 groups. Banned words lists for O365 group creation. We are banning "bad words" as well as terms related to business operations like bursar, admissions, financial services, etc. etc.

Jesse is a systems administrator on our team and assembled this documentation from a couple of blogs as the info from Microsoft is not very complete at this time.

Rob

Rob Greggs
Acting Vice President for IITS
Oklahoma City Community College
7777 S. May Ave.
Oklahoma City, OK 73159
O: 405.682.7877
F: 405.688.3900
rgreggs at occc.edu<mailto:rgreggs at occc.edu>
Die dulci freure



From: Uffen, Jesse P.
Sent: Thursday, September 13, 2018 11:34 AM
To: Greggs, Rob <rgreggs at occc.edu>
Subject: Adding Custom Banned Words for Office 365 Group Creation


Adding custom banned words to  O365 Groups names was talked about in the Community Hours call a few months back. I wanted to get this setup asap after we enabled Teams for students and after seeing an increase of compromised student accounts. Global admins and a few other administrative roles can bypass the filter if needed.

The cmdlets needed are available in the AzureADPreview powershell module:
https://www.powershellgallery.com/packages/AzureADPreview/2.0.1.18

I used these two blog posts for guidance:
https://drewmadelung.com/managing-office-365-group-using-azure-ad-powershell-v2/ - Used to configure group settings in our tenant.
https://drewmadelung.com/office-365-groups-naming-policy/ - Configuring custom blocked words.


A quick basic guide using powershell cmdlets from the blogposts I linked and my own experiences:

Connect-AzureAD - Connect to your tenant

Get-AzureADDirectorySetting | ForEach Values - View your current settings

$settings = Get-AzureADDirectorySetting | where-object {$_.displayname -eq "Group.Unified"} - Put your settings policy into a variable
$settings["CustomBlockedWordsList"] = "HR,Contoso,Payroll,CEO,CFO,CIO" - Configure the values for the custom blocked words list in the variable we created above
Set-AzureADDirectorySetting -Id $settings.Id -DirectorySetting $settings - Apply the settings

Get-AzureADDirectorySetting | ForEach Values - You should now see the updated values when you view your settings


To make it easier, I created a text document with all of my banned words (separated by commas) and put that content into a variable so I did not have to type out my list every time I made a change. When I set the custom blocked words list setting I pointed to the variable.
$badwords = get-content <filepath of txt file>
$settings["CustomBlockedWordsList"] = $badwords



Jesse


Jesse Uffen
Systems Administrator
405.686.6214
Juffen at occc.edu


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20180913/ea83dac6/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: O365 group creation policy info.txt
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20180913/ea83dac6/attachment.txt>


More information about the CoIT-Security mailing list