while($true) Where-Object $_.SignInActivity.LastSignInDateTime -gt (Get-Date).AddHours(-24) Write-Host "Users active last 24h: $($activeUsers.Count)" $mailboxSize = Get-MailboxStatistics -Identity "admin@contoso.com" This mimics top or htop but for your tenant. 5.1 Find All Admin Role Assignments (Who can wreck your tenant) Get-MgRoleManagementDirectoryRoleAssignment | Where-Object $_.RoleDefinitionId -eq "Global Administrator" | Select-Object PrincipalId, RoleDefinitionId 5.2 Detect Mailbox Forwarding (Common data exfiltration) Get-Mailbox -ResultSize Unlimited | Where-Object $_.ForwardingSmtpAddress -ne $null | Select-Object DisplayName, ForwardingSmtpAddress, DeliverToMailboxAndForward Interesting finding: Many attackers set DeliverToMailboxAndForward = $true to keep the user unaware. 6. Automation Script – "Office 365 Daily Health Check" Save as O365-Health.ps1 and run daily via Task Scheduler or cron:
Want to run this interactively? Save this report as Invoke-O365CmdDemo.ps1 and explore. active office 365 cmd
| Component | Role | |-----------|------| | | Cross-platform shell | | Microsoft Graph PowerShell SDK | Modern API-based commands | | Exchange Online V3 module | Mailbox-specific controls | | SharePoint Online Management Shell | SPO site management | while($true) Where-Object $_
# Report summary Write-Output "=== O365 Health Report $(Get-Date) ===" Write-Output "Users: $(Get-MgUser -All).Count" Write-Output "Disabled users: $(Get-MgUser -All | Where-Object $_.AccountEnabled -eq $false).Count" Write-Output "Guest accounts: $(Get-MgUser -All | Where-Object $_.UserType -eq 'Guest').Count" Write-Output "Mailboxes > 90GB: $((Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Where-Object $_.TotalItemSize.Value.ToGB() -gt 90).Count)" Though limited, native cmd can still interact with O365 via curl to Graph API with a token: Automation Script – "Office 365 Daily Health Check"
Legacy modules ( MSOnline , AzureAD , ExchangeOnlineManagement older versions) are as of 2024–2026. 3. Interesting Active Commands (Live Examples) 3.1 User Reconnaissance – Find "Hidden" Accounts List all users who have never logged in (inactive security risk):
This report focuses on the for Office 365, primarily the Microsoft Graph PowerShell SDK (the successor to deprecated MSOnline and AzureAD modules), but also includes legacy cmd tricks, real-time monitoring, and automation scripts that act like "CMD on steroids." Report: Active Office 365 CMD – Beyond the GUI, Into the Shell Date: April 14, 2026 Subject: How to control, audit, and automate Office 365 using command-line interfaces (PowerShell, CMD, and Graph API). 1. Executive Summary The graphical portal (portal.azure.com, admin.exchange.microsoft.com) is slow and click-heavy. Active CMD —specifically PowerShell 7 with the Microsoft Graph module—is the real control plane for Office 365. This report demonstrates how to execute powerful administrative commands, extract hidden user data, and automate security tasks, all from a terminal. Key takeaway: A single line of CLI can replace 15 minutes of GUI navigation. 2. The Modern "CMD" for Office 365 While cmd.exe itself can't talk to O365 natively, PowerShell is the de facto active command line. The recommended stack:
The "CMD" of yesterday has evolved into a programmable, powerful interface that gives you complete control over your tenant. Final command to try right now: Connect-MgGraph -Scopes "User.Read.All" Get-MgUser -Top 10 | Format-List DisplayName, UserPrincipalName End of Report