Forum Discussion
Powershell command to pull all user signatures?
The question surely is after you return all the signatures stored in user mailboxes, what do you do with it?
I know this is old, but however for the sake of completeness I am going to add my experience: spammers often add a spam link in the signature of accounts they managed to steal credentials. Extracting all signatures may be a way to approach the issue.
Michelangelo Bottura I think you might want to focus on topics like eliminating basic authentication and upgrading email clients first. The basic thing you need to do is to stop hackers getting in before you move on to worrying about email signatures. According to Microsoft, 99% of compromised accounts did not use MFA. That would be a much more productive way to stop spammers stealing credentials in the first place.
- Yep spot on, the need for securing user accounts is best served proactively. However MFA etc. adoption depends basically on company policies and first level support capability to "scale" horizontally (bots, whatever) in case of a large user base. In those cases support help desk may need a way to retrieve user signatures without accessing user mailbox or an IT person managing a small user base of VIP users may find useful to check signatures for https links or do some analysis to prevent spam links in the signatures. The same need may come from an organization which forbids html signatures for the sake of email deliverability.
Michelangelo Bottura Or just control the signatures centrally... as described in https://office365itpros.com/2020/02/20/updating-owa-signatures-powershell/