Powershell command to pull all user signatures?

%3CLINGO-SUB%20id%3D%22lingo-sub-126103%22%20slang%3D%22en-US%22%3EPowershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126103%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20is%20there%20a%20Powershell%20command%20to%20pull%20all%20user%20signatures%20from%20365%20mailboxes%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20see%20there%20is%20a%20command%20to%20set%20it%20for%20a%20user%20using%20%22Set-OSCEXOEmailSignature%22%20but%20I%20cannot%20see%20it%20works%20for%20%22get%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-126103%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126728%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126728%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20question%20surely%20is%20after%20you%20return%20all%20the%20signatures%20stored%20in%20user%20mailboxes%2C%20what%20do%20you%20do%20with%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126263%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126263%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20keep%20in%20mind%20that%20users%20might%20not%20have%20server-side%20signatures%20configured%2C%20and%20simply%20use%20the%20Outlook%20ones.%20But%20you%20can%20get%20them%20via%20PowerShell%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EGet-Mailbox%20-RecipientTypeDetails%20UserMailbox%20%7C%20Get-MailboxMessageConfiguration%20%7C%20select%20Identity%2CSignature*%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126204%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126204%22%20slang%3D%22en-US%22%3EYou%20have%20at%20least%20two%20other%20options%20in%20Office%20365%3A%3CBR%20%2F%3E(1)%20By%20means%20of%20Mail%20Flow%20rule.%3CBR%20%2F%3E(2)%20By%20means%20of%20a%20third%20party%20tool%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126120%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126120%22%20slang%3D%22en-US%22%3E%3CP%3ELooking%20at%20the%20script%20that%20I%20found%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Foffice%2FSet-Email-Signatures-in-792587f5%2Fview%2FDiscussions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgallery.technet.microsoft.com%2Foffice%2FSet-Email-Signatures-in-792587f5%2Fview%2FDiscussions%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20looks%20like%20it%20might%20be%20possible%20to%20develop%20a%20similar%20script%20to%20get%20the%20signatures.%20But%20I%20don't%20think%20that%20it%20exists%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1204558%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204558%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64%22%20target%3D%22_blank%22%3E%40Tony%20Redmond%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20this%20is%20old%2C%20but%20however%20for%20the%20sake%20of%20completeness%20I%20am%20going%20to%20add%20my%20experience%3A%20spammers%20often%20add%20a%20spam%20link%20in%20the%20signature%20of%20accounts%20they%20managed%20to%20steal%20credentials.%20Extracting%20all%20signatures%20may%20be%20a%20way%20to%20approach%20the%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1204613%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204613%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218504%22%20target%3D%22_blank%22%3E%40Michelangelo%20Bottura%3C%2FA%3E%26nbsp%3BI%20think%20you%20might%20want%20to%20focus%20on%20topics%20like%20eliminating%20basic%20authentication%20and%20upgrading%20email%20clients%20first.%20The%20basic%20thing%20you%20need%20to%20do%20is%20to%20stop%20hackers%20getting%20in%20before%20you%20move%20on%20to%20worrying%20about%20email%20signatures.%20According%20to%20Microsoft%2C%2099%25%20of%20compromised%20accounts%20did%20not%20use%20MFA.%20That%20would%20be%20a%20much%20more%20productive%20way%20to%20stop%20spammers%20stealing%20credentials%20in%20the%20first%20place.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205169%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205169%22%20slang%3D%22en-US%22%3EYep%20spot%20on%2C%20the%20need%20for%20securing%20user%20accounts%20is%20best%20served%20proactively.%20However%20MFA%20etc.%20adoption%20depends%20basically%20on%20company%20policies%20and%20first%20level%20support%20capability%20to%20%22scale%22%20horizontally%20(bots%2C%20whatever)%20in%20case%20of%20a%20large%20user%20base.%20In%20those%20cases%20support%20help%20desk%20may%20need%20a%20way%20to%20retrieve%20user%20signatures%20without%20accessing%20user%20mailbox%20or%20an%20IT%20person%20managing%20a%20small%20user%20base%20of%20VIP%20users%20may%20find%20useful%20to%20check%20signatures%20for%20https%20links%20or%20do%20some%20analysis%20to%20prevent%20spam%20links%20in%20the%20signatures.%20The%20same%20need%20may%20come%20from%20an%20organization%20which%20forbids%20html%20signatures%20for%20the%20sake%20of%20email%20deliverability.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205174%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20command%20to%20pull%20all%20user%20signatures%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205174%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218504%22%20target%3D%22_blank%22%3E%40Michelangelo%20Bottura%3C%2FA%3E%26nbsp%3BOr%20just%20control%20the%20signatures%20centrally...%20as%20described%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Foffice365itpros.com%2F2020%2F02%2F20%2Fupdating-owa-signatures-powershell%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foffice365itpros.com%2F2020%2F02%2F20%2Fupdating-owa-signatures-powershell%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi, is there a Powershell command to pull all user signatures from 365 mailboxes?

 

I see there is a command to set it for a user using "Set-OSCEXOEmailSignature" but I cannot see it works for "get".

 

Thanks

8 Replies
Highlighted

Looking at the script that I found here: https://gallery.technet.microsoft.com/office/Set-Email-Signatures-in-792587f5/view/Discussions

 

It looks like it might be possible to develop a similar script to get the signatures. But I don't think that it exists yet.

Highlighted
You have at least two other options in Office 365:
(1) By means of Mail Flow rule.
(2) By means of a third party tool
Highlighted

Well, keep in mind that users might not have server-side signatures configured, and simply use the Outlook ones. But you can get them via PowerShell:

 

Get-Mailbox -RecipientTypeDetails UserMailbox | Get-MailboxMessageConfiguration | select Identity,Signature*
Highlighted

The question surely is after you return all the signatures stored in user mailboxes, what do you do with it?

Highlighted

@Tony Redmond 

I know this is old, but however for the sake of completeness I am going to add my experience: spammers often add a spam link in the signature of accounts they managed to steal credentials. Extracting all signatures may be a way to approach the issue.

Highlighted

@Michelangelo Bottura I think you might want to focus on topics like eliminating basic authentication and upgrading email clients first. The basic thing you need to do is to stop hackers getting in before you move on to worrying about email signatures. According to Microsoft, 99% of compromised accounts did not use MFA. That would be a much more productive way to stop spammers stealing credentials in the first place.

Highlighted
Yep spot on, the need for securing user accounts is best served proactively. However MFA etc. adoption depends basically on company policies and first level support capability to "scale" horizontally (bots, whatever) in case of a large user base. In those cases support help desk may need a way to retrieve user signatures without accessing user mailbox or an IT person managing a small user base of VIP users may find useful to check signatures for https links or do some analysis to prevent spam links in the signatures. The same need may come from an organization which forbids html signatures for the sake of email deliverability.
Highlighted