Security In UcmPsTools

Please, use only the original, signed package/ps1 files

As detailed below, UcmPsTools can access large sections of an Office365 tenant and can store credentials if you let it. Copies of UcmPsTools from unknown sources should be treated as hostile. Always grab it from one of the methods listed on the Quickstart page

Functions Store Encrypted Credentials Locally!

As I initially designed this module for large batch migrations and the like, I needed a way for scripts to securely recover automatically when an Office365 token timed out or a connection issue occurred.

Far too often I would run across scripts where someone had hard coded in a password in cleartext or with really bad encryption making things fair game for any consultant with access to the machine, so I wanted UcmPsTools instead to handle this itself rather than encouraging admins to hardcode passwords into scripts.

Thus, whenever any of the New-Ucm*ConnectionFunctions are called (or Test-Ucm*Connection -Reconnect)They will attempt to save or re-use stored credentials.

Creds.xml

UcmPsTools takes a different approach, instead of asking you to pass it credentials to do its work, it will use a method similar to BounShell and store your credentials in an encrypted file called "Creds.xml" in the current working folder.

This file is automatically created whenever calling any of the New-Ucm*Connection cmdlets unless the -nosave flag is specified.

Modern Authentication

Thus with UcmPsTools and BounShell I frequently runs unattended automations, it has been designed to hold on to creds and tokens as long as it can. As such great care should be taken to ensure that the scripts are unmodified before using them. Either download this directly from my GitHub Repo https://github.com/atreidae/ucmpstools or from the PowerShell Gallery