This tool can be used to help improve your Office 365 secure score in a programmatic way.  While many items may need manual review to trigger the Office 365 Secure Score workflow steps, this script should help set the configuration items.

This script can address the following rules (each rule is a separate parameter):

Some of the parameters will create scheduled tasks that will launch a browser window to review reports on a scheduled (weekly, bi-weekly) basis.

The DoNotAllow*Calendar parameters will disable all external calendar sharing.  The previous settings are backed up before making changes.

When enabling mailbox auditing, it's a per-mailbox feature.  As you onboard new mailboxes, auditing will need to be enabled as part of the provisioning process (Set-MailboxPlan does not allow you to configure auditing parameters at this time).

To run and set all items for a tenant:

$Credential = Get-Credential
.\ConfigureHighSecureScoreDefaults.ps1 -Credential $Credential -All -IRMLocation [NA|SA|GCC|EU|AP]

You can also use the above switch parameters to set individual items.

*Update

- Fixed parameter binding issue