Skip to content

Getting Started

Jump to bottom
Damien M edited this page Sep 18, 2024 · 4 revisions

Installing Osprey

You can install Osprey in two ways:

  1. Open up a PowerShell terminal and type the command Install-Module -Name Osprey and follow the prompts to install.
  2. Download the installation script install.ps1 from the GitHub repository and run it.*

*If installing with an administrative session, install as normal. If installing not as an admin, add the switch -Scope CurrentUser.

Prerequisite Modules

Osprey requires the following modules be installed. Installing Osprey using the Install-Module command will automatically install the prerequisites. If not, you need to use Install-Module and install the following modules:

  • PSFramework (minimum version 1.9.310)
  • ExchangeOnlineManagement (min. vers. 3.4.0)
  • Microsoft.Graph.Authentication (min. vers. 2.19.0)
  • Microsoft.Graph.Identity.DirectoryManagement (min. vers. 2.19.0)
  • Microsoft.Graph.Applications (min. vers. 2.19.0)
  • Microsoft.Graph.Users (min. vers. 2.19.0)

Module Errors

As of 8/16/24, running Osprey while having ExchangeOnlineManagement version 3.5.0+1 and Microsoft.Graph version 2.20.0+ causes errors. Downgrade one of the modules to the version above to resolve the errors.

Other Prerequisites

You must have an account with administrative access to the tenant you want to investigate.

TBD: Least privilege admin account information here.

You also need to create a folder where you would like the investigation logs to go. I suggest something easy to type, such as c:\osprey.

Running Osprey

Depending on how you installed Osprey, you may need to load it into your PowerShell session with Import-Module -Name Osprey. You may need to import the prerequisite modules as well, if you get an error.

Next, you just have to run Start-Osprey and initialization will begin. You will need to agree to the EULA, and then you will be prompted to connect to the required modules with an M365 account with administrative permissions.

After connecting to Exchange Online and consenting to the Graph scope, you just need to choose the timeframe you are investigating, then you're good! Osprey should be initialized.

You can change the investigation parameters or investigate a different tenant by rerunning Start-Osprey and following the prompts.

If your investigations are going into the wrong tenant folder or you are running into issues with the graph commands, you may have not been connected with your intended tenant. This happens if you are investigating different tenants often. Simply rerun Start-Osprey and choose to rerun with another tenant. This will clear all your existing module connections.

Clone this wiki locally