-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathGet-MsolUserMFADetails.ps1
115 lines (95 loc) · 3.62 KB
/
Get-MsolUserMFADetails.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<#
.Synopsis
Get Azure MFA status and details for users in Azure AD.
.Parameter UserPrincipalName
UPN of user to query for MFA details. Accepts pipeline input.
.Parameter MsolUser
MsolUser objects from Get-MsolUser. Accepts objects in the pipeline or stored as variables.
.Parameter All
Specifies to get and process all MsolUser's.
.Example
.\Get-MsolUserMFADetails.ps1 -UserPrincipalName [email protected]
PS C:\> .\Get-MsolUserMFADetails.ps1 [email protected]
PS C:\> "[email protected]" | .\Get-MsolUserMFADetails.ps1
.Example
$HQUsers = Get-MsolUser -City 'Quispamsis'
PS C:\> .\Get-MsolUserMFADetails.ps1 -MsolUser $HQUsers
PS C:\> .\Get-MsolUserMFADetails.ps1 $HQUsers
PS C:\> $HQUsers | .\Get-MsolUserMFADetails.ps1
.Example
.\Get-MsolUserMFADetails.ps1 -All | Export-csv MsolUserMFADetails.csv
.Outputs
[PSCustomObject] as follows:
UserPrincipalName : [email protected]
DisplayName : User1
MfaState : Disabled
DefaultMethod : PhoneAppNotification
ConfiguredMethods : OneWaySMS, TwoWayVoiceMobile, PhoneAppOTP, PhoneAppNotification
AuthenticationPhone : +1 8005551212
AltAuthenticationPhone :
PhoneAppAuthMethod : Notification, OTP
PhoneAppDeviceName : ONEPLUS A5010
UserType : Member
ObjectId : 04eb85e2-e0bf-490b-81d2-e5559ad35d19
#>
#Requires -Version 5.1
#Requires -Module MSOnline
[CmdletBinding(DefaultParameterSetName = 'UserPrincipalName')]
param (
[Parameter(
ParameterSetName = 'UserPrincipalName',
Mandatory,
ValueFromPipeline,
ValueFromPipelineByPropertyName,
Position = 0
)]
[ValidatePattern('.*\@.*\..*')]
[string]$UserPrincipalName,
[Parameter(
ParameterSetName = 'MsolUser',
ValueFromPipeline,
Position = 0
)]
[Microsoft.Online.Administration.User[]]$MsolUser,
[Parameter(
ParameterSetName = 'All'
)]
[switch]$All
)
begin {
try {
Get-MsolAccountSku -ErrorAction Stop | Out-Null
}
catch {
Write-Warning -Message "Connect with Connect-MsolService before running this script."
break
}
if ($Script:All) { $Script:MsolUser = Get-MsolUser -All }
}
process {
if ($UserPrincipalName) {
try {
$Script:MsolUser = Get-MsolUser -UserPrincipalName $UserPrincipalName -ErrorAction:Stop
}
catch {
Write-Warning -Message "Failed to find MsolUser with UserPrincipalName ""$($UserPrincipalName)""."
break
}
}
foreach ($m in $MsolUser) {
[PSCustomObject]@{
UserPrincipalName = $m.UserPrincipalName
DisplayName = $m.Displayname
MfaState = if ($m.StrongAuthenticationRequirements.State) { $m.StrongAuthenticationRequirements.State }
else { "Disabled" }
DefaultMethod = ($m.StrongAuthenticationMethods | Where-Object { $_.IsDefault -eq $true }).MethodType
ConfiguredMethods = $m.StrongAuthenticationMethods.MethodType -join ", "
AuthenticationPhone = $m.StrongAuthenticationUserDetails.PhoneNumber
AltAuthenticationPhone = $m.StrongAuthenticationUserDetails.AlternatePhoneNumber
PhoneAppAuthMethod = $m.StrongAuthenticationPhoneAppDetails.AuthenticationType -join ', '
PhoneAppDeviceName = $m.StrongAuthenticationPhoneAppDetails.DeviceName -join ', '
UserType = $m.UserType
ObjectId = $m.ObjectId
}
}
}