darrenjrobinson/AzureMFAInfoviaPowershell.ps1

## AzureMFAInfoviaPowershell.ps1

# Username to connect to MFA Web Service SDK Server with
$UserName = "domain\user"
# Password for the account above
$Password = 'P@$$w0rd1!' | ConvertTo-SecureString -AsPlainText -Force
$Creds = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $Password

# Create a WS Proxy to the SOAP Azure MFA WebService SDK Endpoint
$proxy = New-WebServiceProxy -Uri https://www.domain.com.au/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx?WSDL -Credential $Creds

# Get Namespace for Objects
$ns = $proxy.GetType().Namespace

[string]$UserNameFilter="*"
[bool]$UsernameCaseSensitive=$false
[string]$firstNameFilter="*"
[bool]$firstNameCaseSensitive=$false
[string]$lastNameFilter="*"
[bool]$lastNameCaseSensitive=$false
[string]$emailFilter="*"
[bool]$emailCaseSensitive=$false
[string]$userGroupFilter="*"
[bool]$userGroupCaseSensitive=$false
[string]$phoneFilter="*"
$modeFilter = New-Object ($ns + ".Mode3")
[bool]$modeSpecified1=$false
$pinModeFilter = New-Object ($ns + ".PinMode2")
[bool]$pinModeSpecified1=$false
$smsDirectionFilter = New-Object ($ns + ".SmsDirection")
[bool]$smsDirectionSpecified1=$false
$smsModeFilter = New-Object ($ns + ".SmsMode")
[bool]$smsModeSpecified1=$false
$phoneAppModeFilter = New-Object ($ns + ".PhoneAppMode")
[bool]$phoneAppModeSpecified1=$false
$tagMatchType = New-Object ($ns + ".TagMatchType")
[string[]]$tagIds=""
[bool]$enabledFilter=$false
[bool]$enabledSpecified1=$false
$resultsComplete = $null
$userResults = New-Object ($ns + ".UserRow")
$callResult = New-Object ($ns + ".CallResult")
$errorcode = New-Object ($ns + ".Error")

# Find all users (wildcard '*')
$result = $proxy.FindUsers_4('*',[bool]$usernameCaseSensitive, [string]$firstNameFilter, [bool]$firstNameCaseSensitive, [string]$lastNameFilter, [bool]$lastNameCaseSensitive, [string]$emailFilter, [bool]$emailCaseSensitive, [string]$userGroupFilter, [bool]$userGroupCaseSensitive, [string]$phoneFilter, ([object]$modeFilter), [bool]$modeSpecified1, ([object]$pinModeFilter), [bool]$pinModeSpecified1, ([object]$smsDirectionFilter), [bool]$smsDirectionSpecified1, [object]$smsModeFilter, [bool]$smsModeSpecified1, ([object]$phoneAppModeFilter), [bool]$phoneAppModeSpecified1, ([object]$tagMatchType),[string[]]$tagIds,[bool]$enabledFilter, [bool]$enabledSpecified1, [int32]$resultLimit, ([ref] $userResults), ([ref] $resultsComplete),  ([ref]$errorcode))
# Find all users with name starting with darren*
$result = $proxy.FindUsers_4('darren*',[bool]$usernameCaseSensitive, [string]$firstNameFilter, [bool]$firstNameCaseSensitive, [string]$lastNameFilter, [bool]$lastNameCaseSensitive, [string]$emailFilter, [bool]$emailCaseSensitive, [string]$userGroupFilter, [bool]$userGroupCaseSensitive, [string]$phoneFilter, ([object]$modeFilter), [bool]$modeSpecified1, ([object]$pinModeFilter), [bool]$pinModeSpecified1, ([object]$smsDirectionFilter), [bool]$smsDirectionSpecified1, [object]$smsModeFilter, [bool]$smsModeSpecified1, ([object]$phoneAppModeFilter), [bool]$phoneAppModeSpecified1, ([object]$tagMatchType),[string[]]$tagIds,[bool]$enabledFilter, [bool]$enabledSpecified1, [int32]$resultLimit, ([ref] $userResults), ([ref] $resultsComplete),  ([ref]$errorcode))

$userResults.count
$userResults | out-gridview

# Store the found MFA Users Username
$mfauser = $userResults.username

# Get their phone number as stored in the MFA Server
$userphone = New-Object ($ns + ".Userphone")
$result = $proxy.GetPhone([string]$mfauser,[ref]$userphone, [ref]$errorcode)
$userphone

# What are the users MFA Settings
$userMFASettings = New-Object ($ns + ".UserSettings2")
$result = $proxy.GetUserSettings_2([string]$mfauser,[ref]$userMFASettings, [ref]$errorcode)
$userMFASettings

# GET MFA DEVICES
$userDevices = New-Object ($ns + ".UserDevice")
$result = $proxy.GetUserDevices([string]$mfauser,([ref] $userDevices), [ref]$errorcode)
$userDevices.value


# MAKE A 2FA OTP Phone Call
$AuthenticationType = New-Object ($ns + ".AuthenticationType")
$callResult = New-Object ($ns + ".CallResult")
$authenticationRequestId = $null
[bool] $requireUserMatch = $true
$initiatingAuthenticationType ="pfsdk"

$result = $proxy.PfAuthUser_4([string]$mfauser,[object] $initiatingAuthenticationType, [string] "192.168.20.6", [string] "Test Script", [bool] $requireUserMatch, [ref] $callResult, [ref] $authenticationRequestId,  [ref]$errorcode)

Write-Host "MFA Call Result Code: " $callResult.Code
Write-Host "MFA Call Result Description: " $callResult.Description
Write-Host "MFA AuthN Request ID: " $authenticationRequestId

	# Username to connect to MFA Web Service SDK Server with
	$UserName = "domain\user"
	# Password for the account above
	$Password = 'P@$$w0rd1!' \| ConvertTo-SecureString -AsPlainText -Force
	$Creds = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $Password

	# Create a WS Proxy to the SOAP Azure MFA WebService SDK Endpoint
	$proxy = New-WebServiceProxy -Uri https://www.domain.com.au/MultiFactorAuthWebServiceSdk/PfWsSdk.asmx?WSDL -Credential $Creds

	# Get Namespace for Objects
	$ns = $proxy.GetType().Namespace

	[string]$UserNameFilter="*"
	[bool]$UsernameCaseSensitive=$false
	[string]$firstNameFilter="*"
	[bool]$firstNameCaseSensitive=$false
	[string]$lastNameFilter="*"
	[bool]$lastNameCaseSensitive=$false
	[string]$emailFilter="*"
	[bool]$emailCaseSensitive=$false
	[string]$userGroupFilter="*"
	[bool]$userGroupCaseSensitive=$false
	[string]$phoneFilter="*"
	$modeFilter = New-Object ($ns + ".Mode3")
	[bool]$modeSpecified1=$false
	$pinModeFilter = New-Object ($ns + ".PinMode2")
	[bool]$pinModeSpecified1=$false
	$smsDirectionFilter = New-Object ($ns + ".SmsDirection")
	[bool]$smsDirectionSpecified1=$false
	$smsModeFilter = New-Object ($ns + ".SmsMode")
	[bool]$smsModeSpecified1=$false
	$phoneAppModeFilter = New-Object ($ns + ".PhoneAppMode")
	[bool]$phoneAppModeSpecified1=$false
	$tagMatchType = New-Object ($ns + ".TagMatchType")
	[string[]]$tagIds=""
	[bool]$enabledFilter=$false
	[bool]$enabledSpecified1=$false
	$resultsComplete = $null
	$userResults = New-Object ($ns + ".UserRow")
	$callResult = New-Object ($ns + ".CallResult")
	$errorcode = New-Object ($ns + ".Error")

	# Find all users (wildcard '*')
	$result = $proxy.FindUsers_4('*',[bool]$usernameCaseSensitive, [string]$firstNameFilter, [bool]$firstNameCaseSensitive, [string]$lastNameFilter, [bool]$lastNameCaseSensitive, [string]$emailFilter, [bool]$emailCaseSensitive, [string]$userGroupFilter, [bool]$userGroupCaseSensitive, [string]$phoneFilter, ([object]$modeFilter), [bool]$modeSpecified1, ([object]$pinModeFilter), [bool]$pinModeSpecified1, ([object]$smsDirectionFilter), [bool]$smsDirectionSpecified1, [object]$smsModeFilter, [bool]$smsModeSpecified1, ([object]$phoneAppModeFilter), [bool]$phoneAppModeSpecified1, ([object]$tagMatchType),[string[]]$tagIds,[bool]$enabledFilter, [bool]$enabledSpecified1, [int32]$resultLimit, ([ref] $userResults), ([ref] $resultsComplete), ([ref]$errorcode))
	# Find all users with name starting with darren*
	$result = $proxy.FindUsers_4('darren*',[bool]$usernameCaseSensitive, [string]$firstNameFilter, [bool]$firstNameCaseSensitive, [string]$lastNameFilter, [bool]$lastNameCaseSensitive, [string]$emailFilter, [bool]$emailCaseSensitive, [string]$userGroupFilter, [bool]$userGroupCaseSensitive, [string]$phoneFilter, ([object]$modeFilter), [bool]$modeSpecified1, ([object]$pinModeFilter), [bool]$pinModeSpecified1, ([object]$smsDirectionFilter), [bool]$smsDirectionSpecified1, [object]$smsModeFilter, [bool]$smsModeSpecified1, ([object]$phoneAppModeFilter), [bool]$phoneAppModeSpecified1, ([object]$tagMatchType),[string[]]$tagIds,[bool]$enabledFilter, [bool]$enabledSpecified1, [int32]$resultLimit, ([ref] $userResults), ([ref] $resultsComplete), ([ref]$errorcode))

	$userResults.count
	$userResults \| out-gridview

	# Store the found MFA Users Username
	$mfauser = $userResults.username

	# Get their phone number as stored in the MFA Server
	$userphone = New-Object ($ns + ".Userphone")
	$result = $proxy.GetPhone([string]$mfauser,[ref]$userphone, [ref]$errorcode)
	$userphone

	# What are the users MFA Settings
	$userMFASettings = New-Object ($ns + ".UserSettings2")
	$result = $proxy.GetUserSettings_2([string]$mfauser,[ref]$userMFASettings, [ref]$errorcode)
	$userMFASettings

	# GET MFA DEVICES
	$userDevices = New-Object ($ns + ".UserDevice")
	$result = $proxy.GetUserDevices([string]$mfauser,([ref] $userDevices), [ref]$errorcode)
	$userDevices.value


	# MAKE A 2FA OTP Phone Call
	$AuthenticationType = New-Object ($ns + ".AuthenticationType")
	$callResult = New-Object ($ns + ".CallResult")
	$authenticationRequestId = $null
	[bool] $requireUserMatch = $true
	$initiatingAuthenticationType ="pfsdk"

	$result = $proxy.PfAuthUser_4([string]$mfauser,[object] $initiatingAuthenticationType, [string] "192.168.20.6", [string] "Test Script", [bool] $requireUserMatch, [ref] $callResult, [ref] $authenticationRequestId, [ref]$errorcode)

	Write-Host "MFA Call Result Code: " $callResult.Code
	Write-Host "MFA Call Result Description: " $callResult.Description
	Write-Host "MFA AuthN Request ID: " $authenticationRequestId