Skip to content

Instantly share code, notes, and snippets.

@f-bader
Last active April 14, 2024 19:46
Show Gist options
  • Save f-bader/63a1a09a0b8b04b05b08e876ef3a7a19 to your computer and use it in GitHub Desktop.
Save f-bader/63a1a09a0b8b04b05b08e876ef3a7a19 to your computer and use it in GitHub Desktop.
List all AAGUIDs in an Entra ID / Azure AD tenant
# looking for a all in one solution?
# https://github.com/f-bader/EntraIDPasskeyHelper
Connect-MGGraph -UseDeviceAuthentication -Scopes "AuditLog.Read.All", "UserAuthenticationMethod.Read.All"
$NextUri = "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$filter=methodsRegistered/any(x:x eq 'passKeyDeviceBound')"
do {
$Result = Invoke-MgGraphRequest -Uri $NextUri
$NextUri = $Result['@odata.nextLink']
$ReturnValue += $Result['value']
} while (-not [string]::IsNullOrWhiteSpace($NextUri) )
$FIDO2Users = $ReturnValue | Select-Object id, userPrincipalName
$FIDOKeysRegistered = [System.Collections.ArrayList]::new()
foreach ($User in $FIDO2Users ) {
$CurrentMethods = Invoke-MGGraphRequest -Uri "https://graph.microsoft.com/v1.0/users/$($User.id)/authentication/fido2Methods" | Select-Object -ExpandProperty value
$CurrentMethods | % { $FIDOKeysRegistered.Add($_) | Out-Null }
}
$FIDOKeysRegistered | Select-Object -Unique -ExpandProperty aaGuid | Sort-Object
$FIDOKeysRegistered | Select-Object aaGuid, model -Unique | Sort-Object model
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment