Skip to content

Instantly share code, notes, and snippets.

@gioxx
Created June 23, 2023 14:25
Show Gist options
  • Save gioxx/413baabdf214e114b01948bf1e756b26 to your computer and use it in GitHub Desktop.
Save gioxx/413baabdf214e114b01948bf1e756b26 to your computer and use it in GitHub Desktop.
Esporta la lista degli utenti che fanno uso di MFA e riporta il metodo di autenticazione predefinito (SMS/call/TOTP/Authenticator App). Maggiori informazioni disponibili sul blog all'indirizzo https://wp.me/pdQ5q-tOk
function _CheckCSVFolder($path) {
if ([string]::IsNullOrEmpty($path)) {
$path = ".\"
} else {
$path = $path.TrimEnd('\')
}
return $path
}
function _SaveFileWithProgressiveNumber($path) {
$baseName = [System.IO.Path]::GetFileNameWithoutExtension($path)
$extension = [System.IO.Path]::GetExtension($path)
$directory = [System.IO.Path]::GetDirectoryName($path)
$count = 1
while (Test-Path $path)
{
$fileName = $baseName + "_$count" + $extension
$path = Join-Path -Path $directory -ChildPath $fileName
$count++
}
return $path
}
function Export-MFAStatusDefaultMethod {
# Credits: https://thesysadminchannel.com/get-per-user-mfa-status-using-powershell
param(
[Parameter(Mandatory=$false, ValueFromPipeline=$true, HelpMessage="Folder where export CSV file (e.g. C:\Temp)")]
[string] $folderCSV,
[Parameter(Mandatory=$false, ValueFromPipeline=$true, HelpMessage="Extract into CSV all users (even those with MFA disabled).")]
[switch] $All
)
Set-Variable ProgressPreference Continue
$folder = _CheckCSVFolder($folderCSV)
if (-not (Get-MsolDomain -ErrorAction SilentlyContinue)) {
Write-Error "You must connect to the MSolService to continue" -ErrorAction Stop
}
$Result = @()
$ProcessedCount = 0
$MsolUserList = Get-MsolUser -All -ErrorAction Stop |
Where-Object {$_.UserType -ne 'Guest' -And $_.DisplayName -notmatch 'On-Premises Directory Synchronization'}
$totalUsers = $MsolUserList.Count
foreach ($User in $MsolUserList) {
$ProcessedCount++
$PercentComplete = (($ProcessedCount / $totalUsers) * 100)
Write-Progress -Activity "Processing $User" -Status "$ProcessedCount out of $totalUsers completed ($($PercentComplete.ToString('0.00'))%)" -PercentComplete $PercentComplete
if ($User.StrongAuthenticationRequirements) {
$PerUserMFAState = $User.StrongAuthenticationRequirements.State
} else {
$PerUserMFAState = 'Disabled'
}
$MethodType = $User.StrongAuthenticationMethods |
Where-Object {$_.IsDefault -eq $true} |
Select -ExpandProperty MethodType
if ($MethodType) {
switch ($MethodType) {
'OneWaySMS' {$DefaultMethodType = 'SMS Text Message'}
'TwoWayVoiceMobile' {$DefaultMethodType = 'Call to Phone'}
'PhoneAppOTP' {$DefaultMethodType = 'TOTP'}
'PhoneAppNotification' {$DefaultMethodType = 'Authenticator App'}
}
} else {
$DefaultMethodType = 'Not Enabled'
}
if ($All) {
$Result += New-Object -TypeName PSObject -Property $([ordered]@{
UserPrincipalName = $User.UserPrincipalName
DisplayName = $User.DisplayName
PerUserMFAState = $PerUserMFAState
DefaultMethodType = $DefaultMethodType
})
$MethodType = $null
} else {
if (!($PerUserMFAState -eq 'Disabled')) {
$Result += New-Object -TypeName PSObject -Property $([ordered]@{
UserPrincipalName = $User.UserPrincipalName
DisplayName = $User.DisplayName
DefaultMethodType = $DefaultMethodType
})
$MethodType = $null
}
}
}
$CSV = _SaveFileWithProgressiveNumber("$($folder)\$((Get-Date -format "yyyyMMdd").ToString())_M365-MFA-DefaultAuthMethod-Report.csv")
$Result | Export-CSV $CSV -NoTypeInformation -Encoding UTF8 -Delimiter ";"
}
Export-MFAStatusDefaultMethod
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment