Our security team requested an assessment to identify privileged accounts and verify their MFA status. To address this requirement, we began developing a script that retrieves all _ADM accounts along with the details of their configured MFA methods.
# [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
#Connect-MgGraph -Scopes "Directory.Read.All","UserAuthenticationMethod.Read.All"
$searchBase = "OU=Privileged,OU=Managed Users,DC=TEST,DC=com"
$listofusers = Get-ADUser -SearchBase $searchBase -Filter {samaccountname -like "*_adm"} -Properties * | Select-Object -ExpandProperty UserPrincipalName
foreach ($usr in $listofusers){
# Get all users and check their authentication methods
$results = Get-MgUser -UserId $usr | ForEach-Object {
$methods = Get-MgUserAuthenticationMethod -UserId $_.Id
[PSCustomObject]@{
DisplayName = $_.DisplayName
UserPrincipalName = $_.UserPrincipalName
MFAEnabled = ($methods | Where-Object {$_.AdditionalProperties['@odata.type'] -like "*microsoft.graph.microsoftAuthenticatorAuthenticationMethod*"}).Count -gt 0
}# Export to CSV
$results | Export-Csv -Path "C:\Temp\kumar\MFAStatus.csv" -NoTypeInformation -Append
}
}
No comments:
Post a Comment