Tuesday, June 20, 2023

Powershell - Microsoft Graph reports - Get MFA status of users.

Requires an App Registration be setup with proper API permissions and a self-signed certificate for authentication to it.


Import-Module Microsoft.Graph.Reports

Select-MgProfile -Name "beta"



$TenantId = "XXXXX"

$AppId = "XXXXX"



Connect-MgGraph -ClientId $AppId -TenantId $TenantId -CertificateThumbprint "XXXXXXX"



$report = Get-MgReportCredentialUserRegistrationDetail -all



$report| select @{name="AuthMethods";e={$_.AuthMethods -join ","}},IsCapable,IsEnabled,IsMfaRegistered,IsRegistered,UserDisplayName,UserPrincipalName | Select UserPrincipalName,UserDisplayName,IsCapable,IsEnabled,IsMfaRegistered,IsRegistered,AuthMethods | export-csv -NoTypeInformation -Path "c:\reports\MFA - MFA Audit Logs.csv"



Disconnect-MgGraph
at No comments:

Thursday, June 1, 2023

Custom View for Events NTLMv1 on a DC

 <QueryList>

  <Query Id="0" Path="Security">

    <Select Path="Security">*[System[(EventID=4624)] and EventData[Data[@Name='LmPackageName']='NTLM V1']]</Select>

  </Query>

</QueryList>

at No comments:
Subscribe to: Posts (Atom)