Azure IT Powershell

Azure AD Report der Global Administrator und MFA Konfig

Mit dem folgendem Powershell Script werden alle globalen Administratoren via Azure AD Ausgelesen. (via AzureAD Powershell Modul). Zus├Ątlich wird via MSONline Module die DefaultAuthentication MEthode von MFA ausgelsen und im Report gelistet.

Anwedung des Scripts auf eigene Verantwortung

# List All Azure Global Admins and also list ifa mfa default method is set
# 22.08.2019 AGR

$csvfile = "c:\temp\azure_globaladmin_report.csv"

# check if AzureAD Module and MSOnline Module is installed
  Write-Host "Check if AzureAD Module and MSOnline Module is installed...." -ForegroundColor Green
  if ((Get-Module -ListAvailable | where {$_.Name -match "AzureAD"}) -eq $null) {
    write-host "AzureAD Module not installed. Install AzureAD Module with 'install-module azuread'" -ForegroundColor Red
    write-host "Aborting Script..."
    read-host  "Press Enter to close window...."
    }

   if ((Get-Module -ListAvailable | where {$_.Name -match "MSOnline"}) -eq $null) {
    write-host "AzureAD Module not installed. Install MSOnline Module with 'install-module msonline'" -ForegroundColor Red
    write-host "Aborting Script..."
    read-host  "Press Enter to close window...."
    }


# If module is installed, connect AzureAD and MSOnline
  Write-Host "Connect to AzureAD and MSOnline - You need to enter your cloud credentials twice" -ForegroundColor Green
  Start-Sleep 2
    Connect-AzureAD
    Connect-MsolService

# Get all Global Administrator Acocunts
  Write-Host "Create Report..." -ForegroundColor Green

  $AzureGlobalAdmins = Get-AzureADDirectoryRole | where {$_.DisplayName -match "Company Administrator"} | Get-AzureADDirectoryRoleMember 

  $UserReportArray=@()
  foreach ($admin in $AzureGlobalAdmins) {
   $User      = Get-AzureADUser -ObjectId $admin.ObjectId
   $MFAConfig = ((Get-MsolUser -UserPrincipalName $user.UserPrincipalName).StrongauthenticationMethods | Where-Object -FilterScript {$_.IsDefault -eq $true}).methodtype

   $UserReport = New-Object -TypeName psobject
   $UserReport|Add-Member -MemberType NoteProperty -Name UserDisplayName -Value $user.DisplayName
   $UserReport|Add-Member -MemberType NoteProperty -Name UserPrincipalName -Value $user.UserPrincipalName
   $UserReport|Add-Member -MemberType NoteProperty -Name UserOtherMail -Value $user.OtherMails[0]
   $UserReport|Add-Member -MemberType NoteProperty -Name UserAccountEnabled -Value $user.AccountEnabled
   $UserReport|Add-Member -MemberType NoteProperty -Name UserEnabled -Value $user.AccountEnabled
   $UserReport|Add-Member -MemberType NoteProperty -Name MfaDefaultMethod -Value $mfaconfig
   $UserReportArray += $UserReport
   }

 $UserReportArray | Export-Csv -Path $csvfile -Encoding UTF32 -Delimiter ";" -NoTypeInformation

 Read-Host "Report Generated in '$csvfile'. Press Enter to close Window..."