forked from msp4msps/Security
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCustomer-Global Admin without MFA.ps1
24 lines (20 loc) · 1.25 KB
/
Customer-Global Admin without MFA.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Connect-MsolService
$customers = Get-MsolPartnerContract
$role = Get-MsolRole | Where-Object {$_.name -contains "Company Administrator"}
foreach($customer in $customers){
$users = Get-MsolUser -TenantId $customer.tenantid
$admins = Get-MsolRoleMember -TenantId $customer.tenantid -RoleObjectId $role.objectid
foreach($admin in $admins){
$adminuser = $users | Where-Object {$_.userprincipalname -contains $admin.emailaddress}
if($adminuser){
if($adminuser.strongauthenticationrequirements.state -notcontains "Enforced" -and $adminuser.strongauthenticationrequirements.state -notcontains "Enabled"){
Write-Host "No MFA enabled for $($adminuser.userprincipalname)"
$adminuser | Add-Member TenantId $customer.tenantid
$adminuser | Add-Member CustomerName $customer.name
$adminuser | Select-Object TenantId,CustomerName,DisplayName,UserPrincipalName,islicensed,@{n="MFAStatus";e={$_.strongauthenticationrequirements.state}} | export-csv C:\temp\nonMFAAdmins.csv -NoTypeInformation -Append
}else{
Write-Host "MFA enabled for $($adminuser.userprincipalname)" -ForegroundColor Green
}
}
}
}