Modules/Users/M365Users.psm1
|
function Get-M365MFAStatus { [CmdletBinding()] param ( [Parameter(Mandatory = $false, Position = 1)] [switch] $IsEnabled, [Parameter(Mandatory = $false, Position = 2)] [switch] $IsDisabled, [Parameter(Mandatory = $false, Position = 3)] [switch] $IsMember, [Parameter(Mandatory = $false, Position = 4)] [switch] $IsGuest ) if (-not $IsEnabled -and -not $IsDisabled) { $AllStatus = $true } else { $AllStatus = $false } if (-not $IsMember -and -not $IsGuest) { $AllType = $true } else { $AllType = $false } if (Get-Module -ListAvailable -Name MSOnline) { Import-Module MSOnline } else { Install-Module -Name MSOnline } $testConnection = Get-MsolDomain -ErrorAction SilentlyContinue If (-not $testConnection) { Connect-MsolService } $output = @() Get-MsolUser -All | ForEach-Object { if ((($IsEnabled -and $_.StrongAuthenticationRequirements[0].State) ` -or ($IsDisabled -and -not $_.StrongAuthenticationRequirements[0].State) ` -or ($AllStatus)) ` -and ($IsMember -and $_.UserType -eq "Member") ` -or ($IsGuest -and $_.UserType -eq "Guest") ` -or ($AllType)){ $obj = New-Object -TypeName psobject $obj | Add-Member -MemberType NoteProperty -Name UserPrincipalName -Value $_.UserPrincipalName $obj | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName $obj | Add-Member -MemberType NoteProperty -Name UserType -Value $_.UserType $obj | Add-Member -MemberType NoteProperty -Name isLicensed -Value $_.isLicensed $obj | Add-Member -MemberType NoteProperty -Name MFAStatus -Value (& { If ($_.StrongAuthenticationRequirements[0].State) { $_.StrongAuthenticationRequirements[0].State } Else { "Disable" } }) $output += $obj } } $output return } function Set-M365MFAUsers { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [string] $File, [Parameter(Mandatory)] [ValidateSet("Enabled","Enforce")] $State ) if (Get-Module -ListAvailable -Name MSOnline) { Import-Module MSOnline } else { Install-Module -Name MSOnline } $testConnection = Get-MsolDomain -ErrorAction SilentlyContinue If (-not $testConnection) { Connect-MsolService } Set-Location $PSScriptRoot $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = $State $sta = @($st) Import-Csv -Path $File -Header "UserPrincipalName" | ForEach-Object { Try { Write-Host -nonewline "Setting MFA to $($state) for $($_.UserPrincipalName)" Set-MsolUser -StrongAuthenticationRequirements $sta -UserPrincipalName $_.UserPrincipalName Write-Host -f Green " .....Done!" } Catch { Write-Host -f Red " .....Error!" } } } function Get-M365PrivilegedUsers { [CmdletBinding()] param ( ) if (Get-Module -ListAvailable -Name AzureAD) { Import-Module AzureAD } else { Install-Module -Name AzureAD } if (Get-Module -ListAvailable -Name MSOnline) { Import-Module MSOnline } else { Install-Module -Name MSOnline } $testAzConnection = Get-AzureADDomain -ErrorAction SilentlyContinue If (-not $testAzConnection) { Connect-AzureAD } $testMSConnection = Get-MsolDomain -ErrorAction SilentlyContinue If (-not $testMSConnection) { Connect-MsolService } $output = @() Get-AzureADDirectoryRole | Foreach-Object { $roleName = $_.DisplayName $role = Get-AzureADDirectoryRole | Where-Object { $_.displayName -eq $roleName } $roleMember = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId if ($roleMember.count -gt 0) { if ($roleMember[0].UserPrincipalName) { $roleMember | Foreach-Object { $obj = New-Object -TypeName psobject $obj | Add-Member -MemberType NoteProperty -Name Type -Value $_.ObjectType $obj | Add-Member -MemberType NoteProperty -Name ADDirectoryRole -Value $roleName if ($_.UserPrincipalName) { $userMFA = Get-MsolUser -UserPrincipalName $_.UserPrincipalName $obj | Add-Member -MemberType NoteProperty -Name User -Value "$($_.DisplayName) ($($_.UserPrincipalName))" } elseif ($_.ServicePrincipalType) { $obj | Add-Member -MemberType NoteProperty -Name User -Value "$($_.DisplayName)" } if ($userMFA.StrongAuthenticationRequirements[0].State) { $obj | Add-Member -MemberType NoteProperty -Name MFA -Value $userMFA.StrongAuthenticationRequirements[0].State } else { $obj | Add-Member -MemberType NoteProperty -Name MFA -Value "Disabled" } $output += $obj } } } } $output | Select-Object User, ADDirectoryRole, Type, MFA return } function Get-M365GuestUsers { if (Get-Module -ListAvailable -Name MSOnline) { Import-Module MSOnline } else { Install-Module -Name MSOnline } $testConnection = Get-MsolDomain -ErrorAction SilentlyContinue If (-not $testConnection) { Connect-MsolService } $output = @() $x = 0 Get-MsolUser -All | ForEach-Object { if ($_.UserType -eq "Guest"){ $obj = New-Object -TypeName psobject #$obj | Add-Member -MemberType NoteProperty -Name Id -Value $x $obj | Add-Member -MemberType NoteProperty -Name EmailAddress -Value $_.AlternateEmailAddresses[0] $obj | Add-Member -MemberType NoteProperty -Name DisplayName -Value $_.DisplayName $output += $obj $x++ } } $output return } Export-ModuleMember -Function * |