cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSPR via powershell?

Jeremy Pinquist
Copper Contributor

‎Sep 29 2016 09:15 AM - last edited on ‎Jan 14 2022 03:44 PM by

‎Sep 29 2016 09:15 AM - last edited on ‎Jan 14 2022 03:44 PM by

SSPR via powershell?

Hey all,

I'm wondering if there is a location with commands to access info regarding SSPR in AAD via powershell.  Specifically I'm trying to find out if a user has registered and set up their security questions.  The reports in the web GUI only go back one month, but i'd like a) a running tally of how many users have registered, and b) the ability to determine if an individual has completed registration.  There doesn't seem to be a place to do that in the gui, and i cannot find any SSPR specific powershell commands for the msonline module. Can anyone shed any light?

9,152 Views
2 Likes
3 Replies
Reply
3 Replies
Young Pae Admin

‎Oct 09 2016 03:31 PM

‎Oct 09 2016 03:31 PM

Re: SSPR via powershell?

I am on the exact situation... I was able to create user, unifiedgroup, manage the membership, set the password and rules via PowerShell. but when I try to test the account, now SSPR is blocking the streamline of automation... I was hoping to see either PowerShell method to import predefined SSPR answers (e.g. Phone number, Questions and Answers) via CSV file or method to exempt them from SSPR for special account cases via UnifiedGroup or normal Security Group membership (or per individual user account...)

0 Likes
Reply

‎Feb 28 2018 04:01 AM - edited ‎Feb 28 2018 09:02 AM

‎Feb 28 2018 04:01 AM - edited ‎Feb 28 2018 09:02 AM

Re: SSPR via powershell?

Hey,
I have recently made a riport about the sspr via powershell. I had the userprincipal names in a txt file.

------------
Connect-MsolService
$path = "path of txt"
$Users = Get-Content $path
foreach ($User in $Users)
{
Get-MsolUser -UserPrincipalName $User.ToLower() | select DisplayName, PhoneNumber, Email| Export-Csv –Append -Force -Path "C:\Users\dmeszaros\Desktop\AzureAD\userprincipal_v4.csv" -NoTypeInformation

Get-MsolUser -UserPrincipalName $User.ToLower() | select -Expand StrongAuthenticationUserDetails | select DisplayName, PhoneNumber, Email | Export-Csv –Append -Force -Path "the path to save" -NoTypeInformation
}

----------------

The first is for initialize the columns in the csv and for the displayname to know the whom the authentication info belongs to because the next command wont get it so that gets the data from the authentication box.

For those who didn't registered, there won't be a second line so that they didn't registered.

Hope it helps.

0 Likes
Reply
Chris Jackett

‎Oct 24 2018 05:31 AM

‎Oct 24 2018 05:31 AM

Re: SSPR via powershell?

Hi,

 

StrongAuth does NOT mean the user has registered for SSPR. It only means a user has one or more StrongAuth fields set like Phone Number.

Just setting any of these fields without ever going through the SSPR registration process will still tag them as StrongAuth.

0 Likes
Reply