SOLVED

PowerShell get Combined SSPR state

%3CLINGO-SUB%20id%3D%22lingo-sub-941192%22%20slang%3D%22en-US%22%3EPowerShell%20get%20Combined%20SSPR%20state%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-941192%22%20slang%3D%22en-US%22%3E%3CP%3ESSPR%20state%20can%20be%20retrieved%20via%3CBR%20%2F%3E%3CBR%20%2F%3E%26nbsp%3B%3CSPAN%3E%3CFONT%20face%3D%22courier%20new%2Ccourier%22%3EGet-Msoluser%20-All%20%7C%20where%20%7B%24_.StrongAuthenticationUserDetails%20-ne%20%24null%7D%3C%2FFONT%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Ebut%20not%20when%20using%20Combined%20!%20Users%20that%20have%20registered%20questions%20for%20Combined%20SSPR%20(and%20MFA)%20have%20a%20null%26nbsp%3BStrongAuthenticationUserDetails%20value.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20ideas%20please%20how%20one%20can%20get%20a%20the%20Combined%20SSPR%20state%20(other%20than%20looking%20at%20the%2030%20day%20log%20history).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-941192%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-942264%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%20get%20Combined%20SSPR%20state%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-942264%22%20slang%3D%22en-US%22%3E%3CP%3EAfaik%20no%2C%20the%20only%20thing%20you%20can%20do%20via%20PowerShell%20is%20call%20the%20Graph%20endpoint%20to%20fetch%20the%26nbsp%3B%3CU%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%20color%3D%22%230b0117%22%3EcredentialUserRegistrationDetails%20%3C%2FFONT%3E%3C%2FU%3Ereport%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fcredentialuserregistrationdetails%3Fview%3Dgraph-rest-beta%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fresources%2Fcredentialuserregistrationdetails%3Fview%3Dgraph-rest-beta%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-946878%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%20get%20Combined%20SSPR%20state%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-946878%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bthat%20Graph%20endpoint%20is%20great.%20I%20didn't%20know%20about%20that.%20Thanks%20very%20much%20-%20extremely%20helpful%20and%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20actually%20was%20trying%20to%20achieve%20was%20create%20a%20Power%20BI%20data%20set%20and%20your%20pointing%20me%20to%20that%20Graph%20endpoint%20%3CEM%3Ereport%3C%2FEM%3E%20was%20PERFECT%20because%20I%20can%20simply%20create%20a%20Power%20BI%20Data%20Flow%20pointed%20to%20that%20endpoint%20and%20voila%2C%20I%20have%20my%20data%20in%20Power%20BI.%20Awesome%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E.%20Now%20my%20users%20can%20knock%20themselves%20out%20with%20dashboards.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EData%20Flow%20is%3A%3C%2FP%3E%3CDIV%3E%3COL%3E%3CLI%3E%3CSPAN%3EOData.Feed(%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Freports%2FcredentialUserRegistrationDetails%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2Fbeta%2Freports%2FcredentialUserRegistrationDetails%3C%2FA%3E%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%3Enull%3C%2FSPAN%3E%3CSPAN%3E%2C%20%5BImplementation%20%3D%20%3C%2FSPAN%3E%3CSPAN%3E%222.0%22%3C%2FSPAN%3E%3CSPAN%3E%5D)%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3ETable.TransformColumns(Source%2C%20%7B%3CSPAN%3E%22authMethods%22%3C%2FSPAN%3E%3CSPAN%3E%2C%20%3C%2FSPAN%3E%3CSPAN%3Eeach%3C%2FSPAN%3E%3CSPAN%3E%20Text.Combine(List.Transform(_%2C%20Text.From)%2C%20%3C%2FSPAN%3E%3CSPAN%3E%22%2C%22%3C%2FSPAN%3E%3CSPAN%3E)%2C%20%3C%2FSPAN%3E%3CSPAN%3Etype%3C%2FSPAN%3E%20%3CSPAN%3Etext%3C%2FSPAN%3E%3CSPAN%3E%7D)%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

SSPR state can be retrieved via

 Get-Msoluser -All | where {$_.StrongAuthenticationUserDetails -ne $null} 

but not when using Combined ! Users that have registered questions for Combined SSPR (and MFA) have a null StrongAuthenticationUserDetails value.

 

Any ideas please how one can get a the Combined SSPR state (other than looking at the 30 day log history).

2 Replies
Highlighted
Best Response confirmed by Paul Day (Occasional Contributor)
Solution

Afaik no, the only thing you can do via PowerShell is call the Graph endpoint to fetch the credentialUserRegistrationDetails report: https://docs.microsoft.com/en-us/graph/api/resources/credentialuserregistrationdetails?view=graph-re...

Highlighted

@Vasil Michev that Graph endpoint is great. I didn't know about that. Thanks very much - extremely helpful and appreciated.

 

What I actually was trying to achieve was create a Power BI data set and your pointing me to that Graph endpoint report was PERFECT because I can simply create a Power BI Data Flow pointed to that endpoint and voila, I have my data in Power BI. Awesome :smile:. Now my users can knock themselves out with dashboards.

 

Data Flow is:

  1. OData.Feed("https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails", null, [Implementation = "2.0"])
  2. Table.TransformColumns(Source, {"authMethods", each Text.Combine(List.Transform(_, Text.From), ","), type text})