cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

View and unblock users that are blocked by MFA using Powershell

Compulinx
Copper Contributor

‎Nov 11 2020 05:56 AM - last edited on ‎Jan 14 2022 04:27 PM by

‎Nov 11 2020 05:56 AM - last edited on ‎Jan 14 2022 04:27 PM by

View and unblock users that are blocked by MFA using Powershell

How can I view and unblock uses that have become blocked using MFA in Powershell

The following 

 https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/BlockedUser...

 

Provides a listing of uses that have become blocked using MFA. In my case, most of the uses listed are a consequence of badly managed MFA registration. But what I really need is to be able to view the listing in Powershell, and potentially unblock the user in Powershell. If unblocking is not possible then viewing would be a start. Perhaps a REST call to the GRAPH API? Anything would help..

 

//A

 

 

8,446 Views
0 Likes
7 Replies
Reply
7 Replies
Vasil Michev

‎Nov 11 2020 08:17 AM

‎Nov 11 2020 08:17 AM

Re: View and unblock users that are blocked by MFA using Powershell

I'm not aware of any way to do this programmatically, but others might prove me wrong :)

0 Likes
Reply
Greg Allen

‎Apr 14 2021 08:07 AM

‎Apr 14 2021 08:07 AM

Re: View and unblock users that are blocked by MFA using Powershell

@Compulinx 

Did you ever find a solution for this ?  Am needing the same myself.

thanks

0 Likes
Reply
Compulinx

‎Apr 14 2021 08:11 AM

‎Apr 14 2021 08:11 AM

Re: View and unblock users that are blocked by MFA using Powershell

Nope!

//A
0 Likes
Reply
Compulinx

‎Jan 27 2022 03:37 PM

‎Jan 27 2022 03:37 PM

Re: View and unblock users that are blocked by MFA using Powershell

Actually partially yes..

This is the rest call to find the blocked users:
$filters= "activityDisplayName eq 'Fraud reported - user is blocked for MFA'"
$uri = "https://graph.microsoft.com/beta/auditLogs/directoryaudits?api-version=beta&filter=$($filters)"




0 Likes
Reply
AloisPommerais

‎Apr 13 2022 05:41 AM

‎Apr 13 2022 05:41 AM

Re: View and unblock users that are blocked by MFA using Powershell

@Compulinx
Hello, can i have more information regarding your last message ?
Thanks a lot
 

0 Likes
Reply
jvinterberg

‎Nov 23 2022 06:04 AM - edited ‎Nov 24 2022 01:00 AM

‎Nov 23 2022 06:04 AM - edited ‎Nov 24 2022 01:00 AM

Re: View and unblock users that are blocked by MFA using Powershell

@AloisPommerais 

Not sure how far you got on this, but this is what i have done in the sense of get the blocked accounts, based on the feedback from @Compulinx above.

 

Import-Module Microsoft.Graph.Reports
Connect-Graph -Scopes "AuditLog.Read.All" -TenantId "{TENANT_ID}"
$Filter = "activityDisplayName eq 'Fraud reported - user is blocked for MFA'"
Get-MgAuditLogDirectoryAudit -Filter $Filter | Select -ExpandProperty TargetResources

 


So now i can see that something/Someone have reported fraud, next step is how to unblock.
Hope that help others on the way, please revert if you have a way of showing who it is and how to unblock.



0 Likes
Reply