Sep 29 2016
09:15 AM
- last edited on
Jan 14 2022
03:44 PM
by
TechCommunityAP
Sep 29 2016
09:15 AM
- last edited on
Jan 14 2022
03:44 PM
by
TechCommunityAP
Hey all,
I'm wondering if there is a location with commands to access info regarding SSPR in AAD via powershell. Specifically I'm trying to find out if a user has registered and set up their security questions. The reports in the web GUI only go back one month, but i'd like a) a running tally of how many users have registered, and b) the ability to determine if an individual has completed registration. There doesn't seem to be a place to do that in the gui, and i cannot find any SSPR specific powershell commands for the msonline module. Can anyone shed any light?
Oct 09 2016 03:31 PM
I am on the exact situation... I was able to create user, unifiedgroup, manage the membership, set the password and rules via PowerShell. but when I try to test the account, now SSPR is blocking the streamline of automation... I was hoping to see either PowerShell method to import predefined SSPR answers (e.g. Phone number, Questions and Answers) via CSV file or method to exempt them from SSPR for special account cases via UnifiedGroup or normal Security Group membership (or per individual user account...)
Feb 28 2018 04:01 AM - edited Feb 28 2018 09:02 AM
Hey,
I have recently made a riport about the sspr via powershell. I had the userprincipal names in a txt file.
------------
Connect-MsolService
$path = "path of txt"
$Users = Get-Content $path
foreach ($User in $Users)
{
Get-MsolUser -UserPrincipalName $User.ToLower() | select DisplayName, PhoneNumber, Email| Export-Csv –Append -Force -Path "C:\Users\dmeszaros\Desktop\AzureAD\userprincipal_v4.csv" -NoTypeInformation
Get-MsolUser -UserPrincipalName $User.ToLower() | select -Expand StrongAuthenticationUserDetails | select DisplayName, PhoneNumber, Email | Export-Csv –Append -Force -Path "the path to save" -NoTypeInformation
}
----------------
The first is for initialize the columns in the csv and for the displayname to know the whom the authentication info belongs to because the next command wont get it so that gets the data from the authentication box.
For those who didn't registered, there won't be a second line so that they didn't registered.
Hope it helps.
Oct 24 2018 05:31 AM
Hi,
StrongAuth does NOT mean the user has registered for SSPR. It only means a user has one or more StrongAuth fields set like Phone Number.
Just setting any of these fields without ever going through the SSPR registration process will still tag them as StrongAuth.