mirror of
https://github.com/admindroid-community/powershell-scripts.git
synced 2025-12-17 16:35:19 +00:00
Export SSPR Status Report
Export SSPR Status Report
This commit is contained in:
AdminDroid
parent
34ec227b92
commit
5ade828b6a
177
Get SSPR Status Report/GetSSPRstatusReport.ps1
Normal file
177
Get SSPR Status Report/GetSSPRstatusReport.ps1
Normal file
@ -0,0 +1,177 @@
|
||||
<#
|
||||
=============================================================================================
|
||||
Name: Export Microsoft 365 Users' SSPR Status Reports
|
||||
|
||||
|
||||
Script Highlights:
|
||||
~~~~~~~~~~~~~~~~~
|
||||
1. The script exports 10 SSPR status reports.
|
||||
2. Exports SSPR status for Microsoft 365 users.
|
||||
3. Generates report on SSPR enabled users.
|
||||
4. Finds SSPR disabled users.
|
||||
5. Identifies users who are eligible but not registered for SSPR.
|
||||
6. Finds SSPR status for Microsoft 365 admins.
|
||||
7. Determines the SSPR status specifically for licensed users.
|
||||
8. The script can be executed with MFA-enabled accounts.
|
||||
9. It exports results to a CSV file for convenient data handling.
|
||||
10. The script installs the required Microsoft Graph Beta module upon user confirmation if not already installed.
|
||||
11. Supports certificate-based authentication (scheduler-friendly) method.
|
||||
|
||||
============================================================================================
|
||||
#>
|
||||
Param
|
||||
(
|
||||
|
||||
[switch]$AdminsOnly,
|
||||
[switch]$LicensedUsersOnly,
|
||||
[switch]$SsprTurnedOnButUserNotRegistered,
|
||||
[Switch]$SsprEnabledUsers,
|
||||
[Switch]$SsprDisabledUsers,
|
||||
[switch]$CreateSession,
|
||||
[string]$TenantId,
|
||||
[string]$ClientId,
|
||||
[string]$CertificateThumbprint
|
||||
)
|
||||
|
||||
|
||||
|
||||
Function Connect_MgGraph
|
||||
{
|
||||
$MsGraphBetaModule = Get-Module Microsoft.Graph.Beta -ListAvailable
|
||||
if($MsGraphBetaModule -eq $null)
|
||||
{
|
||||
Write-host "Important: Microsoft Graph Beta module is unavailable. It is mandatory to have this module installed in the system to run the script successfully."
|
||||
$confirm = Read-Host Are you sure you want to install Microsoft Graph Beta module? [Y] Yes [N] No
|
||||
if($confirm -match "[yY]")
|
||||
{
|
||||
Write-host "Installing Microsoft Graph Beta module..."
|
||||
Install-Module Microsoft.Graph.Beta -Scope CurrentUser -AllowClobber
|
||||
Write-host "Microsoft Graph Beta module is installed in the machine successfully" -ForegroundColor Magenta
|
||||
#importing required modules
|
||||
Import-Module Microsoft.Graph.Authentication
|
||||
Import-Module Microsoft.Graph.Beta.Report
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
Write-host "Exiting. `nNote: Microsoft Graph Beta module must be available in your system to run the script" -ForegroundColor Red
|
||||
Exit
|
||||
}
|
||||
}
|
||||
#Disconnect Existing MgGraph session
|
||||
if($CreateSession.IsPresent)
|
||||
{
|
||||
Disconnect-MgGraph
|
||||
}
|
||||
#Connecting to MgGraph beta
|
||||
Write-Host Connecting to Microsoft Graph...
|
||||
if(($TenantId -ne "") -and ($ClientId -ne "") -and ($CertificateThumbprint -ne ""))
|
||||
{
|
||||
Connect-MgGraph -TenantId $TenantId -AppId $ClientId -CertificateThumbprint $CertificateThumbprint
|
||||
}
|
||||
else
|
||||
{
|
||||
Connect-MgGraph -Scopes "User.Read.All","AuditLog.read.All" -NoWelcome
|
||||
}
|
||||
}
|
||||
Connect_MgGraph
|
||||
|
||||
$Location=Get-Location
|
||||
$ExportCSV="$Location\SSPR_Status_Report_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
|
||||
$Result=""
|
||||
$Results=@()
|
||||
$OutputCount=0
|
||||
$ProcessedUsersCount=0
|
||||
Write-Host "Generating M365 users' SSPR status report..." -ForegroundColor Cyan
|
||||
Get-MgBetaReportAuthenticationMethodUserRegistrationDetail | ? { $_.UserType -eq 'member' } | foreach {
|
||||
$UPN=$_.UserPrincipalName
|
||||
$DisplayName=$_.UserDisplayName
|
||||
$IsAdmin=$_.IsAdmin
|
||||
$IsSsprEnabled=$_.IsSsprEnabled
|
||||
$IsSsprRegistered=$_.IsSsprRegistered
|
||||
$IsSsprCapable=$_.IsSsprCapable
|
||||
$RegisteredMethods=$_.MethodsRegistered
|
||||
$RegisteredMethods=$RegisteredMethods -join ","
|
||||
$UserPreferredAuthMethod=$_.UserPreferredMethodForSecondaryAuthentication
|
||||
$Print=1
|
||||
$ProcessedUsersCount++
|
||||
Write-Progress -Activity "`n Processed user count: $ProcessedUsersCount "`n" Currently Processing: $DisplayName"
|
||||
$UserDetails=Get-MgBetaUser -UserId $UPN
|
||||
if($UserDetails.AssignedLicenses -ne "")
|
||||
{
|
||||
$IsLicensed="Licensed"
|
||||
}
|
||||
else
|
||||
{
|
||||
$IsLicensed="Unlicensed"
|
||||
}
|
||||
$SignInEnabled=$UserDetails.AccountEnabled
|
||||
$Department=$UserDetails.Department
|
||||
$JobTitle=$UserDetails.JobTitle
|
||||
if($LicensedUsersOnly.IsPresent -and ($IsLicensed -ne "Licensed"))
|
||||
{
|
||||
$Print=0
|
||||
}
|
||||
if($AdminsOnly.IsPresent -and ($IsAdmin -ne $true))
|
||||
{
|
||||
$Print=0
|
||||
}
|
||||
if($SsprEnabledUsers.IsPresent -and ($IsSsprCapable -ne $true))
|
||||
{
|
||||
$Print=0
|
||||
}
|
||||
if($SsprDisabledUsers.IsPresent -and ($IsSsprCapable -ne $false))
|
||||
{
|
||||
$Print=0
|
||||
}
|
||||
if($SsprTurnedOnButUserNotRegistered.IsPresent -and ($IsSsprEnabled -eq $IsSsprRegistered))
|
||||
{
|
||||
$Print=0
|
||||
}
|
||||
#Export result to csv
|
||||
if($Print -eq 1)
|
||||
{
|
||||
$OutputCount++
|
||||
$Result=@{'User Name'=$DisplayName;'UPN'=$upn;'Is SSPR Registered by User'=$IsSsprRegistered;'Is SSPR Enabled by Admins'=$IsSsprEnabled;'Department'=$Department;'Job Title'=$JobTitle;'License Status'=$IsLicensed;'Signin Enabled'=$SignInEnabled;'Is Admin'=$IsAdmin;'Registered Auth Methods'=$RegisteredMethods;'Default Auth Method'=$UserPreferredAuthMethod}
|
||||
$Results= New-Object PSObject -Property $Result
|
||||
$Results | Select-Object 'User Name','UPN','Is SSPR Registered by User','Is SSPR Enabled by Admins','Department','Registered Auth Methods','Default Auth Method','Job Title','License Status','Signin Enabled','Is Admin'| Export-Csv -Path $ExportCSV -Notype -Append
|
||||
}
|
||||
}
|
||||
|
||||
#Open output file after execution
|
||||
If($OutputCount -eq 0)
|
||||
{
|
||||
Write-Host No data found for the given criteria
|
||||
}
|
||||
else
|
||||
{
|
||||
Write-Host `nThe output file contains $OutputCount accounts.
|
||||
if((Test-Path -Path $ExportCSV) -eq "True")
|
||||
{
|
||||
|
||||
Write-Host `n The Output file available in: -NoNewline -ForegroundColor Yellow
|
||||
Write-Host $ExportCSV
|
||||
$Prompt = New-Object -ComObject wscript.shell
|
||||
$UserInput = $Prompt.popup("Do you want to open output file?",`
|
||||
0,"Open Output File",4)
|
||||
If ($UserInput -eq 6)
|
||||
{
|
||||
Invoke-Item "$ExportCSV"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
|
||||
Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n
|
||||
|
||||
|
||||
<#
|
||||
=============================================================================================
|
||||
Name: Export Microsoft 365 Users' Self-service Password Reset (SSPR) Status Reports
|
||||
Description: The script exports users' Self-service password reset status reports to CSV.
|
||||
Version: 1.0
|
||||
Website: o365reports.com
|
||||
|
||||
For detailed Script execution: https://o365reports.com/2024/02/13/export-microsoft-365-users-self-service-password-reset-sspr-status-reports
|
||||
============================================================================================
|
||||
#>
|
||||
Loading…
x
Reference in New Issue
Block a user