Private/Get-EntraMfaCredentials.ps1
function Get-EntraMfaCredentials { [OutputType([System.Collections.Hashtable])] [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $TenantId ) $moduleName = "Microsoft.Graph" $g = Get-Module -ListAvailable -Name $moduleName if ($null -eq $g) { throw "Module '$moduleName' is not available." } try { $appId = $Providers.EntraId.MfaAppId Connect-MgGraph -NoWelcome -TenantId $TenantId -Scopes 'Application.ReadWrite.All' $mfaSvcPrincipal = Get-MgServicePrincipal -Filter "appid eq '$appId'" $out = @{ Passwords = @{} Certificates = @{} ServicePrincipalId = $null } $out.ServicePrincipalId = $mfaSvcPrincipal.Id $out.Passwords = $mfaSvcPrincipal.PasswordCredentials $out.Certificates = $mfaSvcPrincipal.KeyCredentials Disconnect-MgGraph return $out } catch { throw "Error getting ServicePrincipal credentials - $_" } } |