SVITSO.psm1
# Import-Module MSOnline function Get-SVUserAuthMethods { param ( $upns ) $index = 1 $total = $upns.count foreach ($upn in $upns) { $user = Get-MsolUser -UserPrincipalName $upn $user | select UserPrincipalName, DisplayName -ExpandProperty StrongAuthenticationMethods | select UserPrincipalName, DisplayName, IsDefault, MethodType $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "gathering users authentication methods" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } function Add-SVCallAuthMethod { param ( [Parameter(Mandatory = $true)] $upns ) $call_method = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod $call_method.MethodType = "TwoWayVoiceMobile" $call_method.IsDefault = $false $index = 1 $total = $upns.count foreach ($upn in $upns) { $user = Get-MsolUser -UserPrincipalName $upn if ($user.StrongAuthenticationMethods.count -eq 0) { Write-Host "[$upn] has no authentication method!" continue } if ($user.StrongAuthenticationMethods.methodtype -contains "TwoWayVoiceMobile") { Write-Host "[$upn] has already call-me option" continue } if ($user.StrongAuthenticationMethods.methodtype -notcontains 'OneWaySMS') { Write-Host "[$upn] does not have SMS option" continue } $user.StrongAuthenticationMethods.add($call_method) Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationMethods $user.StrongAuthenticationMethods $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "updating users authentication methods" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } function Add-SVSMSAuthMethod { param ( [Parameter(Mandatory = $true)] $upns ) $sms_method = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod $sms_method.MethodType = "OneWaySMS" $sms_method.IsDefault = $false $index = 1 $total = $upns.count foreach ($upn in $upns) { $user = Get-MsolUser -UserPrincipalName $upn if ($user.StrongAuthenticationMethods.count -eq 0) { Write-Host "[$upn] has no authentication method!" continue } if ($user.StrongAuthenticationMethods.methodtype -contains "OneWaySMS") { Write-Host "[$upn] has already SMS option" continue } $user.StrongAuthenticationMethods.add($sms_method) Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationMethods $user.StrongAuthenticationMethods $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "updating users authentication methods" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } function Update-SVDefaultAuthMethod { param ( [Parameter(Mandatory = $true)] $upns, [Parameter(Mandatory = $true)] [ValidateSet("OneWaySMS", "TwoWayVoiceMobile", "PhoneAppNotification", "PhoneAppOTP")] [String] $method = $false ) $index = 1 $total = $upns.count foreach ($upn in $upns) { $user = Get-MsolUser -UserPrincipalName $upn if ($user.StrongAuthenticationMethods.count -eq 0) { Write-Host "[$upn] has no authentication method!" continue } if ($user.StrongAuthenticationMethods.MethodType -notcontains $method) { Write-Host "[$upn] has no `"$method`" method to make it the default!" continue } foreach ($_method in $user.StrongAuthenticationMethods) { $_method.isdefault = $false if ($_method.MethodType -eq $method) { $_method.IsDefault = $true } } Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationMethods $user.StrongAuthenticationMethods $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "updating users authentication methods" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } function Remove-SvDisabledDevices { $disabled_devices = Get-AzureADDevice -Filter "AccountEnabled eq false" -All $true $yes = New-Object System.Management.Automation.Host.ChoiceDescription '&Yes', 'accept the operation' $no = New-Object System.Management.Automation.Host.ChoiceDescription '&No', 'Cancel the operation' $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no) $devices_num = $disabled_devices.count $title = 'Remove Disabled Devices' $message = "Are you sure to delete all disabled devices which are ($devices_num) devices?" $result = $host.ui.PromptForChoice($title, $message, $options, 0) switch ($result) { 0 { $index = 1 $total = $udevices_num foreach ($device in $disabled_devices) { Remove-AzureADDevice -ObjectId $device.ObjectId $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "deleteing devices" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } 1 { 'no problem :)' } } } function Disable-SvDevices { param ( [Parameter(Mandatory = $true)] [int] $Timeframe ) $devices = Get-AzureADDevice -All $true $date = get-date if ($Timeframe -ge 0) { $Timeframe = -1 * $Timeframe } $date = $date.AddDays($Timeframe) $devices_targeted = $devices | where ApproximateLastLogonTimeStamp -LE $date $index = 1 $total = $devices_targeted.count foreach ($device in $devices_targeted) { Set-AzureADDevice -ObjectId $device.ObjectId -AccountEnabled $false $progress = [math]::Round(100 * $index / $total, 2) Write-Progress -Activity "updating users authentication methods" -Status "$progress% Complete:" -PercentComplete $progress $index++ } } |