Hi guys. Today I’ll only have a short blog – I’ve been busy this weekend with non-tech stuff like building a table for dungeons and dragons, which is why I’ve only had time to write a somewhat shorter blog than normally.
This one is based on a blog from last week – Some users on Reddit asked if I could also create a monitoring set for blocked users. We’ve setup policies to make sure users are blocked after multiple failed logins, or when failing the second factor authentication a couple of times. Its best to monitor this to preventively to make sure you can give the users a call and check if everything is functioning as it should.
The following script helps you in this.
############################## $ApplicationId = 'XXXX-XXXX-XXXX-XXX-XXX' $ApplicationSecret = 'YourApplicationSecret' | Convertto-SecureString -AsPlainText -Force $TenantID = 'YourTenantID.Onmicrosoft.com' $RefreshToken = 'VeryLongRefreshToken' ############################## $credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret) $aadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.windows.net/.default' -ServicePrincipal -Tenant $tenantID $graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $tenantID Connect-MsolService -AdGraphAccessToken $aadGraphToken.AccessToken -MsGraphAccessToken $graphToken.AccessToken $customers = Get-MsolPartnerContract -All $credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret) $aadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.windows.net/.default' -ServicePrincipal -Tenant $tenantID $graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $tenantID Connect-MsolService -AdGraphAccessToken $aadGraphToken.AccessToken -MsGraphAccessToken $graphToken.AccessToken $customers = Get-MsolPartnerContract -All $BlockedUserlist = foreach ($customer in $customers) { write-host "Getting Blocked users for $($Customer.name)" -ForegroundColor Green $BlockedUsers = Get-MsolUser -TenantId $($customer.TenantID) | Where-Object {$_.BlockCredential -eq $true} foreach($User in $BlockedUsers){ "$($user.UserPrincipalName) is blocked from logon." } } if(!$BlockedUserlist) { $BlockedUserlist = "Healthy" }
And that’s it! as always, Happy PowerShelling.