- Go over the Microsoft documentation and Graph API and prepare the following scripts:
a. Retrieve a list of all guest users in AzureAD which have not logged in in the last 60 days
and disable them
b. Retrieve a list of all users in AzureAD which don’t have MFA enforced and enforce them
c. Retrieve a list of all users in AzureAD with enforced MFA but they didn’t enrol with it yet.
For those users, revoke their session so they will must reconnect and enrol - Configure SAML 2.0 Authentication between SP and IDP
a. You can use https://samltest.id/ as SP
b. You can use Okta or Auth0 free account as IDP
Result –
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Install-Module -Name AzureAD Connect-AzureAD Install-Module AzureADPreview Find Inactive Azure AD users The above commands store the details in the array object “$Result“, we can filter the result and generate different reports. The following command returns inactive Microsoft 365 users who are not logged-in in the last 60 days. $DaysInactive = 60 $dateTime = (Get-Date).Adddays(-($DaysInactive)) $Result | Where-Object { $_.LastSignInDateTime -eq $Null -OR $_.LastSignInDateTime -le $dateTime } Find last sign-in time for Guest users Run the following command to list all guest users. $Result | Where-Object { $_.IsGuestUser -eq $true } |
