Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jaydoubleu/azure-aad-mfa-report-python

Python script to generate Azure AAD MFA report
https://github.com/jaydoubleu/azure-aad-mfa-report-python

Last synced: 24 days ago
JSON representation

Python script to generate Azure AAD MFA report

Host: GitHub
URL: https://github.com/jaydoubleu/azure-aad-mfa-report-python
Owner: JayDoubleu
Created: 2021-10-26T19:19:26.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2023-02-08T02:14:25.000Z (almost 2 years ago)
Last Synced: 2024-12-13T11:59:13.730Z (28 days ago)
Language: Python
Homepage:
Size: 227 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# azure-aad-mfa-report-python
[![CodeQL](https://github.com/JayDoubleu/azure-aad-mfa-report-python/actions/workflows/codeql-analysis.yml/badge.svg?branch=main)](https://github.com/JayDoubleu/azure-aad-mfa-report-python/actions/workflows/codeql-analysis.yml)
[![Semgrep](https://github.com/JayDoubleu/azure-aad-mfa-report-python/actions/workflows/semgrep.yml/badge.svg)](https://github.com/JayDoubleu/azure-aad-mfa-report-python/actions/workflows/semgrep.yml)
## Prerequisites
Make sure you have installed all of the following prerequisites on your machine:
* Git - [Download & Install Git](https://git-scm.com/downloads).
* Python 3.7 or higher - [Download & Install Python](https://www.python.org/downloads/).
* Azure CLI - [Download & Install Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli).
* Poetry - [Download & Install Poetry](https://python-poetry.org/docs/#installation).

## Usage:
- Download contents of this repository and navigate to mfa_report script folder:

```shell
$ git clone https://github.com/JayDoubleu/azure-aad-mfa-report-python.git
$ cd azure-aad-mfa-report-python
```
- If you are behind SSL proxy place your custom CA file in PEM format at the root directory of this repository.
CA needs to be in PEM format and named "certificate.pem" .
Script will try to detect this file and add it to certifi CA store within poetry's virtual environment.

- If you have multiple versions of python installed instruct poetry to use correct one:

`$ poetry env use python3.9`

- Install poetry dependencies:

`$ poetry install --no-dev`

- Navigate to https://portal.azure.com and login to tenant which you want to run MFA report against.
- Make sure your browser session is signed with MFA if one is enabled.
- Activate PIM role if neccesary.

- Login to azure cli:

`$ az login`

- Run MFA script:

```shell
$ poetry run mfa_report
2021-10-24 23:55:03 INFO Authenticating using azure cli ..
2021-10-24 23:55:04 INFO Tenant ID:
2021-10-24 23:55:04 INFO Tenant Name:

2021-10-24 23:55:04 INFO Retrieving user authentication registration report ...
2021-10-24 23:55:04 INFO Retrieved X user authentication registration records ...

2021-10-24 23:55:04 INFO Retrieving user details ...
2021-10-24 23:55:05 INFO Retrieved X user details records ...

2021-10-24 23:55:05 INFO Generating XLSX report file mfa_report__20211024_23_55_05.xlsx...
2021-10-24 23:55:05 INFO Done.
```

- If everything went fine you should be able to see generated xlsx report in your current directory

| :zap: Please note, this script is using Microsoft's **beta** API's which are subject to change |
|--------------------------------------------------------------------------------------------------------|

## Report columns explained:

| Column name | Details |
|---|---|
| userId | Account object ID |
| isEnabled | Is account enabled
Value can be "Yes" only as Azure MFA registration reports only enabled accounts |
| userDisplayName | Account display name |
| userPrincipalName | Account UPN |
| isExternal | Is account a "Guest"
Values can be "Yes" or "N/A" |
| externalDomain | External account domain name
Values can be a DNS name of external domain or "N/A" if account type is "Member" |
| externalUserState | State of external account
Values can be "PendingAcceptance", "Accepted" or "N/A" |
| externalUserStateLastChangeUTC | Timestamp of external account last change of state
Values can be UTC Datetime or "N/A" |
| tenantDomain | Domain name of user account's tenant. |
| methodsRegistered | MFA methods registered by the account
Values can be:

microsoftAuthenticatorPush
softwareOneTimePasscode
officePhone
mobilePhone
email

OR

No AAD MFA configured

Please note that this only shows the MFA user state on the Azure AD tenant.
User can be configured with MFA at office.com level and it will not be reflected in this report. |
| onPremisesSyncEnabled | Type of user account
Values can be:
"Yes" - Windows AD account
"No" - Azure AD account |
| lastInteractiveSignInUTC | Last user's interactive sign in date in UTC
Values can be UTC Datetime or "N/A" if never signed in via AAD |
| lastNonInteractiveSignInUTC | Last user's non-interactive sign in date in UTC
Values can be UTC Datetime or "N/A" if never signed in via AAD |