PowerShell Quicktip: list all Azure MFA-enabled users

Recently, I got a question from a customer to list all users that already enrolled in Azure MFA (through, for example, the url https://aka.ms/mfasetup.

The following PowerShell code lists all non-disabled users that already enrolled in Azure MFA:

Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods -ne $null -and $_.BlockCredential -eq $False} | Select-Object UserPrincipalName

Spring 2020 – Security Webinars

Also during (a somewhat different) spring, Microsoft is keeping its promise by delivering webinars to introduce new and improved technology.

Be sure to mark the dates!

April 15MCAS: Enabling Secure Remote Work
April 20MSSP Support
April 22Threat Hunting on AWS using Sentinel
November 21st Using Sigma to accelerate your SIEM transformation to Azure Sentinel

Details and registration information can be found on https://aka.ms/SecurityWebinars

The certificate “name” on “servername” has expired

When logging in to a customers Exchange Server 2013 environment recently, a pop up caught my eye, indicating the following errror:

An expired certificate as such obviously isn’t such a weird event. However, when zooming into the error, the server that the error referred to was an old, already decommissioned, Exchange Server!

The following locations were checked, to no avail:

  • Get-ExchangeServer
  • Get-ExchangeCertificate
  • ADSI Edit
  • Certificate store on all Exchange Servers

After some googling searching the web with Bing, I found a solution on the web.

Get-Mailbox -Arbitration | Search-Mailbox -DeleteContent

Keep in mind, to run the command, specific permissions are required. A management role needs to be created with Mailbox Import Export assigned role. Assigning the Discovery Management role is not enough!