mna/TAP-check
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
2 commits 1 branch 0 tags 30 KiB
  • PowerShell 100%
Find a file
Exact
Magnus Naasade 62dcf6ff9d v1 publish 
This is the current version that is in production use. Included is a readme showing dependencies but not the app requirements.
2024-10-09 14:12:45 +02:00
LICENSE Initial commit 2024-10-09 14:06:58 +02:00
README.md v1 publish 2024-10-09 14:12:45 +02:00
tap-check.ps1 v1 publish 2024-10-09 14:12:45 +02:00

README.md

Azure AD TAP Report Script

This PowerShell script is designed to audit Azure Active Directory (Azure AD) users for Temporary Access Pass (TAP) usage. It retrieves users' authentication methods from Microsoft Graph and generates a report of any users utilizing TAP. The report is exported to a CSV file and optionally uploaded to a SharePoint folder.

Features

  • Microsoft Graph Integration: Connects to Microsoft Graph using certificate-based authentication.
  • User Authentication Audit: Retrieves all users in Azure AD and checks their authentication methods for TAP.
  • CSV Report Generation: Exports a detailed report of users with TAP, including creation and expiration timestamps.
  • SharePoint Upload: Uploads the CSV report to a specified SharePoint folder for easy sharing and access.

Prerequisites

  1. Azure AD App Registration: You will need an Azure AD App with API permissions for Microsoft Graph to read user authentication methods.
  2. Certificate-Based Authentication: Ensure that a valid certificate is installed locally for secure authentication with Microsoft Graph.
  3. Microsoft Graph PowerShell Module: Install the Microsoft Graph module with: 
    Install-Module Microsoft.Graph -Scope CurrentUser
  4. PnP PowerShell Module: Install the PnP PowerShell module for SharePoint integration with: 
    Install-Module PnP.PowerShell

Usage

  1. Update the script with your organization's details:

    • Replace YOUR_CERTIFICATE_THUMBPRINT, YOUR_APP_ID, YOUR_TENANT_ID, YOUR_SHAREPOINT_URL, and YOUR_SHAREPOINT_FOLDER in the script with actual values.

  2. Run the script:

    • Execute the script in PowerShell to generate the TAP report and upload it to SharePoint.

Script Parameters

  • $CertThumbPrint: The thumbprint of the certificate used for authentication.
  • $AppID: The Application (client) ID from your Azure AD App Registration.
  • $TenantID: The Tenant ID of your Azure AD instance.
  • $OutputFile: The path where the CSV report will be saved.
  • $SharePoint URL: The URL of your SharePoint site where the report will be uploaded.
  • $SharePoint Folder: The SharePoint folder path where the report will be stored.

Example Output

The CSV report will contain the following fields for each user found with TAP:

  • UserPrincipalName: The UPN of the user.
  • DisplayMethod: Authentication method used (Temporary Access Pass).
  • P1: Creation timestamp of the TAP.
  • P2: Expiration or "Expired" status of the TAP.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributions

Feel free to fork this repository and submit pull requests if you'd like to add features or improvements.

Contact

For any questions or issues, please contact: