Two ways to do it, via
- MSOnline module
- AzureAD module
MSOnline
First you start with a connection to Azure AD, via Connect-MsolService
Then you can run a number of commands against Azure AD. Here is a couple:
Get-MsolDevice –RegisteredOwnerUpn “Fred.Nurks@noddyland.wisefaq.com”
will display all the devices registered to a particular user.
Get-MsolUser –UserPrincipalName “Fred.Nurks@noddyland.wisefaq.com” | select DisplayName, LastDirSyncTime,@{Name="PasswordAge";Expression={((Get-Date).ToUniversalTime())-$_.LastPasswordChangeTimeStamp}} | sort-object PasswordAge -desc
will display the last time Azure AD sync’d with the On-Premise AD, and how old the password is in days.
AzureAD Module
Connect-AzureAd
is used to connect to Azure AD.
when the connection is successful, Connect-AzureAD will return something like
Account Environment TenantId TenantDomain AccountType
------- ----------- -------- ------------ --------
Fred.Bear@noddyland.wisefaq.com AzureCloud e10ac18d-38fa-4a74-ba38-61f93ebd7150 wisefqq.com User
Get-AzureADUser -Filter "userPrincipalName eq 'Fred.Nurks@noddyland.wisefaq.com" | Select-Object -Property *
Will return all the details for the user, including the ObjectID.
With the ObjectID, you can query what devices they have registered:
Get-AzureADUserRegisteredDevice -ObjectId "df19e8e6-2ad7-453e-87f5-037f6529ae16"
References:
Choose your Battles: The Modules and APIs for PowerShell to connect to AzureAD / O365
How to install and use the AzureAD PowerShell module