Azure Active Directory Assessment | Part IV
Doing a good assessment takes a long time. A big tenant with a huge amount users and teams, takes a while. All the information needs to be retrieved and processed. In the previous post, Azure Active Directory Assessment | Part III, we gathered the Identities, Groups (including teams information) and Devices.
Let’s continue with the information about Licenses and Organization. This information can we use to get a good view about which licenses are used, how much, who, etc etc etc.
Licenses
# setting url
$url= "https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D180')"
# getting all the information
try {
$license = (Invoke-RestMethod -Method Get -Uri $url -Headers $header -ErrorAction STOP).Remove(0, 3) | ConvertFrom-Csv }
catch {
$webError = $_
$mustRetry = 1
}
If ($mustRetry -and ($weberror.ErrorDetails.message -like "*Access token has expired or is not yet valid.*")) {
#region connection
# Get an access token for the Microsoft Graph API
do {
$accessToken = (Get-MSALToken -Clientid $ConnectionDetails.ClientId -ClientSecret $connectionDetails.ClientSecret -TenantId $ConnectionDetails.TenantId -ForceRefresh).AccessToken
Start-Sleep -seconds 2
} while (
$accessToken -eq $null
)
$resource = "https://graph.microsoft.com/"
$header = @{
'Authorization' = "BEARER $accesstoken"
'Content-type' = "application/json"
}
#endregion connection
$license = (Invoke-RestMethod -Method Get -Uri $url -Headers $header -ErrorAction STOP).Remove(0, 3) | ConvertFrom-Csv
}
Now we have a list of every user with a license and when they last used an app. To get a good count we need to do it a bit different.
# creating label
$LicenseCount = @()
# setting url
$url = "https://graph.microsoft.com/v1.0/subscribedSkus"
# getting information
$skus = RunQueryAndProcess
Now we have all the counts, let’s process them
ForEach ($sku in $skus) {
$url = "https://graph.microsoft.com/v1.0/users" + '?$filter=assignedLicenses/any(x:x/skuId eq ' + $Sku.SkuId + ')'
$skuUsers = Invoke-RestMethod -Method GET -Headers $header -Uri $url
$ReportLine = [PSCustomObject][Ordered]@{
Sku = $Sku.SkuId
Product = $Sku.SkuPartNumber
Prepaid = $sku.prepaidUnits.enabled
Suspend = $sku.prepaidUnits.suspended
Warning = $sku.prepaidUnits.Warning
'Consumed Units' = $Sku.ConsumedUnits
'Calculated Units' = $SkuUsers.value.Count
}
$LicenseCount .Add($ReportLine)
}
Organization Information
It can be interesting to get information about when the tenant was created, initial domain etc .
$url = "https://graph.microsoft.com/v1.0/organization"
$Organization = RunQueryAndProcess
This information will we use later to write a document with some information about the tenant.