PowerShell - Azure USB Token

1. #Gets a user from Azure AD, including the associated FIDO and NGC keys.
2.  
3. Get-AzureADUserEx [-All] -AccessToken <String> [-TenantId <Guid>] [<CommonParameters>]
4. Get-AzureADUserEx -AccessToken <String> -ObjectId <Guid> [-TenantId <Guid>] [<CommonParameters>]
5. Get-AzureADUserEx -AccessToken <String> -UserPrincipalName <String> [-TenantId <Guid>] [<CommonParameters>]
6.  
7. #Displays info about Azure AD users with key credentials. Authentication is handled by the AzureAD module.
8.  
9. #Example 1
10.  
11. Install-Module -Name AzureAD,DSInternals -Force
12. Connect-AzureAD
13. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
14. Get-AzureADUserEx -All -Token $token | Where-Object KeyCredentials -ne $null
15.  
16. <# Sample Output:
17.  
18. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
19. UserPrincipalName: john@contoso.com
20. Enabled: True
21. DisplayName: John Doe
22. Key Credentials:
23.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
24.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
25.  
26. ObjectId: 5dd9c7f0-9441-4c5a-b2df-ca7b889d8c4c
27. UserPrincipalName: peter@contoso.com
28. Enabled: True
29. DisplayName: Peter Smith
30. Key Credentials:
31.   Usage=NGC, Source=AzureAD, Device=21c915a8-0326-47c4-8985-2aceda00eaee, Created=12/26/2019 1:22:17 PM
32.   Usage=NGC, Source=AzureAD, Device=ec45d71b-b5dd-45dc-beaf-e248cbcb2bd3, Created=12/24/2019 9:44:56 AM
33.  
34. #>
35.  
36. #Lists all FIDO2 tokens registered in an Azure AD tenant, but only on accounts that are enabled.
37.  
38. Install-Module -Name AzureAD,DSInternals -Force
39. Connect-AzureAD
40. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
41. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials |            Where-Object Usage -eq FIDO | Format-Table -View FIDO
42.  
43. <# Sample Output:
44.  
45. DisplayName               AAGUID                               Alg   Counter Created    Owner
46. -----------               ------                               ---   ------- -------    -----
47. SoloKeys Tap              8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     274 2019-08-29 james@contoso.com
48. SoloKeys Solo             8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     281 2019-08-29 thomas@contoso.com
49. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      83 2019-08-29 jane@contoso.com
50. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256       4 2019-08-29 mary@contoso.com
51. Feitian BioPass FIDO2     77010bd7-212a-4fc9-b236-d2ca5e9d4084 ES256     261 2019-08-26 george@contoso.com
52. Yubico Security Key FIDO2 f8a011f3-8c0a-4d15-8006-17111f9edc7d ES256     257 2019-08-26 matt@contoso.com
53. Feitian AllinPass FIDO2   12ded745-4bed-47d4-abaa-e713f51d6393 ES256     231 2019-08-26 jenny@contoso.com
54. YubiKey 5                 fa2b99dc-9e39-4257-8f92-4a30d23c4118 ES256     229 2019-08-26 jill@contoso.com
55. YubiKey 5                 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256      25 2019-12-12 john@contoso.com
56. Feitian All-In-Pass       12ded745-4bed-47d4-abaa-e713f51d6393 ES256    1398 2020-03-31 peter@contoso.com
57. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      37 2019-08-29 joe@contoso.com
58. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256      48 2019-08-29 joe@contoso.com
59.  
60. #>
61.  
62. Lists weak public keys registered in Azure Active Directory that were generated on ROCA-vulnerable TPMs.
63.  
64. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA
65.  
66. <# Sample Output:
67.  
68. Usage IsWeak Source  DeviceId                             Created    Owner
69. ----- ------ ------  --------                             -------    -----
70. NGC   True   AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 joe@contoso.com
71. NGC   False  AzureAD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 peter@contoso.com
72.  
73. #>
74.  
75. #Gets information about a single Azure Active Directory user. If necessary, the access token is automatically refreshed by the standard #Get-AzureADTenantDetail cmdlet.
76.  
77. Get-AzureADTenantDetail | Out-Null
78. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
79. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -Token $token
80.  
81. <# Sample Output:
82.  
83. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
84. UserPrincipalName: john@contoso.com
85. Enabled: True
86. DisplayName: John Doe
87. Key Credentials:
88.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
89.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
90.  
91. #>
92.  
93. #Displays details about FIDO2 keys registered in Azure Active Directory by a specific user.
94.  
95. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token | ForEach-Object { $PSItem.KeyCredentials.FidoKeyMaterial }