Manage Microsoft Entra Passkeys & AAGUIDs with PowerShell
Image Source: Shutterstock.com
Microsoft Entra
May 2, 2024 12:08 PM

Manage Microsoft Entra Passkeys & AAGUIDs with PowerShell

by HubSite 365 about Daniel Bradley [MVP] (Our Cloud Network)

Microsoft MVP - Technical Architect

Pro UserMicrosoft EntraSecurityLearning Selection

Unlock & Manage Microsoft Entra Passkeys/AAGUIDs with PowerShell - Full Guide

Key insights

  • Use Microsoft Graph PowerShell to create a report of all Passkeys and their AAGUIDs in use in your Microsoft Entra Tenant.
  • Auditing the Passkeys helps identify necessary AAGUIDs for implementing restrictions and supports governance over user-configured Passkeys.
  • To generate the Passkey report, ensure you have the latest Microsoft Graph PowerShell module installed and access to a Global Administrator account.
  • The script provided allows you to list all Passkeys and AAGUIDs, offering an option to export this data to a CSV file for further analysis.
  • Utilizing Passkeys with the Microsoft Authenticator App offers phishing-resistant authentication at no additional cost, promoting secure and manageable user access.
 

Microsoft Authentication and Security with Passkeys

As organizations aim for heightened security measures, Microsoft's approach towards modern authentication and security practices becomes increasingly vital. Passkeys, as introduced in Microsoft Entra and supported by Microsoft Graph PowerShell, provide a seamless way for administrators to oversee and manage user access and authentication methods.

By enabling the audit of Passkeys and Associated Aggregate Account GUIDs (AAGUIDs) across a tenant, IT admins are equipped with the necessary tools to govern, restrict, and ensure compatibility of devices used within their organization. This process not only aids in preemptive security measures but also in compliance with evolving digital security architectures.

List all Passkeys and Associated Device Models in Microsoft Entra using PowerShell. This guide explains how to generate a report of all Passkeys and their AAGUIDs currently in use within your organization using Microsoft Graph PowerShell.

Auditing Passkeys helps you understand which AAGUIDS are necessary for setting restrictions and governs the types of Passkeys users can configure. It's also beneficial to identify the types and models in use, especially if a third-party vendor announces an End Of Life for specific models.

This tutorial will guide you through using Microsoft Graph PowerShell to audit Passkeys in your tenant and export the AAGUIDs. Ensure you have the latest Microsoft Graph PowerShell module and access to a Global Administrator account to execute this script.

The script displays a popup grid view of all Passkeys assigned to users. To export this data as a CSV file, you have to modify the output path in the script accordingly. This script requires specifying scopes and making the appropriate calls to retrieve Passkey users and their details.

  • A detailed guide on using PowerShell to list all Passkeys and AAGUIDs.
  • Importance of auditing Passkeys for setting up restrictions.
  • Steps to audit and export Passkeys and AAGUIDs details.

Enhancing security with Passkeys in the Microsoft Authenticator App adds a phishing-resistant layer to your security protocol at no extra cost. Users can leverage the technology in their smartphones to secure and manage Passkeys within the app.

Read the full article List All Passkeys and AAGUIDs in Microsoft Entra with PowerShell

Microsoft Entra - Manage Microsoft Entra Passkeys & AAGUIDs with PowerShell

 

Keywords

Microsoft Entra PowerShell, List Passkeys PowerShell, Find AAGUIDs PowerShell, Manage Passkeys AAGUIDs, PowerShell Entra Passkeys, Extract AAGUIDs PowerShell, PowerShell Script Passkeys, Entra PowerShell AAGUID Management