I was wondering if there's any integration that would allow me to get the defined authentication methods for a given user. The use case is to know if someone who has entered credentials in a phishing portal has MFA enabled or not and take actions in consequence.
I have been looking in Microsoft Graph User integration but there is no command for this although I'm sure the information could be gathered from there.
Perhaps look at The Graph API interface Based on https://learn.microsoft.com/en-us/graph/authenticationmethods-get-started You can test this request GET https://graph.microsoft.com/beta/users/<userid>/authentication/methods and test to see if this give s you the data you want in https://developer.microsoft.com/en-us/graph/graph-explorer
Got these results when I tried it in my lab using The Cortex XSOAR Azure App for authentication and setting scope to UserAuthenticationMethod.Read.All
!msgraph-api-request resource="/email@example.com/authentication/methods" api_version=beta
|@odata.type|id|isUsable|methodUsabilityReason|phoneNumber|phoneType|smsSignInState| |—|---|—|---|—|---|—| | #microsoft.graph.phoneAuthenticationMethod | <string>-<string>-<string>-<string>-<string> | true | EnabledByPolicy | 867-5309 | mobile | notAllowedByPolicy | |
#microsoft.graph.passwordAuthenticationMethod | <string>-<string>-<string>-<string>-<string> | true | EnabledByPolicy | | | | | #microsoft.graph.microsoftAuthenticatorAuthenticationMethod | <string>-<string>-<string>-<string>-<string>| true | EnabledByPolicy | | | |
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!