MFA - Where to find the sensitive details?

aditya sharma 0 Reputation points
2023-03-19T13:35:02.62+00:00

Hi

I want to know where I can find the MFA configuration/context of users in Azure OR wherever that it exists. I am specifically looking for the TOTP secret that is stored in the system against a configured device and extract that information. If someone know where to look and how to export it then, it would be really helpful.

All help is appreciated!

Thanks

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,451 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,521 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael J. Bean 0 Reputation points
    2023-03-19T14:49:09.0966667+00:00

    In Azure, you can find the MFA configuration/context of users in the Azure Active Directory (AD). Specifically, you can use the Azure AD PowerShell module to retrieve the TOTP (Time-based One-Time Password) secret for a user.

    (Get-AzureADUser -ObjectId <Object ID>).StrongAuthenticationMethods | Where-Object {$_.IsDefault -eq $true} | Select-Object -ExpandProperty "CustomKeyIdentifier"

    Replace <Object ID> with the Object ID of the user whose TOTP secret you want to retrieve.