{"id":208614,"date":"2024-01-19T10:43:38","date_gmt":"2024-01-19T10:43:38","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/autenticacion-moderna-office-365\/"},"modified":"2024-03-04T18:18:20","modified_gmt":"2024-03-04T18:18:20","slug":"autenticacion-moderna-office-365","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/es\/script-hub\/autenticacion-moderna-office-365\/","title":{"rendered":"C\u00f3mo asegurarse de que la autenticaci\u00f3n moderna est\u00e1 activada en Office 365 con PowerShell"},"content":{"rendered":"

La autenticaci\u00f3n moderna<\/a> es una caracter\u00edstica de seguridad de Office 365 que utiliza Azure Active Directory (AAD) para autenticar a los usuarios. Se erige como un faro de seguridad, eclipsando m\u00e9todos de autenticaci\u00f3n tradicionales como la autenticaci\u00f3n b\u00e1sica. \u00bfEl motivo? La autenticaci\u00f3n moderna emplea un cifrado m\u00e1s potente y la capa a\u00f1adida de la autenticaci\u00f3n de dos factores, lo que la convierte en un mecanismo de defensa formidable en el panorama cibern\u00e9tico actual.<\/p>\n

Entender el script para verificar el estado de la autenticaci\u00f3n moderna<\/h2>\n

En esencia, el script est\u00e1 dise\u00f1ado para proporcionar claridad sobre el estado de la autenticaci\u00f3n moderna en todos los perfiles de usuario en un entorno de Office 365<\/strong>. \u00bfC\u00f3mo se consigue esto? Examinando meticulosamente cada perfil de usuario de la m\u00e1quina e inspeccionando los valores del registro vinculados a la autenticaci\u00f3n moderna. Si encuentra un valor de 0, es un claro indicador de que la autenticaci\u00f3n moderna est\u00e1 desactivada para ese perfil de usuario espec\u00edfico.<\/p>\n

El script<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Monitors if user profiles have modern auth for Office 365 enabled or disabled.\r\n.DESCRIPTION\r\n    Monitors if user profiles have modern auth for Office 365 enabled or disabled.\r\n    Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice15.0CommonIdentityEnableADAL is set to 1.\r\n    Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice16.0CommonIdentityEnableADAL is set to 0.\r\n    Returns an exit code of 1 if one user has modern auth disabled.\r\n    Returns an exit code of 0 if all user have modern auth enabled.\r\n.EXAMPLE\r\n     No parameter needed.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam ()\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    # Loop through each user's profile\r\n    # Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice15.0CommonIdentityEnableADAL is set to 1\r\n    # Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice16.0CommonIdentityEnableADAL is set to 1\r\n\r\n    $Path = @(\"SOFTWAREMicrosoftOffice15.0CommonIdentity\", \"SOFTWAREMicrosoftOffice16.0CommonIdentity\")\r\n    $Name = \"EnableADAL\"\r\n\r\n    $Script:FoundModernAuthDisabled = $false\r\n\r\n    # Get each user profile SID and Path to the profile\r\n    $UserProfiles = Get-ItemProperty -Path \"HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionProfileList*\" |\r\n        Where-Object { $_.PSChildName -match \"S-1-5-21-(d+-?){4}$\" } |\r\n        Select-Object @{Name = \"SID\"; Expression = { $_.PSChildName } }, @{Name = \"UserHive\"; Expression = { \"$($_.ProfileImagePath)NTuser.dat\" } }, @{Name = \"UserName\"; Expression = { \"$($_.ProfileImagePath | Split-Path -Leaf)\" } }\r\n\r\n    # Loop through each profile on the machine\r\n    Foreach ($UserProfile in $UserProfiles) {\r\n        # Load User ntuser.dat if it's not already loaded\r\n        If (($ProfileWasLoaded = Test-Path -Path \"Registry::HKEY_USERS$($UserProfile.SID)\") -eq $false) {\r\n            Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe LOAD HKU$($UserProfile.SID) $($UserProfile.UserHive)\" -Wait -WindowStyle Hidden\r\n        }\r\n\r\n        # Read the user's registry\r\n        $Path | ForEach-Object {\r\n            $Key = Join-Path -Path \"Registry::HKEY_USERS$($UserProfile.SID)\" -ChildPath $($_)\r\n            $Value = Get-ItemProperty -Path $Key -ErrorAction SilentlyContinue | Select-Object $Name -ExpandProperty $Name -ErrorAction SilentlyContinue\r\n            if (\r\n                (\r\n                    $_ -like \"*15.0*\" -and\r\n                    $Value -ne 1 -and\r\n                    $(Test-Path -Path $Key -ErrorAction SilentlyContinue)\r\n                ) -or\r\n                (\r\n                    $_ -like \"*16.0*\" -and\r\n                    $Value -eq 0\r\n                )\r\n            ) {\r\n                Write-Host \"$($UserProfile.UserName) ModernAuth is not enabled.\"\r\n                $Script:FoundModernAuthDisabled = $true\r\n            }\r\n        }\r\n \r\n        # Unload NTuser.dat\r\n        If ($ProfileWasLoaded -eq $false) {\r\n            [gc]::Collect()\r\n            Start-Sleep 1\r\n            Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe UNLOAD HKU$($UserProfile.SID)\" -Wait -WindowStyle Hidden | Out-Null\r\n        }\r\n    }\r\n    if ($FoundModernAuthDisabled) {\r\n        Write-Output $false\r\n        exit 1\r\n    }\r\n    else {\r\n        Write-Output $true\r\n        exit 0\r\n    }\r\n}\r\nend {}<\/pre>\n
 <\/p>\n\n
Accede a m\u00e1s de 300 scripts en el Dojo de NinjaOne<\/p>\n
Obt\u00e9n acceso<\/a><\/p>\n<\/div>\n
Ventajas para los profesionales de TI<\/h2>\n
El script no es s\u00f3lo una herramienta; es una soluci\u00f3n a la medida para los profesionales de TI. A continuaci\u00f3n algunas formas en las que te puede ayudar:<\/p>\n
    \n
  1. Supervisi\u00f3n proactiva<\/strong>: antes de que un posible fallo de seguridad se convierta en un problema real, el script permite a los profesionales de TI identificar y tratar los casos en los que la autenticaci\u00f3n moderna est\u00e1 desactivada.<\/li>\n
  2. M\u00e1xima eficiencia<\/strong>: el tiempo es un factor crucial en el \u00e1mbito de las TI. El script automatiza el tedioso proceso de comprobar individualmente cada perfil de usuario, permitiendo ganar un tiempo muy valioso.<\/li>\n
  3. Claridad y orientaci\u00f3n<\/strong>: se acabaron las conjeturas. El script ofrece informaci\u00f3n clara sobre los perfiles de usuario que requieren atenci\u00f3n, allanando el camino para una correcci\u00f3n espec\u00edfica y eficaz.<\/li>\n<\/ol>\n
    NinjaOne: tu socio en gesti\u00f3n de TI<\/h2>\n
    Aunque el script ofrece una soluci\u00f3n espec\u00edfica, la integraci\u00f3n con una plataforma de gesti\u00f3n de TI integral<\/a> como NinjaOne amplifica sus capacidades. NinjaOne proporciona una plataforma unificada que simplifica las operaciones de TI. Cuando se trata de la autenticaci\u00f3n moderna en Office 365, NinjaOne puede ejecutar el script sin interrupciones a intervalos programados. \u00bfEl resultado? Los equipos de TI reciben alertas en tiempo real<\/a> sobre cualquier anomal\u00eda, garantizando que la seguridad no se vea comprometida.<\/p>\n
    Reflexiones finales<\/h2>\n
    En el mundo en constante evoluci\u00f3n de las TI, la autenticaci\u00f3n moderna en Office 365 no es una mera caracter\u00edstica; es una necesidad. Si usan este script y lo integran con soluciones robustas como NinjaOne, los profesionales de TI pueden reforzar sus defensas y asegurarse de que sus organizaciones est\u00e1n siempre un paso por delante en materia de ciberseguridad.<\/p>\n","protected":false},"author":35,"featured_media":207013,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4265],"class_list":["post-208614","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows","use_cases-configuracion-del-sistema"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub\/208614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/comments?post=208614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media\/207013"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media?parent=208614"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/operating_system?post=208614"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/use_cases?post=208614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}