{"id":208104,"date":"2023-09-19T11:28:52","date_gmt":"2023-09-19T11:28:52","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/monitorare-la-modern-authentication-in-office-365-con-powershell\/"},"modified":"2024-03-04T18:17:50","modified_gmt":"2024-03-04T18:17:50","slug":"monitorare-la-modern-authentication-in-office-365-con-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/it\/script-hub\/monitorare-la-modern-authentication-in-office-365-con-powershell\/","title":{"rendered":"Come controllare con PowerShell che la modern authentication sia abilitata in Office 365"},"content":{"rendered":"<p><span class=\"TextRun SCXW65473235 BCX0\" lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW65473235 BCX0\">La modern authentication \u00e8 una funzione di sicurezza di Office 365 che utilizza Azure Active Directory (AAD) per autenticare gli utenti. Si pone come un faro di sicurezza, mettendo in ombra i metodi di autenticazione tradizionali come l&#8217;Autenticazione di base. Il motivo? La modern authentication si avvale di una crittografia pi\u00f9 forte e di un livello di sicurezza aggiuntivo offerto dall&#8217;autenticazione a due fattori, che la rendono un meccanismo di difesa formidabile nel panorama informatico odierno.<\/span><\/span><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">Comprendere lo script<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\"> per controllare la modern authentication<\/span><\/h2>\n<p><span data-contrast=\"none\">Lo script \u00e8 stato progettato per controllare lo <strong>stato della modern authentication su tutti i profili degli utenti in un ambiente Office 365<\/strong>. Come si ottiene questo risultato? Esaminando meticolosamente ogni profilo utente sulla macchina e ispezionando i valori del registro di sistema legati alla modern authentication. Se lo script incontra un valore impostato su 0, \u00e8 un chiaro indicatore che la modern authentication \u00e8 disabilitata per quel profilo utente specifico.<\/span><\/p>\n<h2>Lo script<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">#Requires -Version 5.1\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Monitors if user profiles have modern auth for Office 365 enabled or disabled.\r\n.DESCRIPTION\r\n    Monitors if user profiles have modern auth for Office 365 enabled or disabled.\r\n    Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice15.0CommonIdentityEnableADAL is set to 1.\r\n    Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice16.0CommonIdentityEnableADAL is set to 0.\r\n    Returns an exit code of 1 if one user has modern auth disabled.\r\n    Returns an exit code of 0 if all user have modern auth enabled.\r\n.EXAMPLE\r\n     No parameter needed.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam ()\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    # Loop through each user's profile\r\n    # Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice15.0CommonIdentityEnableADAL is set to 1\r\n    # Check if HKEY_CURRENT_USERSOFTWAREMicrosoftOffice16.0CommonIdentityEnableADAL is set to 1\r\n\r\n    $Path = @(\"SOFTWAREMicrosoftOffice15.0CommonIdentity\", \"SOFTWAREMicrosoftOffice16.0CommonIdentity\")\r\n    $Name = \"EnableADAL\"\r\n\r\n    $Script:FoundModernAuthDisabled = $false\r\n\r\n    # Get each user profile SID and Path to the profile\r\n    $UserProfiles = Get-ItemProperty -Path \"HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionProfileList*\" |\r\n        Where-Object { $_.PSChildName -match \"S-1-5-21-(d+-?){4}$\" } |\r\n        Select-Object @{Name = \"SID\"; Expression = { $_.PSChildName } }, @{Name = \"UserHive\"; Expression = { \"$($_.ProfileImagePath)NTuser.dat\" } }, @{Name = \"UserName\"; Expression = { \"$($_.ProfileImagePath | Split-Path -Leaf)\" } }\r\n\r\n    # Loop through each profile on the machine\r\n    Foreach ($UserProfile in $UserProfiles) {\r\n        # Load User ntuser.dat if it's not already loaded\r\n        If (($ProfileWasLoaded = Test-Path -Path \"Registry::HKEY_USERS$($UserProfile.SID)\") -eq $false) {\r\n            Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe LOAD HKU$($UserProfile.SID) $($UserProfile.UserHive)\" -Wait -WindowStyle Hidden\r\n        }\r\n\r\n        # Read the user's registry\r\n        $Path | ForEach-Object {\r\n            $Key = Join-Path -Path \"Registry::HKEY_USERS$($UserProfile.SID)\" -ChildPath $($_)\r\n            $Value = Get-ItemProperty -Path $Key -ErrorAction SilentlyContinue | Select-Object $Name -ExpandProperty $Name -ErrorAction SilentlyContinue\r\n            if (\r\n                (\r\n                    $_ -like \"*15.0*\" -and\r\n                    $Value -ne 1 -and\r\n                    $(Test-Path -Path $Key -ErrorAction SilentlyContinue)\r\n                ) -or\r\n                (\r\n                    $_ -like \"*16.0*\" -and\r\n                    $Value -eq 0\r\n                )\r\n            ) {\r\n                Write-Host \"$($UserProfile.UserName) ModernAuth is not enabled.\"\r\n                $Script:FoundModernAuthDisabled = $true\r\n            }\r\n        }\r\n \r\n        # Unload NTuser.dat\r\n        If ($ProfileWasLoaded -eq $false) {\r\n            [gc]::Collect()\r\n            Start-Sleep 1\r\n            Start-Process -FilePath \"cmd.exe\" -ArgumentList \"\/C reg.exe UNLOAD HKU$($UserProfile.SID)\" -Wait -WindowStyle Hidden | Out-Null\r\n        }\r\n    }\r\n    if ($FoundModernAuthDisabled) {\r\n        Write-Output $false\r\n        exit 1\r\n    }\r\n    else {\r\n        Write-Output $true\r\n        exit 0\r\n    }\r\n}\r\nend {}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p>Accedi a oltre 700 script nel Dojo di NinjaOne <a href=\"https:\/\/www.ninjaone.com\/it\/prova-gratuita\/\">Ottieni l&#8217;accesso<\/a><\/p>\n<\/div>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">Come i professionisti IT possono trarre vantaggio<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Lo script non \u00e8 solo uno strumento, ma una soluzione su misura per i professionisti IT. Ecco come pu\u00f2 cambiare le carte in tavola:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ol>\n<li><b><span data-contrast=\"none\">Monitoraggio proattivo<\/span><\/b><span data-contrast=\"none\">: Prima che una potenziale falla nella sicurezza diventi un vero e proprio problema, lo script consente ai professionisti IT di identificare e risolvere i casi in cui la modern authentication \u00e8 disabilitata.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"none\">L&#8217;efficienza al suo massimo livello<\/span><\/b><span data-contrast=\"none\">: Il tempo \u00e8 fondamentale nell&#8217;IT. Lo script automatizza il processo altrimenti noioso di controllo individuale di ogni profilo utente per verificare lo stato della modern authentication, liberando tempo prezioso.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;201341983&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><b><span data-contrast=\"none\">Chiarezza e direzione<\/span><\/b><span data-contrast=\"none\">: Niente pi\u00f9 congetture. Lo script offre un\u2019informazione certa su quali profili utente hanno la modern authentication abilitata e quali invece richiedono attenzione, aprendo la strada a una correzione mirata ed efficace.<\/span><\/li>\n<\/ol>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">NinjaOne: Il tuo partner nella gestione IT<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Sebbene lo script offra una soluzione mirata per verificare lo stato della modern authentication, la sua integrazione con una <a href=\"https:\/\/www.ninjaone.com\/it\/\">piattaforma di gestione IT completa<\/a> come <\/span><span data-contrast=\"none\">NinjaOne<\/span><span data-contrast=\"none\"> ne amplifica le capacit\u00e0. NinjaOne offre una piattaforma unificata che semplifica le operazioni IT. Quando si tratta di modern authentication in Office 365, NinjaOne pu\u00f2 eseguire lo script a intervalli programmati. Il risultato? <a href=\"https:\/\/www.ninjaone.com\/it\/gestione-endpoint\/monitoraggio-e-avvisi\">Avvisi in tempo reale ai team IT<\/a> su eventuali discrepanze, per garantire che la sicurezza non venga compromessa.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2 aria-level=\"2\"><span data-contrast=\"none\">Considerazioni finali<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">Nel mondo dell&#8217;IT in continua evoluzione, la modern authentication in Office 365 non \u00e8 solo una funzionalit\u00e0 disponibile, ma una necessit\u00e0. Sfruttando lo script di cui abbiamo parlato e integrandolo con soluzioni solide come NinjaOne, i professionisti IT possono rafforzare le loro difese, assicurandosi che le loro organizzazioni siano sempre un passo avanti nella partita della sicurezza informatica.<\/span><\/p>\n","protected":false},"author":35,"featured_media":207008,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4275],"class_list":["post-208104","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/script_hub\/208104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/comments?post=208104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/media\/207008"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/media?parent=208104"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/operating_system?post=208104"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/use_cases?post=208104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}