PowerShell for Multi-Factor Authentication solution updated

Another plug to my fellow Questees who have gone PowerShell (that’s the deal we have here at Quest – you add PowerShell to your product and get a special blog mention and lots of happy customers!). Quest’s Defender (Two-Factor/Multi-Factor Authentication solution) team has just updated their PowerShell module and there’s quite a few useful cmdlets for user provisioning, de-provisioning and general Defender auditing / administration.

For example, for User provisioning, there’s ability to batch-assign tokens to users and provide either unique Personal Identification Numbers (PINs) or set a known PIN to expire on first use so that end users can then create their own:

To assist with the de-provisioning of users accounts from Active Directory when a user has left the company simple commands such as Remove-AllTokensFromUser could be used to ensure all tokens that have been assigned to a user are removed.

For auditing and general administration a number of cmdlets are available, for example, it may be useful for auditing purposes to know which users have authenticated using Defender at any time or for a given period:

Here’s full list of what we’ve got in this release:

• Add-TokenToUser
• Add-TokenToUserBatch
• Find-DefenderToken
• Get-DefenderLicense
• Get-DefenderUsersLastLogon
• Get-TokensForUser
• Get-UnactivatedSoftwareTokens
• Get-UsersForToken
• Remove-AllTokensFromUser
• Remove-DefenderPassword
• Remove-PINFromUserToken
• Remove-TemporaryResponse
• Remove-TokenFromUser
• Remove-TokenFromUserBatch
• Reset-DefenderToken
• Reset-DefenderViolationCount
• Set-DefenderPassword
• Set-PINOnUserToken
• Set-TemporaryResponse
• Test-DefenderToken

As you can see this is a lot more than what we could previously provide with the AD cmdlets integration that we had.

You can get a free trial of Defender here.