One questions I frequently get asked: ”How do I list all the users that have admin access to my tenant?” You can easily list the members of an admin role if you are looking at a specific role i.e Global Admin using
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Get-AzureADUserHowever if you are going into a tenant and need to evaluate those with security access. Running the Powershell below will help to reduce the number of command you have to run against individual admin role. FireBlogs.com
clear
#Connect to O365
Import-Module MSOnline
$User = "akin@aajewole.com"
$password = Get-Content "C:\SecureStrings\PasswordAkin.txt" | ConvertTo-SecureString
$credential = new-object -typename system.management.automation.pscredential -argumentlist $User, $password
Write-Host "Running the script to Connect to Office365"
Connect-MsolService -Credential $credential
$role = Get-AzureADDirectoryRole | Select-Object DisplayName
$output = 'C:\Users\akin\Desktop\ScriptInput\usersMFA.csv'
foreach ($admin in $role){
$admin = $admin.DisplayName
$role2 = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq $admin}
echo $role2
Get-AzureADDirectoryRoleMember -ObjectId $role2.ObjectID | Get-AzureADUser | Select-Object userprincipalname | Export-Csv $output -NoTypeInformation -Append
}