Notable Changes
The new Set-AzureADUserEx cmdlet enables administrative FIDO2 security key revocation in Azure Active Directory. This allows Global Admins to unregister stolen or lost security keys and thus prevent their potential misuse:
<#
This script will revoke all FIDO2 keys with display name containing "YubiKey"
that were registered by user "john@contoso.com".
#>
Install-Module -Name AzureAD,DSInternals -Force
Connect-AzureAD
$token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
$user = Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token
$newCreds = $user.KeyCredentials | where { $PSItem.FidoKeyMaterial.DisplayName -notlike '*YubiKey*' }
Set-AzureADUserEx -UserPrincipalName 'john@contoso.com' -KeyCredential $newCreds -Token $token
This feature is unique to DSInternals and there is currently no other way of achieving the same goal.
PowerShell Module
Standalone module for offline installation and for legacy PowerShell versions is attached. See the Installation Notes before proceeding.
PowerShell Gallery
The PowerShell module is also available on Microsoft's PowerShell Gallery.
Chocolatey
An official Chocolatey package of the DSInternals PowerShell Module is also available. Note that due to a strict approval process, the newest version of the package might appear with some delay.
NuGet Gallery
Official binary packages are available at NuGet Gallery.