Public/Compare-DeviceThumbprint.ps1
function Compare-DeviceThumbprint { <# .SYNOPSIS Compare the thumbprint from the Entra device with the thumbprint from the validation request. .DESCRIPTION This function extracts the thumbprint from the Entra device's AlternativeSecurityIds and compares it with the thumbprint provided in the validation request. .PARAMETER EntraDevice Specify the Entra device object which contains AlternativeSecurityIds. (Genarated with Get-MgDevice) .PARAMETER ValidationRequest Specify the validation request object which contains the Thumbprint to be compared. (Genarated with Get-EntraDeviceAuth-Local) .NOTES Author: Florian Salzmann Contact: @FlorianSLZ Created: 2024-06-21 Updated: 2024-06-21 Version history: 1.0.0 - (2024-06-21) Function created #> param( [parameter(Mandatory = $true, HelpMessage = "Specify the Entra device object which contains AlternativeSecurityIds. (Genarated with Get-MgDevice)")] [ValidateNotNullOrEmpty()] [array]$EntraDevice, [parameter(Mandatory = $true, HelpMessage = "Specify the validation request object which contains the Thumbprint to be compared. (Genarated with Get-EntraDeviceAuth-Local)")] [ValidateNotNullOrEmpty()] [array]$ValidationRequest ) Process { # Extract the AlternativeSecurityIds $AlternativeSecurityIds = $EntraDevice.AlternativeSecurityIds # Initialize a variable to store the thumbprint $EntraThumbprint = $null # Loop through each AlternativeSecurityId foreach ($securityId in $AlternativeSecurityIds) { if ($securityId.Key -is [Array]) { # Remove the zero bytes (assuming Unicode) $filteredKey = $securityId.Key | Where-Object { $_ -ne 0 } # Convert the array of bytes to a string $EntraThumbprint = -join ([char[]]$filteredKey) } } # Check if thumbprint was found if ($EntraThumbprint -eq $null) { Write-Warning "Thumbprint key in Entra ID not found." }elseif($EntraThumbprint -like "*$($ValidationRequest.Body.Thumbprint)*"){ return $true }else{ return $false } } } |