- Jamf Nation Community
- Products
- Jamf Pro
- Re: Inventory Microsoft 365 / OneDrive username?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2020 02:48 PM
We've recently run into an issue where a user accidentally logged in to their personal Microsoft 365 account rather than the company account, which creates some data headaches as company files were syncing to a personal account.
I'm trying to find a way to collect the Microsoft 365 and OneDrive usernames into an Extension Attribute so we can audit them, but I haven't had any luck. They don't seem to be stored in a plist anywhere, and I haven't been able to find a terminal binary that will report the login names.
Any ideas? Thank you!
Solved! Go to Solution.
Labels:
- Labels:
-
Inventory (OS X)
-
Jamf Pro
-
Scripts
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2020 03:11 PM
Try this extension attribute. We use it to track active O365 Logon’s on machines.
#!/bin/sh
# Functions
function DetectO365Logon {
# creates a list of local usernames with UIDs above 500 (not hidden)
userList=$( /usr/bin/dscl /Local/Default -list /Users uid | /usr/bin/awk '$2 >= 501 { print $1 }' )
while IFS= read aUser
do
# get the user's home folder path
HOMEPATH=$( eval /bin/echo ~$aUser )
# execute some sql to get the active O365 logon, if any
local RESULT=$(/usr/bin/sqlite3 "$HOMEPATH/Library/Group Containers/UBF8T346G9.Office/MicrosoftRegistrationDB.reg" "SELECT value from HKEY_CURRENT_USER_values WHERE name='UserDisplayName' LIMIT 1;")
# checks to see if we got a hit
if [ "$RESULT" != "" ]; then
logons+="$RESULT;"
fi
done <<< "$userList"
/bin/echo "$logons"
}
## Main
O365LOGONS=$(DetectO365Logon)
if [ "$O365LOGONS" != "" ]; then
/bin/echo "<result>$O365LOGONS</result>"
else
/bin/echo "<result>None detected</result>"
fi
exit 0Best,
D.
Reply
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2020 03:11 PM
Try this extension attribute. We use it to track active O365 Logon’s on machines.
#!/bin/sh
# Functions
function DetectO365Logon {
# creates a list of local usernames with UIDs above 500 (not hidden)
userList=$( /usr/bin/dscl /Local/Default -list /Users uid | /usr/bin/awk '$2 >= 501 { print $1 }' )
while IFS= read aUser
do
# get the user's home folder path
HOMEPATH=$( eval /bin/echo ~$aUser )
# execute some sql to get the active O365 logon, if any
local RESULT=$(/usr/bin/sqlite3 "$HOMEPATH/Library/Group Containers/UBF8T346G9.Office/MicrosoftRegistrationDB.reg" "SELECT value from HKEY_CURRENT_USER_values WHERE name='UserDisplayName' LIMIT 1;")
# checks to see if we got a hit
if [ "$RESULT" != "" ]; then
logons+="$RESULT;"
fi
done <<< "$userList"
/bin/echo "$logons"
}
## Main
O365LOGONS=$(DetectO365Logon)
if [ "$O365LOGONS" != "" ]; then
/bin/echo "<result>$O365LOGONS</result>"
else
/bin/echo "<result>None detected</result>"
fi
exit 0Best,
D.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-23-2020 02:48 PM
Works great, thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-19-2023 01:25 PM
Has anyone determined if its possible to also read a secondary or personal account signed into OneDrive under the same local user account?
