MicrosoftMicrosoftHi Guys, good day.
AnthonyBartolo
You try the following script below. It takes into consideration the actual status of the user from the legacy portal.
$AllUsers = Get-MsolUser -All:$True | Sort-Object DisplayName #-ErrorAction SilentlyContinue
# Check if a UserPrincipalName is given
# Get the MFA status for the given user(s) if they exist
$AllMFAData =@()
$Methods = @{
"OneWaySMS"="SMS token"
"TwoWayVoiceMobile"="Phone call verification"
"PhoneAppOTP" = "Hardware token or authenticator app"
"PhoneAppNotification" = "Authenticator app"
}
foreach ($MsolUser in $AllUsers) {
try {
$MFAResults = [PSCustomObject]@{
DisplayName = $MsolUser.DisplayName
UserPrincipalName = $MsolUser.UserPrincipalName
DefualtMFAMethod = ($MsolUser.StrongAuthenticationMethods | ? {$_.isDefault -eq $true}).MethodType
MFAEnforced = if($MsolUser.StrongAuthenticationRequirements) {$MsolUser.StrongAuthenticationRequirements.State } else {"Diabled"}
MFAMethods = if($MsolUser.StrongAuthenticationMethods){($MsolUser.StrongAuthenticationMethods.MethodType | % { $Methods[$_]}) -join ","}else{"No Methods"}
}
}
catch {
$MFAResults = [PSCustomObject]@{
DisplayName = " - Not found"
UserPrincipalName = $MsolUser
DefualtMFAMethod = $null
MFAEnforced = $null
MFAMethods = $null
}
}
$AllMFAData += $MFAResults
}
$AllMFAData | Export-Csv $Home\Downloads\MFAResultsReport.csv -NoTypeInformation
