Forum Discussion

dbetlow's avatar
dbetlow
Iron Contributor
Feb 27, 2018
Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup).  Looking at the status of users who I know have enabled...
Azure Active Directory (AAD)
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 28, 2018

    No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

Butchokoy's avatar
Butchokoy
Copper Contributor
Jan 31, 2022

Just in case someone needs it, if you are using conditional access and not enforcing MFA, here's something I used to get the data for those who registered for MFA.

$reportFile = "C:\temp\output.csv";
Set-Content $reportFile "First Name,Last Name,UPN,Office,MFA Methods";
$testUser = Get-MsolUser -All;
foreach ($userObj in $testUser) {
$mfaMethods = $userObj.StrongAuthenticationMethods | Select-Object -ExpandProperty MethodType;
if ($mfaMethods) {
Write-Host $userObj.UserPrincipalName" "$mfaMethods;
Add-Content $reportFile "$($userObj.FirstName),$($userObj.LastName),$($userObj.UserPrincipalName),$($userObj.Office),$($mfaMethods)";
}
else {
Write-Host $userObj.UserPrincipalName" NONE";
Add-Content $reportFile "$($userObj.FirstName),$($userObj.LastName),$($userObj.UserPrincipalName),$($userObj.Office),NONE";
}
}

Resources