Forum Discussion
Find ENABLED Users that need MFA
So,
I am thinking maybe I am asking the wrong question...
What I want is to find with PowerShell is
- All enabled user accounts
- that do not have MFA turned on
I have been shocked how hard it is.
- Firstly I can't use powershell 7 because connect-azuread is not supported
- Then, when I do get connected, the get-azureaduser does not have the MFA status
- Now I find the MSol commands are deprecated, and do not show the enabled status
I have found an AWESOME script that tells me ALL the users and their MFA Status (Not my script)
((Get-MsolUser -all | select DisplayName,UserPrincipalName,@{Name="MFA Status"; Expression={ if( $_.StrongAuthenticationMethods.IsDefault -eq $true) {($_.StrongAuthenticationMethods | Where IsDefault -eq $True).MethodType} else { "Disabled"}}})
But I can't filter out the thousands that are not enabled
I feel I am missing something bigger here, like I am going about this the wrong way. what am I missing???
2 Replies
- Try https://aammir-mirza.medium.com/identify-disabled-in-active-users-in-azure-ad-3e8700a9a6f1
Hi,
Check this article out, shows you how to get status of all users, once you have that list, use excel to simply sort by true/false. Hope this helps! https://lazyadmin.nl/powershell/list-office365-mfa-status-powershell/
Best,
bp
