Forum Discussion
Powershell CMDlets for MFA Settings?
- Feb 13, 2018
You have the information in the Get-MSolUser cmdlet from MSOnline powershell module:
Connect-MsolService $User = Get-MSolUser -UserPrincipalName user@domain.com
$User.StrongAuthenticationMethodsWith that you get the default authentication method. There are other properties beginning by StrongAuthentication that give you other details
Can someone help me to export the strong authentication details to a csv file from Azure AD for some users provided through input file.
Thanks in advance
I am using below logic to extract user MFA details and default method configured., We use combined registration SSPR +MFA.
#Define global variable
$Results = New-Object System.Collections.ArrayList
# Get User list from a text file, expect user name as UserPricipalName
$Userlist = get-content d:\users.txt
Write-host "Total $(($Userlist).count) users"
#Checking each user Strong Authentication Method
$Userlist | foreach {
Write-host "Checking user: $($_) MFA status....."
$User = get-msoluser -UserPrincipalName $_
$UserStrongDetails = $User.StrongAuthenticationMethods
$UserStrongDetailsCount =$User.StrongAuthenticationMethods.count
If($UserStrongDetails){
For ($i=0; $i-lt $UserStrongDetailsCount; $i++) {if(($UserStrongDetails[$i].IsDefault) -eq $true) {
$DefaultMethod =$null
$DefaultMethod = $UserStrongDetails[$i].MethodType
break }
}
$Preresult =@{
'AAD-DisplayName' = $user.DisplayName
'AAD-UserPrincipalName' = $user.UserPrincipalName
'AAD-UsageLocation' = $user.UsageLocation
'AAD-MobilePhone' = $user.MobilePhone
'AAD-OfficePhoneNumber' = $user.PhoneNumber
'MFA-Mobile' = $user.StrongAuthenticationUserDetails.PhoneNumber
'MFA-AlternativePhoneNumber' = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
'MFA-Email' = $user.StrongAuthenticationUserDetails.Email
'MFA-DefaultMethod' = $DefaultMethod
}
}
else
{
$DefaultMethod =$null
$Preresult = @{
'AAD-DisplayName' = $user.DisplayName
'AAD-UserPrincipalName' = $user.UserPrincipalName
'AAD-UsageLocation' = $user.UsageLocation
'AAD-MobilePhone' = $user.MobilePhone
'AAD-OfficePhoneNumber' = $user.PhoneNumber
'MFA-Mobile' = "Not-Defined"
'MFA-AlternativePhoneNumber' = "Not-Defined"
'MFA-Email' = "Not-Defined"
'MFA-DefaultMethod' = "Not-Defined"
}
}
$Results += New-Object -TypeName PSObject -Property $Preresult
}
$Results | Select-Object AAD-DisplayName,AAD-UserPrincipalName,AAD-UsageLocation,AAD-MobilePhone,AAD-OfficePhoneNumber,MFA-Mobile,MFA-AlternativePhoneNumber,MFA-Email,MFA-DefaultMethod | Export-Csv -notypeinformation -Path "d:\AzureMFAUserDetails.csv"
_Sudhish Kumar
- Malik0147Jun 21, 2020Copper ContributorSudhishSkumar, what details will this spit out? Please let me know, I'm trying to extract Users phone numbers they used in registering MFA. I found the same number on 2 different profiles, so i need to do an audit to see how many profiles like this do I have out there.
Thanks- MichalZiembaOct 22, 2020MCT
Here is the script which should meet your requirements
- fborupMay 18, 2020Copper Contributor
What i´m trying to do is more simples, but i´m unable to do:
1) Read UPNs form a textFile or csv, one UPN per line
2) set Auth methods
I´m trying this one, but it does nothing:
$listacsv = import-csv c:\temp\list.txt
foreach($upn in $listacsv) {
$method1 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$method1.IsDefault = $true
$method1.MethodType = "PhoneAppNotification"
$method2 = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod
$method2.IsDefault = $false
$method2.MethodType = "TwoWayVoiceMobile"
$methods = @($method1, $method2)
Set-MsolUser -UserPrincipalName $upn -StrongAuthenticationMethods $methods
}But insted of the sinple UPN, the returns is:
@{testuser@MYdomain.com}