Forum Discussion
Powershell CMDlets for MFA Settings?
You have the information in the Get-MSolUser cmdlet from MSOnline powershell module:
Connect-MsolService $User = Get-MSolUser -UserPrincipalName user@domain.com
$User.StrongAuthenticationMethodsWith that you get the default authentication method. There are other properties beginning by StrongAuthentication that give you other details
I need a PS script that generates a CSV showing not only if MFA is enabled for all users, but shows the authentication method as well.
Thank You in advance.
Try this (has to be done on a per-group basis):
$filepath = '<your-export-filename>'
Get-MsolGroupMember -GroupObjectId <the id number of the group> -MemberObjectTypes User -All | Get-MsolUser | Where {$_.UserPrincipalName} | Select UserPrincipalName, DisplayName, Country, Department, Title, @{n="MFA"; e={$_.StrongAuthenticationRequirements.State}}, @{n="Methods"; e={($_.StrongAuthenticationMethods).MethodType}}, @{n="Default Method"; e={($_.StrongAuthenticationMethods).IsDefault}} | Export-Csv -Path $filepath
Thank You.
So by Group, do you mean all the users must be in some type of GROUP?
[Distro, O365 Group,..]
This specific PS command relies upon the Group Object ID which is unique to the specific group. For instance, if you have an All Users group, you would need to provide. It's a number that looks similar to this: af407072-7ae1-4b07-a0ca-6634b7396054
Is it possible to edit the value of the strongauthenticationmethod?
So I want to switch the IsDefault value in my case from PhoneAppOTP to PhoneAppNotification
I was hoping I was just going to be able to use
Set-MsolUser -UserPrincipalName myuser@mycompany.com -StrongAuthenticationMethods phoneappnotification
But this doesn't seem to be the correct methodology. Any guidance would be apprciated