Forum Discussion

dbetlow's avatar
dbetlow
Iron Contributor
Feb 27, 2018
Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup).  Looking at the status of users who I know have enabled...
Azure Active Directory (AAD)
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 28, 2018

    No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

AliSoufi's avatar
AliSoufi
Copper Contributor
Mar 11, 2022

dbetlow 

 

Hi,

Sorry for the late response.
From my understating you wanted to know who got it setup before you forcefully enable it.

If a user setups MFA the value of "StrongAuthenticationMethods" will not be null

This should help:
Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $_.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}

  • cfizz34's avatar
    cfizz34
    Copper Contributor
    Apr 19, 2022
    What if I want to exclude BLOCKED users from the report?
    • AliSoufi's avatar
      AliSoufi
      Copper Contributor
      Apr 19, 2022
      cfizz34 Can you explain what you mean by blocked users?
      • cfizz3434's avatar
        cfizz3434
        Copper Contributor
        Apr 20, 2022

        AliSoufi 

        <the sign-in status can be blocked or allowed.  i want to exclude blocked users from the report

Resources