Forum Discussion

Iron Contributor

Feb 27, 2018

Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup). Looking at the status of users who I know have enabled...

Azure Active Directory (AAD)

Pablo R. Ortiz
Feb 28, 2018
No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

AliSoufi

Copper Contributor

Mar 11, 2022

dbetlow

Hi,

Sorry for the late response.
From my understating you wanted to know who got it setup before you forcefully enable it.

If a user setups MFA the value of "StrongAuthenticationMethods" will not be null

This should help:
Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $_.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}

cfizz34

Copper Contributor

Apr 19, 2022

What if I want to exclude BLOCKED users from the report?

AliSoufi
Copper Contributor
Apr 19, 2022
cfizz34 Can you explain what you mean by blocked users?
- cfizz3434
  Copper Contributor
  Apr 20, 2022
  AliSoufi
  <the sign-in status can be blocked or allowed. i want to exclude blocked users from the report
  - AliSoufi
    Copper Contributor
    Apr 20, 2022
    Got it. so you just need to add a filter like this: Where-Object {$_.BlockCredential -eq $false}
    the whole thing would look like something like this:
    Get-MsolUser -all | Where-Object {$_.BlockCredential -eq $false} | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $_.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}