Forum Discussion
StuartK73
Aug 06, 2019Iron Contributor
Report Users with NO Alternative Authentication Phone
Hi All
Is it possible to create a report showing users with / without an Alternative Authentication Phone Number?
Info greatly appreciated
Can you try the below script to list all users without alternative auth phone number.
$Result=@() $users = Get-MsolUser -All $users | ForEach-Object { $user = $_ $alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber if($alternativePhoneNumber -eq $null) { $Result += New-Object PSObject -property @{ UserName = $user.DisplayName UserPrincipalName = $user.UserPrincipalName } } } $Result | Select UserName,UserPrincipalName
Or you can try below script to list only MFA enabled users without alternative auth phone.
$Result=@() $users = Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null -or $_.StrongAuthenticationRequirements.State -ne $nul} $users | ForEach-Object { $user = $_ $alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber if($alternativePhoneNumber -eq $null) { $Result += New-Object PSObject -property @{ UserName = $user.DisplayName UserPrincipalName = $user.UserPrincipalName } } } $Result | Select UserName,UserPrincipalName
- Kevin_MorganIron Contributor
- StuartK73Iron Contributor
Great article, however, nothing happens when the following command is run:
$Result | Where {$_.MFAStatus -ne "Disabled" -and $_.AlternativePhoneNumber -eq $null}
List all MFA enabled users without Alternative Authentication Phone Number
Any ideas?
- StuartK73Iron Contributor
Hi Kevin
I do hope you are well.
Anyway, I did manage to get the following script running
List all MFA enabled users without Alternative Authentication Phone Number
However the output list Users, including myself that DO actually have a 2nd auth phone.
Any ideas?