Forum Discussion

vladislav2495's avatar
vladislav2495
Copper Contributor
Aug 30, 2023

How to identify if an user is enforced to enable MFA

Hello community,
I see that there are 3 ways to enforce users to enable MFA:

  1. Enforce an user in the ActiveDirectory
  2. Enable security defaults policy
  3. Configure Conditional Access policies

Is there any field on a user resource in the Graph API to identify if a user is enforced to enable MFA? 

  • vladislav2495 you can enforce MFA also in case you don't have P1 license using the per user MFA 

     

    you can check the MFA activities and usage from the below blade in ENTRA ID 

     

    • vladislav2495's avatar
      vladislav2495
      Copper Contributor
      Thanks for your reply, but I need a different information of my users. I'd like to know if some of my users are enforced to enable MFA
      • eliekarkafy's avatar
        eliekarkafy
        MVP

        vladislav2495 OK , try the below PowerShell script 

         

        Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}

Resources