Forum Discussion
vladislav2495
Aug 30, 2023Copper Contributor
How to identify if an user is enforced to enable MFA
Hello community,
I see that there are 3 ways to enforce users to enable MFA:
- Enforce an user in the ActiveDirectory
- Enable security defaults policy
- Configure Conditional Access policies
Is there any field on a user resource in the Graph API to identify if a user is enforced to enable MFA?
vladislav2495 you can enforce MFA also in case you don't have P1 license using the per user MFA
you can check the MFA activities and usage from the below blade in ENTRA ID
- vladislav2495Copper ContributorThanks for your reply, but I need a different information of my users. I'd like to know if some of my users are enforced to enable MFA
vladislav2495 OK , try the below PowerShell script
Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}