Forum Discussion
Need to migrate my MFA Status script from MSol to MSGraph
Here is my current script, which no longer works due to the Run As accounts being retired. I have since worked out how to use the system-managed identity, but its not compatible with MSol and because its being deprecated, I need a long term solution with MSGraph:
# Get credential and connect to MSOnline Service
$credential = Get-AutomationPSCredential -Name "Credential"
Connect-MsolService -Credential $null -AccountId '' -AzureEnvironment "AzureCloud"
# Retrieve a list of all users in the Azure AD tenant
$allUsers = Get-MsolUser
# Create a list object that stores users whom have MFA disabled
$usersWithoutMFA = New-Object System.Collections.Generic.List[PSObject]
# Iterate through the list of users and check MFA status, Create object and store UPN & Full Names
foreach($user in $allUsers)
{if($user.StrongAuthenticationRequirements.Count -eq 0 -and $user.BlockCredential -eq $false){
$usersWithoutMFA += $user.UserPrincipalName}
}
# Return the array of the Disabled MFA users
#Write-Output $allUsers
# Convert the array to a comma-separated string
$usersWithoutMFAString = $usersWithoutMFA -join ", "
# Return the comma-separated string of user UPNs
Write-Output $usersWithoutMFAString
1 Reply
Can anyone help me here? I've been directed to come here for assistance from here: https://answers.microsoft.com/en-us/msoffice/forum/all/i-need-an-alternative-way-of-accessing-my-users/5d30d19d-9be9-424a-aaba-110eb947d705
Presumably multiple organizations are experiencing this issue so any help would be appreciated. Please let me know if further info is required.
