SOLVED
Home

Report Users with NO Alternative Authentication Phone

%3CLINGO-SUB%20id%3D%22lingo-sub-789827%22%20slang%3D%22en-US%22%3EReport%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-789827%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20create%20a%20report%20showing%20users%20with%20%2F%20without%20an%20Alternative%20Authentication%20Phone%20Number%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInfo%20greatly%20appreciated%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-789827%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-790217%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-790217%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20check%20this%20post%20%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.morgantechspace.com%2F2018%2F06%2Ffind-and-list-mfa-enabled-status-office-365-users-powershell.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.morgantechspace.com%2F2018%2F06%2Ffind-and-list-mfa-enabled-status-office-365-users-powershell.html%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-792238%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-792238%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38365%22%20target%3D%22_blank%22%3E%40Kevin%20Morgan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGreat%20article%2C%20however%2C%20nothing%20happens%20when%20the%20following%20command%20is%20run%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24Result%20%7C%20Where%20%7B%24_.MFAStatus%20-ne%20%22Disabled%22%20-and%20%24_.AlternativePhoneNumber%20-eq%20%24null%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId-1598877469%22%3EList%20all%20MFA%20enabled%20users%20without%20Alternative%20Authentication%20Phone%20Number%3C%2FH3%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794981%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794981%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38365%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40Kevin%20Morgan%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHi%20Kevin%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20do%20hope%20you%20are%20well.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnyway%2C%20I%20did%20manage%20to%20get%20the%20following%20script%20running%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1598877469%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%20id%3D%22toc-hId--953279492%22%3EList%20all%20MFA%20enabled%20users%20without%20Alternative%20Authentication%20Phone%20Number%3C%2FH3%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20the%20output%20list%20Users%2C%20including%20myself%20that%20DO%20actually%20have%20a%202nd%20auth%20phone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-797212%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-797212%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20run%20the%20below%20command%20(after%20replacing%20your%20account's%20UPN)%20to%20check%20the%20%22%3CSPAN%3EAlternativePhoneNumber%3C%2FSPAN%3E%22%20is%20configured%20or%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3E%24user%20%3D%20Get-MsolUser%20-UserPrincipalName%20%22UserName%40Domain.onmicrosoft.com%22%0A%24alternativePhoneNumber%20%3D%20%24user.StrongAuthenticationUserDetails.AlternativePhoneNumber%0Aif(%24alternativePhoneNumber%20-ne%20%24null)%20%7B%20%0AWrite-Host%20%22AlternativePhoneNumber%3A%22%20%24alternativePhoneNumber%20-ForegroundColor%20Green%0A%7D%20Else%20%7B%0AWrite-Host%20%22Alternative%20auth%20phone%20number%20not%20configured%22%20-ForegroundColor%20Red%0A%7D%3C%2FPRE%3E%3CP%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20This%20script%20extracting%202nd%20auth%20phone%20number%20from%20MFA%20Authentication%20User%20Details%2C%20not%20from%20user's%20Alternative%20Mobile%20Number%20%3A%26nbsp%3B%20%24user.AlternateMobilePhones%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-797217%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-797217%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38365%22%20target%3D%22_blank%22%3E%40Kevin%20Morgan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Kevin%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20this%20works%2C%20it%20displays%20my%20alternative%20mob%20number.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20this%20be%20done%20tenant%20wide%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-797307%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-797307%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131657%22%20target%3D%22_blank%22%3E%40Stuart%20King%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20try%20the%20below%20script%20to%20list%20all%20users%20without%26nbsp%3B%3CSPAN%3Ealternative%20auth%20phone%20number.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3E%24Result%3D%40()%0A%24users%20%3D%20Get-MsolUser%20-All%0A%24users%20%7C%20ForEach-Object%20%7B%0A%24user%20%3D%20%24_%0A%24alternativePhoneNumber%20%3D%20%24user.StrongAuthenticationUserDetails.AlternativePhoneNumber%0Aif(%24alternativePhoneNumber%20-eq%20%24null)%20%7B%20%0A%24Result%20%2B%3D%20New-Object%20PSObject%20-property%20%40%7B%20%0AUserName%20%3D%20%24user.DisplayName%0AUserPrincipalName%20%3D%20%24user.UserPrincipalName%0A%7D%0A%7D%0A%7D%0A%24Result%20%7C%20Select%20UserName%2CUserPrincipalName%3C%2FPRE%3E%3CP%3EOr%20you%20can%20try%20below%20script%20to%20list%20only%20MFA%20enabled%20users%20without%20alternative%20auth%20phone.%3C%2FP%3E%3CPRE%3E%24Result%3D%40()%0A%24users%20%3D%20Get-MsolUser%20-All%20%7C%20Where%20%7B%24_.StrongAuthenticationMethods%20-ne%20%24null%20-or%20%24_.StrongAuthenticationRequirements.State%20-ne%20%24nul%7D%0A%24users%20%7C%20ForEach-Object%20%7B%0A%24user%20%3D%20%24_%0A%24alternativePhoneNumber%20%3D%20%24user.StrongAuthenticationUserDetails.AlternativePhoneNumber%0Aif(%24alternativePhoneNumber%20-eq%20%24null)%20%7B%20%0A%24Result%20%2B%3D%20New-Object%20PSObject%20-property%20%40%7B%20%0AUserName%20%3D%20%24user.DisplayName%0AUserPrincipalName%20%3D%20%24user.UserPrincipalName%0A%7D%0A%7D%0A%7D%0A%24Result%20%7C%20Select%20UserName%2CUserPrincipalName%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-797325%22%20slang%3D%22en-US%22%3ERe%3A%20Report%20Users%20with%20NO%20Alternative%20Authentication%20Phone%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-797325%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38365%22%20target%3D%22_blank%22%3E%40Kevin%20Morgan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2nd%20script%20looks%20good.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYour%20an%20absolute%20genius%2C%20thank%20you%20so%20much.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMarked%20your%20answer%20as%20the%20Best%20Response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20yourself%20a%20fab%20day.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStuart%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Hi All

 

Is it possible to create a report showing users with / without an Alternative Authentication Phone Number?

 

Info greatly appreciated

7 Replies

@Kevin Morgan 

 

Great article, however, nothing happens when the following command is run:

 

$Result | Where {$_.MFAStatus -ne "Disabled" -and $_.AlternativePhoneNumber -eq $null}

 

List all MFA enabled users without Alternative Authentication Phone Number

 

Any ideas?

@Kevin Morgan 

 

Hi Kevin

 

I do hope you are well.

 

Anyway, I did manage to get the following script running 

List all MFA enabled users without Alternative Authentication Phone Number

 

However the output list Users, including myself that DO actually have a 2nd auth phone.

 

Any ideas?

@Stuart King 

 

Can you run the below command (after replacing your account's UPN) to check the "AlternativePhoneNumber" is configured or not.

 

$user = Get-MsolUser -UserPrincipalName "UserName@Domain.onmicrosoft.com"
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -ne $null) { 
Write-Host "AlternativePhoneNumber:" $alternativePhoneNumber -ForegroundColor Green
} Else {
Write-Host "Alternative auth phone number not configured" -ForegroundColor Red
}

Note : This script extracting 2nd auth phone number from MFA Authentication User Details, not from user's Alternative Mobile Number :  $user.AlternateMobilePhones

@Kevin Morgan 

 

Hi Kevin

 

Yes this works, it displays my alternative mob number.

 

Can this be done tenant wide?

 

Stuart

Solution

@Stuart King 

 

Can you try the below script to list all users without alternative auth phone number.

 

$Result=@()
$users = Get-MsolUser -All
$users | ForEach-Object {
$user = $_
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -eq $null) { 
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}
}
}
$Result | Select UserName,UserPrincipalName

Or you can try below script to list only MFA enabled users without alternative auth phone.

$Result=@()
$users = Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null -or $_.StrongAuthenticationRequirements.State -ne $nul}
$users | ForEach-Object {
$user = $_
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -eq $null) { 
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}
}
}
$Result | Select UserName,UserPrincipalName

@Kevin Morgan 

 

2nd script looks good.

 

Your an absolute genius, thank you so much.

 

Marked your answer as the Best Response.

 

Have yourself a fab day.

 

Stuart

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies