SOLVED

Find users with MFA Enforce / Enable?

%3CLINGO-SUB%20id%3D%22lingo-sub-2957015%22%20slang%3D%22en-US%22%3EFind%20users%20with%20MFA%20Enforce%20%2F%20Enable%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957015%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20UI%20or%20powershell%20method%20to%20find%20users%20that%20have%20MFA%20enable%20%2F%20enforce.%20Also%20if%20they%20are%20capable%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2957015%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957519%22%20slang%3D%22en-US%22%3ERe%3A%20Find%20users%20with%20MFA%20Enforce%20%2F%20Enable%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957519%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F9218%22%20target%3D%22_blank%22%3E%40Brian%20Hoyt%3C%2FA%3E%26nbsp%3B%3CSPAN%3EThe%20sign-ins%20report%20provides%20you%20with%20information%20about%20the%20usage%20of%20managed%20applications%20and%20user%20sign-in%20activities%2C%20which%20includes%20information%20about%20multi-factor%20authentication%20(MFA)%20usage.%20you%20can%20find%20details%20in%20the%20below%20URL%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-in%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-mfa-reporting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESign-in%20event%20details%20for%20Azure%20AD%20Multi-Factor%20Authentication%20-%20Azure%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAlso%20you%20can%20use%20the%20powershell%20command%3C%2FSPAN%3E%3C%2FP%3E%3CH2%20id%3D%22toc-hId--295098508%22%20id%3D%22toc-hId--295103313%22%20id%3D%22toc-hId--295103313%22%20id%3D%22toc-hId--295103313%22%3EList%20all%20users%20that%20have%20MFA%20enabled%20only%3C%2FH2%3E%3CP%3EThe%20following%20command%20will%20display%20generate%20a%20list%20of%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EONLY%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3Ethe%20users%20who%20have%20MFA%20enabled%3C%2FP%3E%3CPRE%3EGet-MsolUser%20-All%20%7C%20where%20%7B%24_.StrongAuthenticationMethods.Count%20-eq%201%7D%20%7C%20Select-Object%20-Property%20UserPrincipalName%20%7C%20Sort-Object%20userprincipalname%3C%2FPRE%3E%3CP%3EList%20all%20users%20that%20have%20DONT%20HAVE%20MFA%20enabled%20only%20The%20following%20command%20will%20display%20generate%20a%20list%20of%20users%20who%3CSTRONG%3E%20DONT%20have%20MFA%20enabled%20%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EGet-MsolUser%20-All%20%7C%20where%20%7B%24_.StrongAuthenticationMethods.Count%20-eq%200%7D%20%7C%20Select-Object%20-Property%20UserPrincipalName%20%7C%20Sort-Object%20userprincipalname%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2966008%22%20slang%3D%22en-US%22%3ERe%3A%20Find%20users%20with%20MFA%20Enforce%20%2F%20Enable%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2966008%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1147981%22%20target%3D%22_blank%22%3E%40Chandrasekhar_Arya%3C%2FA%3E%26nbsp%3BI%20found%20this%20great%20script%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Flazyadmin.nl%2Fpowershell%2Flist-office365-mfa-status-powershell%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%5BPowerShell%5D%20Export%20the%20MFA%20Status%20of%20Office%20365%20users%20(lazyadmin.nl)%3C%2FA%3E%26nbsp%3Bthat%20gives%20all%20the%20information%20I%20needed.%20Thanks%20for%20you%20suggestions.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Is there a UI or powershell method to find users that have MFA enable / enforce. Also if they are capable?

3 Replies

@Brian Hoyt The sign-ins report provides you with information about the usage of managed applications and user sign-in activities, which includes information about multi-factor authentication (MFA) usage. you can find details in the below URL Sign-in event details for Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft ...

Also you can use the powershell command

List all users that have MFA enabled only

The following command will display generate a list of ONLY the users who have MFA enabled

Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 1} | Select-Object -Property UserPrincipalName | Sort-Object userprincipalname

List all users that have DONT HAVE MFA enabled only The following command will display generate a list of users who DONT have MFA enabled

Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName | Sort-Object userprincipalname

best response confirmed by Brian Hoyt (Contributor)
Solution

@Chandrasekhar_Arya I found this great script [PowerShell] Export the MFA Status of Office 365 users (lazyadmin.nl) that gives all the information I needed. Thanks for you suggestions.

super