MFA Report not reliable

%3CLINGO-SUB%20id%3D%22lingo-sub-2787700%22%20slang%3D%22en-US%22%3EMFA%20Report%20not%20reliable%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2787700%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20command%20%22Get-MsolUser%20-All%22%20use%20to%20be%20able%20to%20generate%20an%20report%20about%20MFA%20Status.%26nbsp%3B%3C%2FP%3E%3CP%3EOnly%20we%20noticed%20that%20this%20report%20is%20now%20incorrect%20for%2025%20users%20within%20our%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Azure%20Portal%20(in%20de%20new%20MFA%20Experience)%20does%20see%20the%20registered%20MFA%20providers.%20And%20on%20a%20per%20user%20basis%20you%20can%20query%20it%20in%20MsGraph.%20but%20the%20MSOL%20module%20can%20not%20see%20it%20anymore.%3C%2FP%3E%3CP%3ESo%20when%20we%20want%20to%20create%20a%20tenant%20wide%20report%20we%20don%E2%80%99t%20have%20an%20option%20that%20is%20reliable.%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20creating%20a%20support%20ticket%20the%20support%20engineer%20could%20see%20the%20same%20incorrect%20MFA%20status%20in%20their%20support%20portal.%20Apparently%20this%20has%20something%20to%20do%20with%20beta%20features%2C%20but%20that%20does%20not%20solve%20the%20problem%20we%20can%E2%80%99t%20create%20a%20report%20anymore.%3C%2FP%3E%3CP%3EThe%20Get-MsolUser%20could%20not%20see%20registered%20%3B%3CBR%20%2F%3E-%20Authenticator%20app%3CBR%20%2F%3E-%20Phone%20(voice)%3CBR%20%2F%3E-%20Windows%20Hello%20For%20Business%20(%20but%20msol%20has%20never%20seen%20this)%3C%2FP%3E%3CP%3E-%20(%20i%20did%20not%20test%20FIDO%20Credential)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20will%20there%20be%20a%20reliable%20option%20to%20create%20tenant%20wide%20report%20without%20querying%20in%20a%20per%20user%20basis%3F%20Could%20the%20MSOL%20module%20be%20fixed%2C%20or%20a%20graph%20call%20that%20could%20query%20tenant%20wide%20to%20see%20all%20registered%20providers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2787700%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGet-MsolUser%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMFA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

The command "Get-MsolUser -All" use to be able to generate an report about MFA Status. 

Only we noticed that this report is now incorrect for 25 users within our tenant. 

The Azure Portal (in de new MFA Experience) does see the registered MFA providers. And on a per user basis you can query it in MsGraph. but the MSOL module can not see it anymore.

So when we want to create a tenant wide report we don’t have an option that is reliable. 

After creating a support ticket the support engineer could see the same incorrect MFA status in their support portal. Apparently this has something to do with beta features, but that does not solve the problem we can’t create a report anymore.

The Get-MsolUser could not see registered ;
- Authenticator app
- Phone (voice)
- Windows Hello For Business ( but msol has never seen this)

- ( i did not test FIDO Credential)

 

When will there be a reliable option to create tenant wide report without querying in a per user basis? Could the MSOL module be fixed, or a graph call that could query tenant wide to see all registered providers.

 

0 Replies