Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

PowerShell to get a list of Office 365 users with MFA enabled

Copper Contributor

Hi Team,

 

I am trying to report on Office 365 with MFA enabled. Found the script online and the post here to get those users using the cmdlet below:
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null}

or

Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -like "*"}

 

However this is not quite accurate. I have noticed that users who don't have MFA enabled, but have joined their Windows 10 machine to Azure AD (During this process Microsoft requires them to put a phone number and verify before they can set a PIN), have their StrongAuthenticationMethods property filled in. 

 

Is there a way to filter them out and find the users with truly MFA enabled please? Appreciate your replies.

 

Thank you

Madhu

2 Replies
best response confirmed by Madhu Perera (Copper Contributor)
Solution

Well, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:

 

(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State

@Vasil Michev  Thank you very much. That is perfect.

1 best response

Accepted Solutions
best response confirmed by Madhu Perera (Copper Contributor)
Solution

Well, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:

 

(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State

View solution in original post