PowerShell to get a list of Office 365 users with MFA enabled

Copper Contributor

Hi Team,


I am trying to report on Office 365 with MFA enabled. Found the script online and the post here to get those users using the cmdlet below:
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null}


Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -like "*"}


However this is not quite accurate. I have noticed that users who don't have MFA enabled, but have joined their Windows 10 machine to Azure AD (During this process Microsoft requires them to put a phone number and verify before they can set a PIN), have their StrongAuthenticationMethods property filled in. 


Is there a way to filter them out and find the users with truly MFA enabled please? Appreciate your replies.


Thank you


2 Replies
best response confirmed by Madhu Perera (Copper Contributor)

Well, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:


(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State

@Vasil Michev  Thank you very much. That is perfect.