cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more
SOLVED

Report Users with NO Alternative Authentication Phone

Stuart King
Regular Contributor

‎Aug 06 2019 03:48 AM - last edited on ‎Jan 14 2022 04:38 PM by

‎Aug 06 2019 03:48 AM - last edited on ‎Jan 14 2022 04:38 PM by

Report Users with NO Alternative Authentication Phone

Hi All

 

Is it possible to create a report showing users with / without an Alternative Authentication Phone Number?

 

Info greatly appreciated

3,899 Views
0 Likes
7 Replies
Reply
7 Replies
Stuart King

‎Aug 06 2019 05:53 PM

‎Aug 06 2019 05:53 PM

Re: Report Users with NO Alternative Authentication Phone

@Kevin Morgan 

 

Great article, however, nothing happens when the following command is run:

 

$Result | Where {$_.MFAStatus -ne "Disabled" -and $_.AlternativePhoneNumber -eq $null}

 

List all MFA enabled users without Alternative Authentication Phone Number

 

Any ideas?

0 Likes
Reply
Stuart King

‎Aug 08 2019 04:25 AM

‎Aug 08 2019 04:25 AM

Re: Report Users with NO Alternative Authentication Phone

@Kevin Morgan 

 

Hi Kevin

 

I do hope you are well.

 

Anyway, I did manage to get the following script running 

List all MFA enabled users without Alternative Authentication Phone Number

 

However the output list Users, including myself that DO actually have a 2nd auth phone.

 

Any ideas?

0 Likes
Reply
Kevin Morgan

‎Aug 09 2019 03:46 AM - edited ‎Aug 09 2019 03:51 AM

‎Aug 09 2019 03:46 AM - edited ‎Aug 09 2019 03:51 AM

Re: Report Users with NO Alternative Authentication Phone

@Stuart King 

 

Can you run the below command (after replacing your account's UPN) to check the "AlternativePhoneNumber" is configured or not.

 

$user = Get-MsolUser -UserPrincipalName "UserName@Domain.onmicrosoft.com"
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -ne $null) { 
Write-Host "AlternativePhoneNumber:" $alternativePhoneNumber -ForegroundColor Green
} Else {
Write-Host "Alternative auth phone number not configured" -ForegroundColor Red
}

Note : This script extracting 2nd auth phone number from MFA Authentication User Details, not from user's Alternative Mobile Number :  $user.AlternateMobilePhones

0 Likes
Reply
Stuart King

‎Aug 09 2019 04:00 AM

‎Aug 09 2019 04:00 AM

Re: Report Users with NO Alternative Authentication Phone

@Kevin Morgan 

 

Hi Kevin

 

Yes this works, it displays my alternative mob number.

 

Can this be done tenant wide?

 

Stuart

0 Likes
Reply
best response confirmed by Stuart King (Regular Contributor)
Kevin Morgan

‎Aug 09 2019 05:11 AM - edited ‎Aug 09 2019 05:17 AM

‎Aug 09 2019 05:11 AM - edited ‎Aug 09 2019 05:17 AM

Solution

Re: Report Users with NO Alternative Authentication Phone

@Stuart King 

 

Can you try the below script to list all users without alternative auth phone number.

 

$Result=@()
$users = Get-MsolUser -All
$users | ForEach-Object {
$user = $_
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -eq $null) { 
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}
}
}
$Result | Select UserName,UserPrincipalName

Or you can try below script to list only MFA enabled users without alternative auth phone.

$Result=@()
$users = Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null -or $_.StrongAuthenticationRequirements.State -ne $nul}
$users | ForEach-Object {
$user = $_
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
if($alternativePhoneNumber -eq $null) { 
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
}
}
}
$Result | Select UserName,UserPrincipalName
0 Likes
Reply
Stuart King

‎Aug 09 2019 05:27 AM

‎Aug 09 2019 05:27 AM

Re: Report Users with NO Alternative Authentication Phone

@Kevin Morgan 

 

2nd script looks good.

 

Your an absolute genius, thank you so much.

 

Marked your answer as the Best Response.

 

Have yourself a fab day.

 

Stuart

1 Like
Reply