View and unblock users that are blocked by MFA using Powershell

Copper Contributor

How can I view and unblock uses that have become blocked using MFA in Powershell

The following


Provides a listing of uses that have become blocked using MFA. In my case, most of the uses listed are a consequence of badly managed MFA registration. But what I really need is to be able to view the listing in Powershell, and potentially unblock the user in Powershell. If unblocking is not possible then viewing would be a start. Perhaps a REST call to the GRAPH API? Anything would help..





7 Replies

I'm not aware of any way to do this programmatically, but others might prove me wrong :)


Did you ever find a solution for this ?  Am needing the same myself.


Actually partially yes..

This is the rest call to find the blocked users:
$filters= "activityDisplayName eq 'Fraud reported - user is blocked for MFA'"
$uri = "$($filters)"

Hello, can i have more information regarding your last message ?
Thanks a lot


Not sure how far you got on this, but this is what i have done in the sense of get the blocked accounts, based on the feedback from @Compulinx above.


Import-Module Microsoft.Graph.Reports
Connect-Graph -Scopes "AuditLog.Read.All" -TenantId "{TENANT_ID}"
$Filter = "activityDisplayName eq 'Fraud reported - user is blocked for MFA'"
Get-MgAuditLogDirectoryAudit -Filter $Filter | Select -ExpandProperty TargetResources


So now i can see that something/Someone have reported fraud, next step is how to unblock.
Hope that help others on the way, please revert if you have a way of showing who it is and how to unblock.