Apr 09 2019
07:59 PM
- last edited on
Jan 14 2022
04:40 PM
by
TechCommunityAP
Apr 09 2019
07:59 PM
- last edited on
Jan 14 2022
04:40 PM
by
TechCommunityAP
Hi Team,
I am trying to report on Office 365 with MFA enabled. Found the script online and the post here to get those users using the cmdlet below:
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null}
or
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -like "*"}
However this is not quite accurate. I have noticed that users who don't have MFA enabled, but have joined their Windows 10 machine to Azure AD (During this process Microsoft requires them to put a phone number and verify before they can set a PIN), have their StrongAuthenticationMethods property filled in.
Is there a way to filter them out and find the users with truly MFA enabled please? Appreciate your replies.
Thank you
Madhu
Apr 10 2019 12:41 AM
SolutionWell, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:
(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State
Apr 10 2019 02:50 PM
@VasilMichev Thank you very much. That is perfect.
Apr 10 2019 12:41 AM
SolutionWell, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:
(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State