Need to migrate my MFA Status script from MSol to MSGraph

Copper Contributor

Here is my current script, which no longer works due to the Run As accounts being retired. I have since worked out how to use the system-managed identity, but its not compatible with MSol and because its being deprecated, I need a long term solution with MSGraph:

# Get credential and connect to MSOnline Service 
$credential = Get-AutomationPSCredential -Name "Credential"
Connect-MsolService -Credential $null -AccountId '' -AzureEnvironment "AzureCloud"

# Retrieve a list of all users in the Azure AD tenant
$allUsers = Get-MsolUser 

# Create a list object that stores users whom have MFA disabled
$usersWithoutMFA = New-Object System.Collections.Generic.List[PSObject]

# Iterate through the list of users and check MFA status, Create object and store UPN & Full Names
foreach($user in $allUsers)
{if($user.StrongAuthenticationRequirements.Count -eq 0 -and $user.BlockCredential -eq $false){
    $usersWithoutMFA += $user.UserPrincipalName}
    }

# Return the array of the Disabled MFA users
#Write-Output $allUsers

# Convert the array to a comma-separated string
$usersWithoutMFAString = $usersWithoutMFA -join ", "

# Return the comma-separated string of user UPNs
Write-Output $usersWithoutMFAString
1 Reply

@Jonesy6123 

 

Can anyone help me here? I've been directed to come here for assistance from here: https://answers.microsoft.com/en-us/msoffice/forum/all/i-need-an-alternative-way-of-accessing-my-use...

Presumably multiple organizations are experiencing this issue so any help would be appreciated. Please let me know if further info is required.