Powershell Cmdlets that checks MFA Status

Copper Contributor

Does any one know if there are Powershell Cmdlet that checks if MFA is disabled and phone number is registered under authentication methods.

If both conditions are met, then it enables or enforce MFA ?

2 Replies

@Khaled_Shyiab Hi, take a look at these.


Reporting MFA-Enabled Accounts


Export Office 365 Users MFA Status to CSV using PowerShell



something like this should work


----- Script -----

Import-Module -Name MSOnline



$EligibleUsers  = Get-MsolUser -All | Where-Object -FilterScript {$_.MobilePhone -and -not $_.StrongAuthenticationMethods}   


foreach ($User in $EligibleUsers)


        $SAM = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationMethod

        $SAM.IsDefault  = $true

        $SAM.MethodType = "OneWaySMS"

        Set-MsolUser -ObjectID $User.ObjectId -StrongAuthenticationMethods $SAM


    Write-Output "Set SMS MFA for user '($($User.UserPrincipalName))' to '$($User.MobilePhone)'"



----- Script End -----