Forum Discussion
PowerShell to get a list of Office 365 users with MFA enabled
Hi Team,
I am trying to report on Office 365 with MFA enabled. Found the script online and the post here to get those users using the cmdlet below:
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -ne $null}
or
Get-MsolUser -All | Where {$_.StrongAuthenticationMethods -like "*"}
However this is not quite accurate. I have noticed that users who don't have MFA enabled, but have joined their Windows 10 machine to Azure AD (During this process Microsoft requires them to put a phone number and verify before they can set a PIN), have their StrongAuthenticationMethods property filled in.
Is there a way to filter them out and find the users with truly MFA enabled please? Appreciate your replies.
Thank you
Madhu
Well, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:
(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State
Well, Azure AD join serves as a form of MFA, so it's not that inaccurate. But if you only want to cover the "traditional" MFA, check the value of the "state" parameter:
(Get-MsolUser -SearchString huku).StrongAuthenticationRequirements.State
VasilMichev Thank you very much. That is perfect.
