1

I want to access (and report on) the number of users who are using Azure MFA and the means in which they do so (via the app, SMS, etc).

How can I use powershell, or otherwise get the data associated with MFA usage and configuration by end users?

Specifically I need to understand where the data in this screen is stored in AAD, and if any other 3rd party application can access it. (People picker, Delve, Teams, or 3rd party app, Exchange GAL, etc)

enter image description here

Ran Dom
  • 91
  • 1
  • 3
  • 6

2 Answers2

0

If you want to get user MFA status, you could try this Msolservice PowerShell query:

Get-MsolUser -all | select DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}
SunnySun
  • 231
  • 1
  • 4
  • Thank you Sunny, but where is the phone number stored? – Ran Dom Aug 09 '18 at 15:44
  • AAD users this info is stored in AAD in the `StrongAuthenticationPhoneAppDetails` and `StrongAuthenticationUserDetails` attributes. AAD PowerShell: `(get-msoluser -UserPrincipalName user@domain.onmicrosoft.com).StrongAuthenticationPhoneAppDetails ` – SunnySun Aug 10 '18 at 02:46
0

You can use 365 Admin center to get users MFA status.View MFA status in 365 Admin center

but you can't view MFA properties in 365 Admin center. You need to use Powershell cmdlets for that or you can use some pre-built script to get users MFA status along with MFA properties like Configured MFA method, default MFA methods, MFA email, MFA phone etc. You can try this TechNet gallery script. https://gallery.technet.microsoft.com/Export-Office-365-Users-81747c73

Samara Josh
  • 26
  • 2
  • Since the TechNet gallery is about to retire, you can download the script from the linked source: [MFA status report](https://o365reports.com/2019/05/09/export-office-365-users-mfa-status-csv/) – Samara Josh Dec 01 '20 at 14:00