Extract MFA/StrongAuth information from all Azure/O365 users

MSOnline PowerShell module is required to run this, the new AzureAD commandlets do not appear to have the strong authentication properties yet. Run the following PowerShell lines to load and connect to your Azure/o365 tenant.

Install-Module -Name MSOnline 
Connect-MsolService

Powershell snippet below gets all user from the tenant and expands StrongAuthenticationUserDetails property to retrieve the enrolled MFA info and further extends to extract default MFA method using PowerShell expression and saves it to c:\tmp\Azure-2FAEnrollmentReport.csv, using PS expression we were able to expand the second property in a single line.

Get-MsolUser -All | select userprincipalname, DisplayName,title, Department -ExpandProperty StrongAuthenticationUserDetails | select UserPrincipalName,DisplayName,Title,Department,AlternativePhoneNumber,PhoneNumber, @{ Name = 'default2FAMethodType'; Expression = {  (Get-MsolUser -UserPrincipalName $_.UserPrincipalName  | select -ExpandProperty StrongAuthenticationMethods | where {$_.IsDefault}).MethodType }} | Export-csv c:\tmp\Azure-2FAEnrollmentReport.csv

Leave a comment

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux