Hi @Dale Peterson • Thank you for reaching out.
All the identity information (Users, Groups, Applications, ServicePrincipals, Managed Identities, etc.) is stored in Azure AD. That means, if you use Get-MSOLUser
or Get-AzureADUsers
, the users' information will eventually be fetched from Azure Active Directory.
However, depending on which cmdlet you use, a different API is used in the backend to fetch the information from Azure AD.
- If you use the
Get-MSOLUser
cmdlet, the API used in the backend will be https://provisioningapi.microsoftonline.com
- If you use the
Get-AzureADUsers
cmdlet, it will use Graph API ( https://graph.windows.net/
or https://graph.microsoft.com
)
Note: The information that you are trying to fetch, might be exposed via one API but not the other. E.g., you don't get the below properties with the Get-AzureADUsers cmdlet, which is why you need to use Get-MsolUser to know how many users have registered with MFA.
- StrongAuthenticationMethod
- StrongAuthenticationPhoneAppDetails
- StrongAuthenticationProofupTime
- StrongAuthenticationRequirements
- StrongAuthenticationUserDetails
- StrongPasswordRequired
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.