Hello @Christopher Rugama ,
Welcome to the MS Q&A forum.
I played with the script from this post and below is the updated version which returns data required by your ask.
Function Get-PerUserMFAStatus {
[CmdletBinding(DefaultParameterSetName='All')]
param(
[Parameter(
Mandatory = $false,
ParameterSetName = 'UPN',
Position = 0
)]
[string[]] $UserPrincipalName,
[Parameter(
Mandatory = $false,
ParameterSetName = 'All'
)]
[switch] $All
)
BEGIN {
if (-not (Get-MsolDomain -ErrorAction SilentlyContinue)) {
Write-Error "You must connect to the MSolService to continue" -ErrorAction Stop
}
}
PROCESS {
if ($PSBoundParameters.ContainsKey('UserPrincipalName')) {
$MsolUserList = foreach ($MsolUser in $UserPrincipalName) {
try {
Get-MsolUser -UserPrincipalName $MsolUser -ErrorAction Stop
} catch {
Write-Error $_.Exception.Message
}
}
} else {
$MsolUserList = Get-MsolUser -All -ErrorAction Stop | Where-Object {$_.DisplayName -notmatch 'On-Premises Directory Synchronization'}
}
#Now that we have our UserList, lets check the per-user mfa status
foreach ($User in $MsolUserList)
{
$MethodType = $User.StrongAuthenticationMethods | select -ExpandProperty MethodType
if ($User.StrongAuthenticationRequirements)
{
$PerUserMFAState = $User.StrongAuthenticationRequirements.State
}
else
{$PerUserMFAState = 'Disabled'}
if ($MethodType -eq 'OneWaySMS')
{
[PSCustomObject]@{
UserPrincipalName = $User.UserPrincipalName
DisplayName = $User.DisplayName
PerUserMFAState = $PerUserMFAState
DefaultMethodType = 'SMS Text Message'
}
$MethodType = $null
}}}
END {}
}
Get-PerUserMFAStatus -All
Hope that will help you to collect all required information.
--------------------------------------------------------
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.