How do you get all authentication methods for all users with the Graph SDK in one command?

Todd Willett 0 Reputation points
2023-05-25T12:26:55.0133333+00:00

To get all users we can use Get-MgUser -All, but it doesn't have the authentication methods (and SMS number that we're looking for) like the soon to be deprecated Get-MsolUser does.

So if we try to use Get-MGUserAuthenticationMethod the -All switch doesn't work. If you look at the function itself, it has 2 parameter sets and both are to get 1 object returned.

Looping this in a for each loop "works" but we have tens of thousands of users so this is both time consuming and we run into throttling issues.

So the questions are:

  1. Is there a property for Get-MgUser that returns this info? I tried Authentication but it's blank.
  2. Is this something that's going to be updated soon in Get-MgUserAuthenticationMethod?

Hopefully there's a way to do this, but if it not...It's frustrating to tell us you're deprecating one technology when the "new and improved" one isn't finished or can't do the same thing.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,316 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 99,936 Reputation points MVP
    2023-05-25T16:21:19.3866667+00:00

    You cannot do this via a one-liner, at least not a good one, as the authentication methods data comes from a different API. Said endpoints expose more than just the MFA methods, so it's not 1:1 comparison with the good old MSOnline cmdlets.

    If you want to get the MFA details in a single call, use the credential registration report under /reports/credentialUserRegistrationDetails:

    GET https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails