'userRegistrationDetails' graph API not listing all users MFA details

Question

I'd like to get customer's users who do not use MFA. I can do this using PowerShell but I didn't find a method property on graph API to get user's "strongauthenticationrequirements.state".

I am using graph API 'https://graph.microsoft.com/beta/reports/authenticationMethods'

which returns very few users MFA details. (its NOT filtering based on any criteria's like

'enabled users' or 'MFA enabled users'. because it returns details for disabled users also and MFA disabled users also') it returns less than 3000 user details, whereas actual total user count exceeds 100000.

Could you please advise is there a way to check all users who do not use MFA?

Thanks,

Govind

Answer 1

Hi @govind

For your needs, you can use filter when sending requests to filter out users who do not use MFA.

The value of the property isMfaRegistered indicates whether or not MFA is used, so the filter condition is isMfaRegistered eq false, and here is the full request path:

GET https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false

Here are the results of my tests, and you can see that all non-MFA users are filtered out.

See this link for more usage of this endpoint:

https://learn.microsoft.com/en-us/graph/api/authenticationmethodsroot-list-userregistrationdetails?view=graph-rest-beta&tabs=http

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.