check which users have registered for MFA

dirkdigs 921 Reputation points
2021-05-25T14:43:46.05+00:00

hi there i was looking for quick one-liner or similar to retrieve a list of users within a given tenant who have MFA Enabled on the user accoutn and also to determine the users who do not . thanks

Office Management
Office Management
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Management: The act or process of organizing, handling, directing or controlling something.
2,153 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,535 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,812 questions
0 comments No comments
{count} vote

Accepted answer
  1. AmanpreetSingh-MSFT 56,616 Reputation points
    2021-05-25T16:45:29.303+00:00

    Hi @dirkdigs · Thank you for reaching out.

    You can use below PowerShell command to get list of users with MFA Enabled/Disabled:

    Connect-MsolService  
    Get-MsolUser -All | select DisplayName,BlockCredential,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}  
    

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Ali Soufi 6 Reputation points
    2022-03-11T21:43:20.433+00:00

    Hi,

    Sorry for the late response.
    From my understating you want to know who got it setup before you forcefully enable it.

    If a user setups MFA the value of "StrongAuthenticationMethods" will not be null

    This should help:
    Get-MsolUser -all | Select-Object DisplayName,UserPrincipalName,@{N="MFA User Setup"; E={ if( $.StrongAuthenticationMethods -ne $null){"Enabled"} else { "Disabled"}}},@{N="MFA Admin Enforced"; E={ if( $.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.