Dynamic Groups MFA Status?

H Raja 221 Reputation points
2021-07-19T16:54:01.98+00:00

I'm trying to find out a way to populate a Dynamic Group, with users who are registered for MFA. Looking at online documents, looks like there is only limited values you can use with Dynamic Groups. If this is not possible, how do I populate a group with MFA registered users.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,840 questions
{count} vote

6 answers

Sort by: Most helpful
  1. Dominik Gilgen 10 Reputation points
    2023-09-22T17:55:07.1166667+00:00

    i have created a PowerShell script for an Azure Runbook for dynamic groups, based on the user‘s MFA status:

    https://github.com/M365-Consultant/EntraID-MFA-DynamicGroup

    2 people found this answer helpful.
    0 comments No comments

  2. Cristian SPIRIDON 4,476 Reputation points
    2021-07-19T17:13:03.25+00:00

    Hi,

    There is a predefined report that tell you the status of each user. If that is not good for your use case maybe you can use conditional access to verify for MFA.

    https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AuthMethodsActivity/menuId/AuthMethodsActivity

    Hope this helps!

    0 comments No comments

  3. H Raja 221 Reputation points
    2021-07-20T10:22:05.187+00:00

    @Cristian SPIRIDON it's not the report I wanted, I can get that from the above article you mentioned. I need a way to dynamically add MFA registered users into a Dynamic Group or any other group. Thanks

    0 comments No comments

  4. AndAuf 26 Reputation points
    2023-08-02T14:02:26.5866667+00:00

    2 years later and I'm looking for exactly the same.

    0 comments No comments

  5. Leon Graunke 0 Reputation points
    2023-09-19T13:16:03.6166667+00:00

    I am looking for exactly the same. I would like to restrict conditional access for users without MFA from external IP addresses and I think with this group it is the best way


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.