Get-EntraBetaUserAuthenticationRequirement
Retrieve the authentication method status of a user.
Syntax
Default (Default)
Get-EntraBetaUserAuthenticationRequirement
-UserId <String>
[<CommonParameters>]
Description
The Get-EntraBetaUserAuthenticationRequirement cmdlet retrieves the authentication method status of a user.
In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles can perform this operation:
- Global Reader
- Authentication Policy Administrator
Parameters
-UserId
Specifies the ID (as a UserPrincipalName or UserId) of a user in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId, UPN, Identity, UserPrincipalName |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Notes
The most effective way to protect users with Microsoft Entra MFA is by creating a Conditional Access policy. Conditional Access, a feature available in Microsoft Entra ID P1 and P2, allows you to enforce MFA based on specific conditions and scenarios. To learn how to set up Conditional Access, refer to the tutorial: Secure user sign-in events with Microsoft Entra multifactor authentication.
For Microsoft Entra ID Free tenants without Conditional Access, you can use security defaults to protect users. MFA prompts are automatic, but you can't customize the rules.