Get-EntraAuthenticationMethodUserRegistrationDetailReport
List the user's registered authentication methods.
Syntax
GetQuery (Default)
Get-EntraAuthenticationMethodUserRegistrationDetailReport
[-Top <Int32>]
[-All]
[-Filter <String>]
[-Sort <String>]
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraAuthenticationMethodUserRegistrationDetailReport
-UserRegistrationDetailsId <String>
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraAuthenticationMethodUserRegistrationDetailReport cmdlet lists the user's registered authentication methods from the userRegistrationDetails object. This method doesn't work for disabled accounts (user accounts).
In delegated scenarios with work or school accounts, when acting on another user, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles support this operation:
- Reports Reader
- Security Reader
- Security Administrator
- Global Reader
Parameters
-All
List all pages.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Filter
Specifies an OData v4.0 filter statement. This parameter filters which objects are returned.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Sort
This parameter sorts the results by property.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SortBy, OrderBy |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Top
Specifies the maximum number of records to return.
Parameter properties
| Type: | System.Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Limit |
Parameter sets
GetQuery
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-UserRegistrationDetailsId
Specifies the user object identifier in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Id |
Parameter sets
GetById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Outputs
isAdmin (Boolean)
Shows whether the user has an admin role in the tenant. Use it to check which authentication methods privileged accounts register and use.
isMfaCapable (Boolean)
Indicates that the user uses a strong MFA method allowed by the authentication methods policy. Supports $filter (eq).
isMfaRegistered (Boolean)
Indicates whether the user registers a strong MFA method, even if the authentication methods policy doesn't allow it. Supports $filter (eq).
isPasswordlessCapable (Boolean)
Shows if the user registers a passwordless strong authentication method—like FIDO2, Windows Hello for Business, or Microsoft Authenticator—that the policy allows. Supports $filter (eq).
isSsprCapable (Boolean)
Shows if the user has registered enough methods and is allowed to use self-service password reset based on policy. Supports $filter (eq).
isSsprEnabled (Boolean)
Shows if the user is allowed to use self-service password reset by policy, even if they haven’t registered enough authentication methods. Supports $filter (eq).
isSsprRegistered (Boolean)
Shows if the user registers enough authentication methods for self-service password reset, even if the policy doesn't allow them to use it. Supports $filter (eq).
isSystemPreferredAuthenticationMethodEnabled (Boolean)
Shows if system-preferred authentication is on. When enabled, the system selects the most secure method from the ones the user registers. Supports $filter (eq).
lastUpdatedDateTime (DateTimeOffset)
The date and time (in UTC) when the report was last updated, in ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is shown as 2014-01-01T00:00:00Z.
methodsRegistered (String collection)
List of registered authentication methods, like mobilePhone, email, or passKeyDeviceBound. Supports $filter with any and eq.
systemPreferredAuthenticationMethods (String collection)
List of the most secure second-factor authentication methods chosen by the system from the user's registered methods. Values include: push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms, none. Supports $filter with any and eq.
userDisplayName (String)
The user's display name, like "Sawyer Miller." Supports $filter (eq, startsWith) and $orderby.
userPreferredMethodForSecondaryAuthentication (userDefaultAuthenticationMethod)
The user's chosen default method for second-factor authentication. Options include: push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms, none. Used as the preferred MFA method when system-preferred authentication is off. Supports $filter with any and eq.
userPrincipalName (String)
The user's sign-in name, like SawyerM@contoso.com. Supports $filter (eq, startsWith) and $orderby.
userType (signInUserType)
Shows if the user is a member or guest in the tenant. Values: member, guest.
Notes
Get-EntraAuthMethodUserRegistrationDetailReport is an alias for Get-EntraAuthenticationMethodUserRegistrationDetailReport.