Get-EntraAuthenticationMethodUserRegistrationDetailReport
List the user's registered authentication methods.
Syntax
GetQuery (Default)
Get-EntraAuthenticationMethodUserRegistrationDetailReport
[-Top <Int32>]
[-All]
[-Filter <String>]
[-Sort <String>]
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraAuthenticationMethodUserRegistrationDetailReport
-UserRegistrationDetailsId <String>
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraAuthenticationMethodUserRegistrationDetailReport
cmdlet lists the user's registered authentication methods from the userRegistrationDetails
object. This method doesn't work for disabled accounts (user accounts).
In delegated scenarios with work or school accounts, when acting on another user, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles support this operation:
- Reports Reader
- Security Reader
- Security Administrator
- Global Reader
Parameters
-All
List all pages.
Parameter properties
Type: | System.Management.Automation.SwitchParameter |
Default value: | False |
Supports wildcards: | False |
DontShow: | False |
Parameter sets
GetQuery
Position: | Named |
Mandatory: | False |
Value from pipeline: | False |
Value from pipeline by property name: | False |
Value from remaining arguments: | False |
-Filter
Specifies an OData v4.0 filter statement. This parameter filters which objects are returned.
Parameter properties
Type: | System.String |
Default value: | None |
Supports wildcards: | False |
DontShow: | False |
Parameter sets
GetQuery
Position: | Named |
Mandatory: | False |
Value from pipeline: | False |
Value from pipeline by property name: | False |
Value from remaining arguments: | False |
-Property
Specifies properties to be returned.
Parameter properties
Type: | System.String[] |
Default value: | None |
Supports wildcards: | False |
DontShow: | False |
Aliases: | Select |
Parameter sets
(All)
Position: | Named |
Mandatory: | False |
Value from pipeline: | False |
Value from pipeline by property name: | False |
Value from remaining arguments: | False |
-Sort
This parameter sorts the results by property.
Parameter properties
Type: | System.String |
Default value: | None |
Supports wildcards: | False |
DontShow: | False |
Aliases: | SortBy, OrderBy |
Parameter sets
GetQuery
Position: | Named |
Mandatory: | False |
Value from pipeline: | False |
Value from pipeline by property name: | False |
Value from remaining arguments: | False |
-Top
Specifies the maximum number of records to return.
Parameter properties
Type: | System.Int32 |
Default value: | None |
Supports wildcards: | False |
DontShow: | False |
Aliases: | Limit |
Parameter sets
GetQuery
Position: | Named |
Mandatory: | False |
Value from pipeline: | False |
Value from pipeline by property name: | False |
Value from remaining arguments: | False |
-UserRegistrationDetailsId
Specifies the user object identifier in Microsoft Entra ID.
Parameter properties
Type: | System.String |
Default value: | None |
Supports wildcards: | False |
DontShow: | False |
Aliases: | Id |
Parameter sets
GetById
Position: | Named |
Mandatory: | True |
Value from pipeline: | True |
Value from pipeline by property name: | True |
Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Outputs
isAdmin (Boolean)
Shows whether the user has an admin role in the tenant. Use it to check which authentication methods privileged accounts register and use.
isMfaCapable (Boolean)
Indicates that the user uses a strong MFA method allowed by the authentication methods policy. Supports $filter (eq)
.
isMfaRegistered (Boolean)
Indicates whether the user registers a strong MFA method, even if the authentication methods policy doesn't allow it. Supports $filter (eq)
.
isPasswordlessCapable (Boolean)
Shows if the user registers a passwordless strong authentication method—like FIDO2, Windows Hello for Business, or Microsoft Authenticator—that the policy allows. Supports $filter (eq)
.
isSsprCapable (Boolean)
Shows if the user has registered enough methods and is allowed to use self-service password reset based on policy. Supports $filter (eq)
.
isSsprEnabled (Boolean)
Shows if the user is allowed to use self-service password reset by policy, even if they haven’t registered enough authentication methods. Supports $filter (eq)
.
isSsprRegistered (Boolean)
Shows if the user registers enough authentication methods for self-service password reset, even if the policy doesn't allow them to use it. Supports $filter (eq)
.
isSystemPreferredAuthenticationMethodEnabled (Boolean)
Shows if system-preferred authentication is on. When enabled, the system selects the most secure method from the ones the user registers. Supports $filter (eq)
.
lastUpdatedDateTime (DateTimeOffset)
The date and time (in UTC) when the report was last updated, in ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is shown as 2014-01-01T00:00:00Z
.
methodsRegistered (String collection)
List of registered authentication methods, like mobilePhone, email, or passKeyDeviceBound. Supports $filter
with any
and eq
.
systemPreferredAuthenticationMethods (String collection)
List of the most secure second-factor authentication methods chosen by the system from the user's registered methods. Values include: push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms, none. Supports $filter
with any
and eq
.
userDisplayName (String)
The user's display name, like "Sawyer Miller." Supports $filter
(eq
, startsWith
) and $orderby
.
userPreferredMethodForSecondaryAuthentication (userDefaultAuthenticationMethod)
The user's chosen default method for second-factor authentication. Options include: push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms, none. Used as the preferred MFA method when system-preferred authentication is off. Supports $filter
with any
and eq
.
userPrincipalName (String)
The user's sign-in name, like SawyerM@contoso.com. Supports $filter
(eq
, startsWith
) and $orderby
.
userType (signInUserType)
Shows if the user is a member or guest in the tenant. Values: member, guest.
Notes
Get-EntraAuthMethodUserRegistrationDetailReport
is an alias for Get-EntraAuthenticationMethodUserRegistrationDetailReport
.