Powershell Script exporting MFA status and licence skuid

Owen Cheung 30 Reputation points
2024-02-13T16:57:54.42+00:00

Hi all. I'm new to powershell and have been attempting to understanding some of the scripts readily available from the multitude of sources found by google. My objective is to export a list of licensed users, what their licenses are, and their MFA status. I've found a script to export a list of MFA status, and a different one that shows the SKUid. However, I'm struggling to combine the two together into one command. Below is my current botch work, which outputs System.Object[] on a multitude of users in the LicencesType column. When I look at the licences for these users, some are unlicensed, some have Power Automate, and some are external users with licences.

If someone can point out where I went wrong, that'd be highly appreciated.

Source of the two scripts that I tried to combine:
Mfa - https://morgantechspace.com/2018/06/find-and-list-mfa-enabled-status-office-365-users-powershell.html
Licences - https://learn.microsoft.com/en-us/answers/questions/758236/exporting-all-users-with-specific-licenses-to-csv

$Result=@() 
$users = Get-MsolUser -All
$users | ForEach-Object {
$user = $_
$mfaStatus = $_.StrongAuthenticationRequirements.State 
$methodTypes = $_.StrongAuthenticationMethods
$IsLicensed = $_.IsLicensed

if ($IsLicensed -eq $true)
{
if ($mfaStatus -ne $null -or $methodTypes -ne $null)
{
if($mfaStatus -eq $null)
{ 
$mfaStatus='Enabled (Conditional Access)'
}
$authMethods = $methodTypes.MethodType
$defaultAuthMethod = ($methodTypes | Where{$_.IsDefault -eq "True"}).MethodType 
$verifyEmail = $user.StrongAuthenticationUserDetails.Email 
$phoneNumber = $user.StrongAuthenticationUserDetails.PhoneNumber
$alternativePhoneNumber = $user.StrongAuthenticationUserDetails.AlternativePhoneNumber
$licence = $user.Licenses.AccountSKUid
}
Else
{
$mfaStatus = "Disabled"
$defaultAuthMethod = $null
$verifyEmail = $null
$phoneNumber = $null
$alternativePhoneNumber = $null
}
}
    
$Result += New-Object PSObject -property @{ 
UserName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
MFAStatus = $mfaStatus
AuthenticationMethods = $authMethods
DefaultAuthMethod = $defaultAuthMethod
MFAEmail = $verifyEmail
PhoneNumber = $phoneNumber
AlternativePhoneNumber = $alternativePhoneNumber
LicensesType = $licence
}
}

$Result | Select UserName,MFAStatus,MFAEmail,PhoneNumber,AlternativePhoneNumber,userprincipalname,LicensesType | Export-CSV "C:\Users\user\Downloads\Client-MFA.csv" -NoTypeInformation -Encoding UTF8



Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,106 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,583 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Owen Cheung 30 Reputation points
    2024-02-14T16:56:50.54+00:00

    Found an easier way to achieve the above, not sure if it's the best way but it works. If someone can improve on it, please let me know.

    Get-MsolUser -All | 
    Select-Object   @{N='UserPrincipalName';E={$_.UserPrincipalName}},
                    @{N='MFA Status';E={if ($_.StrongAuthenticationRequirements.State){$_.StrongAuthenticationRequirements.State} else {"Disabled"}}},
                    @{N='MFA Methods';E={$_.StrongAuthenticationMethods.methodtype}},
                    @{n="Licenses Type";e={$_.Licenses.AccountSKUid}} | 
    Export-Csv -Path c:\user\owen\downloads\MFA_Report.csv -NoTypeInformation
    
    
    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.