In this article we will see how we can Get MFA Status of Microsoft 365 users with PowerShell.
One of the functionalities noticeably absent in the Microsoft 365 Admin Center is a comprehensive report detailing the MFA status of individual users. Multi-Factor Authentication (MFA) stands as a crucial security layer for safeguarding your tenant. To ensure the proper configuration of MFA for our users, we will utilize PowerShell to obtain and export the MFA status.
While the Admin Center provides an internal overview, relying on it for this task can be time-intensive. Conversely, PowerShell offers a streamlined approach to fetch the MFA status for all users and compile essential details into an Excel sheet.
Table of Contents
Connecting to Microsoft Online Service with PowerShell
Connecting to Microsoft Online Service using PowerShell is a straightforward process that allows you to manage users and settings in your Azure Active Directory associated with Office 365 or Microsoft 365. Here’s a quick guide:
Install Microsoft Online Services Module:
Ensure you have the Microsoft Online Services Module installed. If not, install it with the following command (run PowerShell as Administrator):
Install-Module -Name MSOnline -Force -AllowClobberImport the Module:
Import the Microsoft Online Services Module with:
Import-Module MSOnlinePrompt for Credentials:
Use the Get-Credential cmdlet to securely prompt for your credentials:
$credential = Get-CredentialConnect to Microsoft Online Service:
Establish a connection using the entered credentials:
Connect-MsolService -Credential $credentialYou’ll be prompted to enter your username and password. Once authenticated, PowerShell establishes a connection.
Disconnect (Optional):
To disconnect from the Microsoft Online Service when finished, use:
Disconnect-MsolServiceGet MFA Status of Microsoft 365 users with PowerShell.
List of all users with their MFA status
Acquiring a comprehensive roster of users along with their Multi-Factor Authentication (MFA) Status is a simple process. Execute the script without providing any parameters to obtain an extensive list of users and their respective MFA Status. The script will ascertain the administrative status of each user and showcase the default MFA type selected by the user.
Exporting the results is a flexible option, allowing you to either display them on the screen or save them to a CSV file according to your preference.
#Ensure your connection to MsolService is active
Invoke-MFAStatusCheck.ps1 | Format-Table
#Alternatively, for an Excel file output
Invoke-MFAStatusCheck.ps1 | Export-CSV C:\temp\MFAStatusReport.csv -NoTypeInformationList of all users without MFA active
For sizable tenants, the focus might be on identifying users without MFA. To achieve this, employ the switch withOutMFAOnly when executing the script.
Get-MFAStatus.ps1 -withOutMFAOnlyCheck the MFA Status of admins
Administrators must undoubtedly have Multi-Factor Authentication (MFA) enabled. To promptly assess the status of all your administrative accounts, utilize the adminsOnly switch.
Get-MFAStatus.ps1 -adminsOnlyCheck the MFA status of selected users
The script additionally provides the capability to inspect the Multi-Factor Authentication (MFA) Status of an individual user or multiple users.
Get-MFAStatus.ps1 -UserPrincipalName 'test@example.com'Conclusion
In conclusion, implementing Multi-Factor Authentication (MFA) stands as a critical measure in fortifying the security of your tenant. The PowerShell script presented here serves as a valuable tool, offering a straightforward method to thoroughly examine and verify the MFA status of your users. Getting MFA Status of Microsoft 365 users with PowerShell really saves a lot of time for you. By incorporating this script into your routine checks, you empower yourself with a proactive approach towards ensuring the robust security of your environment.
Give this a try and Get MFA Status of Microsoft 365 users with PowerShell for your organization.
