Find MFA Status of Microsoft 365 Users With PowerShell Easily

MicrosoftMicrosoft 365Powershell

In this article we will see how we can Get MFA Status of Microsoft 365 users with PowerShell.

One of the functionalities noticeably absent in the Microsoft 365 Admin Center is a comprehensive report detailing the MFA status of individual users. Multi-Factor Authentication (MFA) stands as a crucial security layer for safeguarding your tenant. To ensure the proper configuration of MFA for our users, we will utilize PowerShell to obtain and export the MFA status.

While the Admin Center provides an internal overview, relying on it for this task can be time-intensive. Conversely, PowerShell offers a streamlined approach to fetch the MFA status for all users and compile essential details into an Excel sheet.

Connecting to Microsoft Online Service with PowerShell

Connecting to Microsoft Online Service using PowerShell is a straightforward process that allows you to manage users and settings in your Azure Active Directory associated with Office 365 or Microsoft 365. Here’s a quick guide:

Install Microsoft Online Services Module:

Ensure you have the Microsoft Online Services Module installed. If not, install it with the following command (run PowerShell as Administrator):

Install-Module -Name MSOnline -Force -AllowClobber

Import the Module:

Import the Microsoft Online Services Module with:

Import-Module MSOnline

Prompt for Credentials:

Use the Get-Credential cmdlet to securely prompt for your credentials:

$credential = Get-Credential

Connect to Microsoft Online Service:

Establish a connection using the entered credentials:

Connect-MsolService -Credential $credential

You’ll be prompted to enter your username and password. Once authenticated, PowerShell establishes a connection.

Disconnect (Optional):

To disconnect from the Microsoft Online Service when finished, use:

Disconnect-MsolService

Get MFA Status of Microsoft 365 users with PowerShell.

List of all users with their MFA status

Acquiring a comprehensive roster of users along with their Multi-Factor Authentication (MFA) Status is a simple process. Execute the script without providing any parameters to obtain an extensive list of users and their respective MFA Status. The script will ascertain the administrative status of each user and showcase the default MFA type selected by the user.

Exporting the results is a flexible option, allowing you to either display them on the screen or save them to a CSV file according to your preference.

#Ensure your connection to MsolService is active
Invoke-MFAStatusCheck.ps1 | Format-Table

#Alternatively, for an Excel file output
Invoke-MFAStatusCheck.ps1 | Export-CSV C:\temp\MFAStatusReport.csv -NoTypeInformation

List of all users without MFA active

For sizable tenants, the focus might be on identifying users without MFA. To achieve this, employ the switch withOutMFAOnly when executing the script.

Get-MFAStatus.ps1 -withOutMFAOnly

Check the MFA Status of admins

Administrators must undoubtedly have Multi-Factor Authentication (MFA) enabled. To promptly assess the status of all your administrative accounts, utilize the adminsOnly switch.

Get-MFAStatus.ps1 -adminsOnly

Check the MFA status of selected users

The script additionally provides the capability to inspect the Multi-Factor Authentication (MFA) Status of an individual user or multiple users.

Get-MFAStatus.ps1 -UserPrincipalName 'test@example.com'

Conclusion

In conclusion, implementing Multi-Factor Authentication (MFA) stands as a critical measure in fortifying the security of your tenant. The PowerShell script presented here serves as a valuable tool, offering a straightforward method to thoroughly examine and verify the MFA status of your users. Getting MFA Status of Microsoft 365 users with PowerShell really saves a lot of time for you. By incorporating this script into your routine checks, you empower yourself with a proactive approach towards ensuring the robust security of your environment.

Give this a try and Get MFA Status of Microsoft 365 users with PowerShell for your organization.

Leave a Reply

Your email address will not be published. Required fields are marked *