MFA Status issue

Which cmdlet might that be exactly? In general, this example should do just fine:

Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -ne 0} | Select-Object -Property UserPrincipalName

Select allOpen in new window

More info on reporting for MFA can be found in this article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

Hi Vasil, Thank you for the quick response. Herei is the command I am using

Get-msoluser -All | select UserPrincipalName,@{N='MFA State';E={($_.StrongAuthenticationRequirements.State)}} | Export-Csv -NoTypeInformation C:\Temp\Report.csv

Your example also runs fine for me. Here's a little tweak that should return just the users that have it set to Enforced:

Get-MsolUser -All | ? {$_.StrongAuthenticationRequirements.State -eq "Enforced"} | select UserPrincipalName,@{N='MFA State';E={($_.StrongAuthenticationRequirements.State)}}

Select allOpen in new window

Do note that if you are enforcing MFA via Conditional access policies, this will not be reflected in the StrongAuthenticationRequirements attribute, thus using the StrongAuthenticationMethods can be a better indicator (also not 100% correct all the time).

I think I know the issue. When I check in Azure, it shows we do not have a MFA server. I joined this company recently and just found out they enabled MFA to the user via the O365 console. O365 Admin console-Home-Active Users-More.

Thank you very much. I am not sure what I was doing wrong, but it magically appeared.