Dewey Rodriguez
asked on
MFA Status issue
I had this question after viewing Powershell command to find 2FA status on Office365.
When I ran the command the MFA status is coming up blank. I know that we have over 100 users that have it enforced. What am I doing wrong?
When I ran the command the MFA status is coming up blank. I know that we have over 100 users that have it enforced. What am I doing wrong?
ASKER
Hi Vasil, Thank you for the quick response. Herei is the command I am using
Get-msoluser -All | select UserPrincipalName,@{N='MFA State';E={($_.StrongAuthen ticationRe quirements .State)}} | Export-Csv -NoTypeInformation C:\Temp\Report.csv
Get-msoluser -All | select UserPrincipalName,@{N='MFA
Your example also runs fine for me. Here's a little tweak that should return just the users that have it set to Enforced:
Do note that if you are enforcing MFA via Conditional access policies, this will not be reflected in the StrongAuthenticationRequir ements attribute, thus using the StrongAuthenticationMethod s can be a better indicator (also not 100% correct all the time).
Get-MsolUser -All | ? {$_.StrongAuthenticationRequirements.State -eq "Enforced"} | select UserPrincipalName,@{N='MFA State';E={($_.StrongAuthenticationRequirements.State)}}
Do note that if you are enforcing MFA via Conditional access policies, this will not be reflected in the StrongAuthenticationRequir
ASKER
I think I know the issue. When I check in Azure, it shows we do not have a MFA server. I joined this company recently and just found out they enabled MFA to the user via the O365 console. O365 Admin console-Home-Active Users-More.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much. I am not sure what I was doing wrong, but it magically appeared.
Open in new window
More info on reporting for MFA can be found in this article: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting