O365 MFA Status with Powershell

eric-schroeder · 2018-06-05T16:59:29.000Z

Description

This will generate a report for the status of users Multi factor Authentication (MFA) in Azure/O365 that are in a certain group. It uses the Active DIrectory Module and MSolService Get all users and then combines the two lists to see which users are in a specific group and what is their MFA Status.

Could be modified to show all users MFA status if needed.

Source Code

##Progression Wrapper Window to Show time

function Write-ProgressHelper
{
   param (
      [int]$StepNumber,
 
      [string]$Message
   )
Write-Progress -Activity 'MFA User Status' -Status $Message -PercentComplete (($StepNumber / $steps) * 100)
}
 
$script:steps = ([System.Management.Automation.PsParser]::Tokenize((gc "$PSScriptRoot\$($MyInvocation.MyCommand.Name)"), [ref]$null) | where { $_.Type -eq 'Command' -and $_.Content -eq 'Write-ProgressHelper' }).Count
 
$stepCounter = 0
 
Write-ProgressHelper -Message 'Importing Active Directory Module' -StepNumber  ($stepCounter++)
Start-Sleep -Seconds 5
## Import AD Module and search for specific Users in a Group
	Import-Module ActiveDirectory
	
	
Write-ProgressHelper -Message 'Connect to MSOnline' -StepNumber  ($stepCounter++)
Start-Sleep -Seconds 5
##Connect to MSOnline
	Write-Host "Connecting MSOL Online" -ForegroundColor Green
	Connect-MsolService -Credential $Credential
	if (Get-MsolDomain) { Write-Host "Connected to O365 MSOL Online" -ForegroundColor Green} else {Write-Host "Can't Connect to O365 Online, exiting." -ForegroundColor Red ;exit}

 
Write-ProgressHelper -Message 'Finding Users MFA Status' -StepNumber  ($stepCounter++)
 
Start-Sleep -Seconds 5
## Sort and filter <YOUR SPECIFIED GROUP HERE> and write their MFA Status to File
$groupmembers  = Get-ADGroupMember <YOUR SPECIFIED GROUP HERE>
$All_MSOlusers = Get-MSolUser -all

$data = foreach($member in $groupmembers){
   $All_msolusers | where UserPrincipalName -eq "$($member.SamAccountName)@<YOURDOMAIN>COM>" |
   select DisplayName,UserPrincipalName,Department,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}}
}

$data | Export-CSV -Path "O365MFAstatus.csv" -NoTypeInformation -Force

spiceuser-x7bx9 · 2019-05-15T08:24:14.000Z

If you are in the need to add additional attributes like Configured MFA methods, Default MFA Methods, MFA Phone Number, MFA Mail Id, License Status, IsAdmin, and Signin Status , I’d suggest you to refer below script: Export Office 365 Users MFA Status to CSV Using PowerShell