How to Find Users With & With-Out MFA Quickly
Wondering where to get started quickly with sorting out who has strong MFA in your Entra ID organization?
Use case: Some users may not be captured by all conditional access policies and may have escaped having MFA configured on their account. With upcoming changes restricting users from logging into Azure and other Admin portals, we need to easily identify the impacted users.
Here’s some quick PowerShell to use to get a quick list.
#Install MSOnline module if not installed
Install-Module MSOnline
#Import MSOnline if needed
Import-Module MSOnline
#Connect to Entra ID service
Connect-MsolService
#Get MFA Status for all users
Get-MsolUser | Select-Object UserPrincipalName, DisplayName, @{Name="MFA Status";Expression={if ($_.StrongAuthenticationMethods.Count -ne 0) {"Enabled"} else {"Disabled"}}}
#Can also check here: https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication
#Check your tenant for MFA Enforcement: https://portal.azure.com/#view/Microsoft_Azure_Resources/MfaSettings.ReactView
PowerShell Outputs a nice table for us:
Want to save your user list as a CSV file instead because you have more than 10 users?
Add this to the “Get-MsolUser” line at the end:
| Export-Csv -Path "C:\path\here\mfa_status.csv" -NoTypeInformation
Now the PowerShell will execute and save your output to the CSV file, open it in your favourite spreadsheet software and sort as needed.
#Get MFA Status for all users & Save to a local file
Get-MsolUser | Select-Object UserPrincipalName, DisplayName, @{Name="MFA Status";Expression={if ($_.StrongAuthenticationMethods.Count -ne 0) {"Enabled"} else {"Disabled"}}} | Export-Csv -Path "C:\path\here\mfa_status.csv" -NoTypeInformation