Export MFA Status, StrongAuthInfo and DefaultAuthMethod from office 365 using PowerShell

Powershell logo

You can export Office365 users DisplayName, UsageLocation, UserPrincipalName, MFA Status, StrongAuthInfo, DefaultAuthMethod using powershell. The exported data will be in a CSV File which will list these details. Default MFA Method is useful when you want to know who in your company is using which MFA method to authenticate to office365 services. For example, this data is also useful when you are planning to move the users from SMS based method to Phone App Method which is more secure. The PhoneAppNotification method means when users will get notification in MS Authenticator App and they tap on approve to confirm sign-in.

First you need to download / Install MSOnline powershell module on your system. You can download it from PowerShell Gallery | MSOnline location. Then use Connect-MsolService to connect to the Azure AD.


Once you are successfully authenticated to Msolservice, run below command to export the data. You can modify the location where you want to export the data in the command.

Get-MsolUser -all | select DisplayName,UsageLocation,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}},@{N="StrongAuthInfo"; E={ if( $_.StrongAuthenticationMethods.MethodType -ne $null){ $_.StrongAuthenticationMethods.MethodType} else { "Disabled"}}},@{N="DefaultAuthMethod"; E={if($_.StrongAuthenticationMethods.MethodType -ne $null){foreach($meth in $_.StrongAuthenticationMethods){if($meth.IsDefault -eq "True") {$meth.MethodType}}} else { "Disabled"}}} | export-csv -Path "c:\Temp\UserAuthMethods.csv"

Leave a Comment