Export Microsoft 365 users MFA status with PowerShell

You can export Office365 users DisplayName, UsageLocation, UserPrincipalName, MFA Status, StrongAuthInfo, DefaultAuthMethod using Powershell. The exported data will be in a CSV File.

The Default MFA Method helps you track which authentication methods your company’s employees use for Microsoft 365 services. This information is valuable when considering a shift from less secure methods like SMS to more secure options like Phone Apps.

The PhoneAppNotification method means when users will get notification in MS Authenticator App and they tap on approve to confirm sign-in.

Let’s check the steps

  1. Install MS Online Powershell module
Install-Module MSOnline
  1. Connect to MSolService
Connect-MsolService
  1. Use below Command to Export this report. You can change export-csv path to where you want to save this report.
Get-MsolUser -all | select DisplayName,UsageLocation,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}},@{N="StrongAuthInfo"; E={ if( $_.StrongAuthenticationMethods.MethodType -ne $null){ $_.StrongAuthenticationMethods.MethodType} else { "Disabled"}}},@{N="DefaultAuthMethod"; E={if($_.StrongAuthenticationMethods.MethodType -ne $null){foreach($meth in $_.StrongAuthenticationMethods){if($meth.IsDefault -eq "True") {$meth.MethodType}}} else { "Disabled"}}} | export-csv -Path "c:\Temp\UserAuthMethods.csv"

Leave a Comment

Discover more from TechPress

Subscribe now to keep reading and get access to the full archive.

Continue reading