How do I create an report for all user which are register for MFA

lalajee 1,811 Reputation points
2023-06-26T21:45:02.5633333+00:00

Hi

I need to create an report for all users which are registered for MFA though Conditional policy.

I need 2 reports

All user which are register for MFA and all users which are not registered for MFA

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,234 questions
Microsoft Intune Reporting
Microsoft Intune Reporting
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Reporting: The process of giving an account of something that has been observed, heard, done, or investigated.
66 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,320 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mehtab Siddique (MINDTREE LIMITED) 966 Reputation points
    2023-06-27T10:19:34.84+00:00

    Hi @lalajee,

    Get MFA Status with PowerShell Requirments you need to have MS graph SDk module installed: https://github.com/microsoftgraph/msgraph-sdk-powershell

    The Get-MgUser cmdlet is used to get single and all users from your Office 365 tenant: https://activedirectorypro.com/powershell-get-and-export-azure-ad-users/

    and to get the MFA status: https://video2.skills-academy.com/en-us/powershell/module/microsoft.graph.identity.signins/get-mguserauthenticationmethod?view=graph-powershell-1.0#examples

    Import-Module Microsoft.Graph.Identity.SignIns
# A UPN can also be used as -UserId.
Get-MgUserAuthenticationMethod -UserId $userId

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

  2. CarlZhao-MSFT 39,576 Reputation points
    2023-06-29T10:47:43.3133333+00:00

    Hi @lalajee,

    This requires some logical calculations, and I think it would be easier and more intuitive to use code than commands.

    Refer to my C# code:

    var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.Users.GetAsync();

int num = 0;

for (int i = 0; i < result.Value.Count; i++) {

    
    var authMethods = await graphClient.Users[result.Value[i].Id].Authentication.Methods.GetAsync();

    if (authMethods.Value.Count > 1)
    {
      
        Console.WriteLine("MFA user: " + result.Value[i].UserPrincipalName);

        num = num + 1;

    }
    else {

        Console.WriteLine("SFA user: " + result.Value[i].UserPrincipalName);

    }
        
}

Console.WriteLine("Number of users with MFA enabled: " + num);

    Debugging:

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.