User MFA Status Report

Modified on Tue, 30 Jun at 3:30 PM

# Connect to Microsoft Graph

Connect-MgGraph -Scopes "User.Read.All","UserAuthenticationMethod.Read.All"


# Get all users

$users = Get-MgUser -All -Property Id,DisplayName,UserPrincipalName,AccountEnabled


$results = @()


foreach ($user in $users) {


    Write-Host "Checking MFA methods for $($user.UserPrincipalName)..." -ForegroundColor Cyan


    # Get authentication methods for each user

    $authMethods = Get-MgUserAuthenticationMethod -UserId $user.Id


    # Filter out password method (everyone has this)

    $mfaMethods = $authMethods | Where-Object {

        $_.AdditionalProperties['@odata.type'] -notlike "*passwordAuthenticationMethod"

    }


    $mfaEnabled = if ($mfaMethods.Count -gt 0) { "Yes" } else { "No" }


    $results += [PSCustomObject]@{

        DisplayName        = $user.DisplayName

        UserPrincipalName  = $user.UserPrincipalName

        AccountEnabled     = $user.AccountEnabled

        MFAEnabled         = $mfaEnabled

        MFAMethodCount     = $mfaMethods.Count

    }

}


# Export results

$results | Export-Csv -Path "MFA_User_Report.csv" -NoTypeInformation


Write-Host "Report exported to MFA_User_Report.csv" -ForegroundColor Green


# Disconnect session

Disconnect-MgGraph

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article