# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All","UserAuthenticationMethod.Read.All"
# Get all users
$users = Get-MgUser -All -Property Id,DisplayName,UserPrincipalName,AccountEnabled
$results = @()
foreach ($user in $users) {
Write-Host "Checking MFA methods for $($user.UserPrincipalName)..." -ForegroundColor Cyan
# Get authentication methods for each user
$authMethods = Get-MgUserAuthenticationMethod -UserId $user.Id
# Filter out password method (everyone has this)
$mfaMethods = $authMethods | Where-Object {
$_.AdditionalProperties['@odata.type'] -notlike "*passwordAuthenticationMethod"
}
$mfaEnabled = if ($mfaMethods.Count -gt 0) { "Yes" } else { "No" }
$results += [PSCustomObject]@{
DisplayName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
AccountEnabled = $user.AccountEnabled
MFAEnabled = $mfaEnabled
MFAMethodCount = $mfaMethods.Count
}
}
# Export results
$results | Export-Csv -Path "MFA_User_Report.csv" -NoTypeInformation
Write-Host "Report exported to MFA_User_Report.csv" -ForegroundColor Green
# Disconnect session
Disconnect-MgGraph
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article