Get the MFA status report with Get-MFAReport PowerShell script and have a close look through it.
#Status office 365 how to
In this article, you learned how to export MFA status Office 365 users with PowerShell. Read more: Office 365 Recommended Configuration Analyzer » Conclusion
Microsoft did write documentation about it in Azure Active Director security defaults.ĭon’t forget to enforce MFA for all the users in the tenant! It’s a must to protect the organization from brute force attacks and sign-ins.ĭid this help you to export Office 365 users MFA status to CSV file? This way, you don’t have to disable that feature, and it’s in sync with Microsoft 365 web page and the Get-MFAReport export CSV file. We like to see that Microsoft synchronizes the Security defaults feature with the Microsoft 365 Multi-Factor Authentication page. Select Manage security defaults > Set the Enable security defaults toggle to No. Browse to Azure Active Directory > Properties. Sign in to the Azure portal as an administrator. You can disable the feature in the next step. You want the report to be accurate, and this way, you have everything managed from the report. It will show user accounts with no MFA enabled, but they do. Otherwise, you will have incorrect information on the Microsoft 365 MFA page and the MFA report. We recommend you disable security defaults in Azure AD if you use the Get-MFAReport PowerShell script. Think about an administrator account, which is a high privileges account. That’s because the user has a role added, and Microsoft will force the user to provide MFA authentication. After that, it will ask you for MFA when you sign in. Some accounts are not showing that they are enabled, but when you do sign in to Microsoft 365, it will ask you to enable MFA. Now there is one more thing that you need to place good attention to. Open the CSV file with your favorite application. Find the file MFAUsers.csv in the path C:\temp. The Get-MFAReport.ps1 PowerShell script will export Office 365 users MFA status to CSV file. \Get-MFAReport.ps1 Out-GridViewĪn Out-GridView will show columns with users and much more information than in the Microsoft 365 multi-factor authentication page. After that, run the script Get-MFAReport.ps1. Get MFA status for all users with PowerShell. The script will export the CSV file to the C:\temp folder. Prepare Get-MFAReport PowerShell scriptĭownload the Get-MFAReport.ps1 PowerShell script and place it in C:\scripts folder. Now that we are connected, we can go to the next step.
#Status office 365 windows
Start Windows PowerShell as administrator and run the cmdlet Connect-MsolService.
#Status office 365 install
Connect to Azure Active Directoryīefore we can proceed further and get the MFA status for all the users, we need to install and connect to Azure AD with PowerShell (MsolService). In the next step, we will show how to create an MFA report.
Is there a better way to have an insight into the MFA instead of the Microsoft 365 page? Yes, there is, and that’s when PowerShell will come to the rescue. That’s because Microsoft did not provide a way for that. The PowerShell script can’t identity the MFA status if it’s enabled through Security Defaults (see the last step of how to disable) or Conditional Access.
If you see that MFA is enabled or enforced, it does not mean that MFA is configured.