question

ThoH avatar image
0 Votes"
ThoH asked MarileeTurscak-MSFT answered

Security Authentication method display 350 User capable of MFA but extract only 303

Hello everyone,

I didn't find anything about my problem on the net so i came here to ask.


So i am trying to monitor how much of my user are already capable of doing MFA and export the list of those can.
In Security>Authentication methods>Activity i can see that 350 users are capable of MFA but when i extract with a bulk operation i only get 303 users.

Is that a bug? Someone can tell me if there something i can do and which number is true ?

Best Regards,
T

azure-ad-multi-factor-authenticationazure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @ThoH,

Which MFA State are you querying for?

If you have Conditional Access or policy-based MFA set up on the tenant, some users may have registered for MFA but not have it enforced on every authentication.

Depending on which script you are using, you might be querying users that have O365 MFA and not users that have MFA enforced by a Conditional Access policy.

You can use the following script to check for both types and export the results to a CSV:

 get-MsolUser -all | select DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}} | Export-CSV c:\temp\mfastatus.csv -noTypeInformation

I believe this script should also account for Conditional Access scenarios.

Let me know if this helps. If you are still facing this issue please share the script that you are using.

Thanks,

Marilee

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.