To quickly find whether individual users have MFA (Multi-Factor Authentication) configured:
- Log in to Microsoft Office 365 Admin Portal > All admin centres > Microsoft Entra (or just go there directly: https://entra.microsoft.com)
- Identity > Users > All Users > [click on a user] > Authentication Methods.
- If at the top you see the message shown below, switch to the new experience.
- If the user has MFA enabled, it will look something like this:
Obviously, it would be quite laborious to check a large number of users this way. PowerShell to the rescue!
- Open Elevated (run as admin) PowerShell
- Connect to Azure Active Directory: Connect-MsolService
- Run the following script:
Get-MsolUser -all | select DisplayName,UserPrincipalName,@{N="MFA Status"; E={ if( $_.StrongAuthenticationMethods.IsDefault -eq $true) {($_.StrongAuthenticationMethods | Where IsDefault -eq $True).MethodType} else { "Disabled"}}} | FT -AutoSize
Credit for this goes to Reddit users.
November 2023
Microsoft Office 365
Exchange Online
