If you're an IT admin or Microsoft 365 power user, chances are you've been asked at some point: "Who in our org has MFA enabled? And what methods are they using?". Well, guess what? You don't need to go clicking around the Azure portal. You can get all that juicy MFA info—along with authentication method types—using PowerShell.
Here's a simple, step-by-step guide to help you connect to Azure AD and Microsoft 365 and generate a full report on MFA status and authentication methods for all users.
Step 1: Install the Required PowerShell Modules
You'll need two modules to work with Microsoft 365 and Azure AD:
Install-Module -Name MSOnline -Scope CurrentUser -Force
These let you query users and MFA settings. After installing, you can confirm they're available with:
Get-Module -ListAvailable MSOnline
Step 2: Connect to Azure AD and Microsoft 365
Now let's connect to your tenant. Run both of these:
Connect-MsolService
These will prompt you to sign in using your Microsoft 365 admin account. Once you're in, you're ready to start pulling data.
Step 3: Generate the MFA Report for All Users
Here's the fun part. This script goes through every user, checks their MFA status, lists which authentication methods they're using, and adds a few extras like license and sign-in status.
$users = Get-AzureADUser -All $true
# Create array to store results
$report = @()
foreach ($user in $users) {
$upn = $user.UserPrincipalName
# Check license status
$isLicensed = if ($user.AssignedLicenses.Count -gt 0) { "Licensed" } else { "Unlicensed" }
# Pull MFA info using MSOnline module
$mfaUser = Get-MsolUser -UserPrincipalName $upn
# MFA state (Enabled/Enforced/Disabled)
$mfaStatus = if ($mfaUser.StrongAuthenticationRequirements.State) {
$mfaUser.StrongAuthenticationRequirements.State
} else {
"Disabled"
}
# Authentication method types (e.g., PhoneAppNotification, OneWaySMS)
$mfaMethods = if ($mfaUser.StrongAuthenticationMethods) {
($mfaUser.StrongAuthenticationMethods | ForEach-Object { $_.MethodType }) -join ", "
} else {
"None"
}
# Sign-in allowed?
$loginAllowed = if ($user.AccountEnabled) { "Allowed" } else { "Blocked" }
# Add info to report
$report += [PSCustomObject]@{
DisplayName = $user.DisplayName
UserPrincipalName = $upn
LicenseStatus = $isLicensed
MFAStatus = $mfaStatus
MFAMethods = $mfaMethods
LoginAllowed = $loginAllowed
}
}
Step 4: View and Export the MFA Report
Want to preview the report in PowerShell?
Want to export it for management, auditing, or compliance?
Now you've got a clean, downloadable CSV showing MFA status and methods used—ready for your next audit or internal check.
Why This Is Useful
With just a few lines of code, you can answer critical questions like:
This is especially helpful for organizations enforcing security policies like MFA for all users or doing regular compliance reviews.
Additional Tips for an IT Admin:
A Quick Word on Microsoft Graph PowerShell SDK
While the AzureAD and MSOnline modules are still widely used, Microsoft Graph PowerShell SDK is the modern, recommended way to interact with Microsoft 365 services. It provides a single unified API surface that can query everything from users and groups to security settings and audit logs. Unlike the older modules, Microsoft Graph is actively maintained and supports more advanced scenarios like conditional access, sign-in logs, and device management.
For example, you can use Graph to retrieve detailed MFA status, sign-in activity, and even authentication methods using commands like Get-MgUserAuthenticationMethod. If you're building automation for long-term use, it's worth investing time in learning Graph—it's the future of Microsoft 365 administration via PowerShell.
Easier Approach which is Download PowerShell Script & Run from Your PC!
To make things even easier, I've packaged this entire PowerShell script into a ready-to-use bundle. You can download, extract, and run it without needing to copy and paste any code manually. Just launch the script, sign in with your Microsoft 365 admin credentials, and it will generate a full MFA and authentication method report in minutes. Perfect for quick audits, security reviews, or just keeping tabs on your tenant's MFA posture.
Don't Rely on Easy Way of Doing Things & Verify The Script before Executing it!
That said, I highly recommend caution when downloading and running PowerShell scripts from the internet, even mine. While I assure you there's no ill intent and you're absolutely welcome to review every line of my script, it's still best practice to run scripts yourself and understand what they're doing. In today's world, it's far too easy for malicious actors to inject harmful code into shared scripts—so stay safe, stay sharp, and always validate what you execute in your environment.
Always ensure safe practices when handling downloaded scripts. Before running anything, right-click the script file, open it in a text editor like Notepad or VS Code, and carefully read through it. Look for anything unusual—suspicious URLs, encoded commands, or actions that don't match the script's purpose. It only takes a minute and could save you from a major security headache. Trust is good, but verifying the script yourself is even better.
Final Thoughts
In this guide, we walked through how to connect to Microsoft 365 Azure using PowerShell to generate a detailed report on user MFA status and authentication methods. By using the AzureAD and MSOnline modules, admins can quickly identify who has MFA enabled, what methods are in use, and whether user accounts are licensed or allowed to sign in—all without navigating through the Azure portal. This streamlined approach is especially useful for audits, security checks, and maintaining compliance across your tenant.
Additionally, we touched on the importance of using safe scripting practices. While I've provided a downloadable version of the script for convenience, it's crucial to always review any script before running it. Even with the best intentions, malicious code can easily be embedded by others if you're not careful. Taking a few moments to inspect the script ensures you stay in control and maintain a secure environment.
Comments