How to Export MFA Status of All Office 365 Users to CSV Report

Aftab Alam
Aftab Alam | Published On - 13 Dec 2021 |

Read time 7 min

Big corporate businesses or government institutions that use Office 365 for their employees create multi-factor authentication for important accounts. Multi-factor authentication increases the security level of the account by creating several additional security layers for an account. The user must input extra information like an OTP through SMS or call or validate through a mobile app to log in to the account.

It is not easy to check how many accounts have enabled their multi-factor authentication, but the administrator can create a CSV report containing such information. The administrator can create the report using Windows PowerShell connected with the Office 365 account.

  • What is multi-factor authentication?
  • For the protection of cloud account from various threats, one requires to enable MFA authentication for their admins and other necessary accounts. There are three settings that are associated with their accounts-

    Disabled – it is the default status for all the Office 365 accounts.

    Enabled – When the user tries to enable the MFA, but the registration process is not complete, the account status is shown as enabled.

    Enforced – When the registration process is complete, the account status is changed from enabled to enforced.

  • How to check multi-factor authentication in Office 365?
  • The user can access multi-factor authentication status in Microsoft 365 Admin Center for all the users created by the Admin.

    1. After you have logged in to Microsoft 365 Admin Center, you can go to the Users category, and it has an option for multi-factor authentication. Click It.
    2. logged in to Microsoft 365 Admin Center

    3. The list has a property column ‘multi-factor auth status’ that shows the status of MFA status for different users. You can change this status by clicking on it.
    4. multi-factor auth status
      The list does not provide some necessary information like-

      • whether the MFA process is finished or not
      • which authorization is enabled MFA
      • option to export to CSV file

      There is a better way to extract the MFA status in a CSV file using Windows PowerShell. But, you should connect PowerShell with your Office 365 account first.

      Connect Windows PowerShell with Office 365

      1. Start Windows PowerShell as the Administrator.
      2. Run the first cmdlet –
      3. Set-ExecutionPolicy RemoteSigned

        A message will appear to tell you that you are asking to run an external policy that can change the security settings. Click Y and Enter.
        run an external policy

      4. Run another command to enter the user credentials of your Office 365-
      5. $UserCredential = Get-Credential

        A pop-up will appear where you need to input your account credentials. Provide them and click OK.
        input your account credentials

      6. After providing credentials, create the new session using the following cmdlet-
      7. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection

        A new session will be starting soon.
        session will be starting

      8. After creating the session, import it into a variable-
      9. Import-PSSession $Session

        import into a variable-

  • Prepare the PowerShell script
  • You need to create a special PowerShell script to help you create a CSV file. First, create two special folders in your C Drive-

    Scripts
    Temp

    After creating both accounts, copy the following script in notepad and save it with a new name. The example is using ‘Get-MFAReport.ps1’ as the file-

    Write-Host “Finding Azure Active Directory Accounts…”
    $Users = Get-MsolUser -All | ? { $_.UserType -ne “Guest” }
    $Report = [System.Collections.Generic.List[Object]]::new() # Create output file
    Write-Host “Processing” $Users.Count “accounts…”
    ForEach ($User in $Users) {
    $MFAEnforced = $User.StrongAuthenticationRequirements.State
    $MFAPhone = $User.StrongAuthenticationUserDetails.PhoneNumber
    $DefaultMFAMethod = ($User.StrongAuthenticationMethods | ? { $_.IsDefault -eq “True” }).MethodType
    If (($MFAEnforced -eq “Enforced”) -or ($MFAEnforced -eq “Enabled”)) {
    Switch ($DefaultMFAMethod) {
    “OneWaySMS” { $MethodUsed = “One-way SMS” }
    “TwoWayVoiceMobile” { $MethodUsed = “Phone call verification” }
    “PhoneAppOTP” { $MethodUsed = “Hardware token or authenticator app” }
    “PhoneAppNotification” { $MethodUsed = “Authenticator app” }
    }
    }
    Else {
    $MFAEnforced = “Not Enabled”
    $MethodUsed = “MFA Not Used”
    }

    $ReportLine = [PSCustomObject] @{
    User = $User.UserPrincipalName
    Name = $User.DisplayName
    MFAUsed = $MFAEnforced
    MFAMethod = $MethodUsed
    PhoneNumber = $MFAPhone
    }

    $Report.Add($ReportLine)
    }

    Write-Host “Report is in c:\temp\MFAUsers.CSV”
    $Report | Select User, Name, MFAUsed, MFAMethod, PhoneNumber | Sort Name | Out-GridView
    $Report | Sort Name | Export-CSV -NoTypeInformation -Encoding UTF8 c:\temp\MFAUsers.csv

    Copy and paste the complete script and save as Get-MFAReport.ps1 file in scripts folder.

  • Connect PowerShell with Azure Active Directory
    1. In PowerShell, you should connect Azure Active Directory with new cmdlets. First, install the MSOnline module. Input the command-
    2. Install-Module MSOnline

      Install-Module
      Click Y to answer the question.

    3. Run another command to connect with Azure-
    4. Connect-MsolService
    5. Now, move into scripts folder by changing the directory ‘CD C:\scripts’ and run another command for the earlier created script-
    6. C:\ scripts > .\Get-MFAReport.ps1 and it will create the CSV file

      create the CSV file

    7. A list will show you the details of Office 365 accounts in a grid view.
    8. Office 365 accounts in a grid view

    9. In the temp folder, a CSV file has been created and you can open it in the Excel file.
    10. open it in the Excel file

Conclusion

Multi-factor authentication increases the security level of any Office 365 account. Moving the contents between two accounts cannot be easily migrated through a manual process when you want to move the contents. So, you should use Kernel Office 365 Migration software to help you protect the integrity of data. The software will also make sure that you get the entire data in the new account.

Download Now