Met het onderstaande PowerShell script kan je eenvoudig controleren of MFA aanstaat voor je Microsoft 365 omgeving.
Start PowerShell als Administrator Connect-MsolService en meld je aan met het admin account van je Microsoft 365 omgeving.
Write-Host "Finding Azure Active Directory Accounts..."
$Users = Get-MsolUser -All | ? {$_.IsLicensed -eq $True}
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..."
ForEach ($User in $Users) {
$MFAMethods = $User.StrongAuthenticationMethods.MethodType
$MFAEnforced = $User.StrongAuthenticationRequirements.State
$DefaultMFAMethod = ($User.StrongAuthenticationMethods | ? {$_.IsDefault -eq "True"}).MethodType
If (($MFAEnforced -eq "Enforced") -or ($MFAEnforced -eq "Enabled")) {
Switch ($DefaultMFAMethod) {
"OneWaySMS" { $MethodUsed = "One-way SMS" }
"TwoWayVoiceMobile" { $MethodUsed = "Phone call verification" }
"PhoneAppOTP" { $MethodUsed = "Hardware token or authenticator app" }
"PhoneAppNotification" { $MethodUsed = "Authenticator app" }
} #End Switch
}
Else {
$MFAEnforced= "Not Enabled"
$MethodUsed = "MFA Not Used" }
$ReportLine = [PSCustomObject] @{
User = $User.UserPrincipalName
Name = $User.DisplayName
MFAUsed = $MFAEnforced
MFAMethod = $MethodUsed }
$Report.Add($ReportLine)
} # End For
Write-Host "Report is in c:\Beheer\MFAUsers.CSV"
$Report | Select Name, MFAUsed, MFAMethod | Out-GridView
$Report | Export-CSV -NoTypeInformation c:\Beheer\MFAUsers.CSV