Script Repository


Check multi-factor authentication status for a user in Microsoft 365

March 30, 2021
8941

The script can be used to obtain the status of multi-factor authentication for a user in Microsoft 365 (Office 365). To execute the script, use the Run a program or PowerShell script action in a custom command, business rule or scheduled task. To connect to Microsoft 365, the script use the credentials specified in the Run As section of the action settings.

For the script to work, you need to install Microsoft Azure Active Directory Module on each computer where Adaxes service is running.

Edit Remove
PowerShell
# Get Microsoft 365 Object ID
try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    $Context.LogMessage("The user %fullname% doesn't have a Microsoft 365 account.", "Warning")
    return
}

# Connect to Azure AD
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
Connect-MsolService -Credential $credential

# Output MFA status
$user = Get-MsolUser -ObjectId $objectId

if ($user.StrongAuthenticationRequirements.State -ne $NULL)
{
    $Context.LogMessage("Multi-factor authentication is enabled for user %fullname%.", "Information")
}
else
{
    $Context.LogMessage("Multi-factor authentication is disabled for user %fullname%.", "Information")
}

Comments ( 8 )
avatar
Patrick Faust
Feb 04, 2021
The result is not reported when run for multiple users.
I like to get an overview of missed mfa activations for a complete OU.
Looks like I can only run this one by one.

Any chance to let it run for multiple users and get simple overview which ones need to be activated?
avatar
Support
Feb 05, 2021
Hello Patrick,

This particular script can only be executed on a single user. If you need information for multiple users, we can provide you with another script that will be used to generate a report. For us to provide you with a solution, please, specify the version of Adaxes you are currently using. For information on how to check that, seehttps://www.adaxes.com/help/?HowDoI.ManageService.CheckAdaxesServiceVersion.html.

Any additional details and live examples of the desired behavior will be much appreciated.
avatar
Olson
Feb 08, 2021
any update on this? Also looking for a report that shows this info
avatar
Support
Feb 08, 2021
Hello Olson,

As it was mentioned above, we do not have such a script in our repository and to provide it we need to know the Adaxes version and what exactly should be included into the report. Once we have the information, we will be able to provide the script.
avatar
olson
Feb 08, 2021
ok
version: 3.13.18625 (latest)
report: username: status(disabled/enabled/enforced)
report runs on OU

would be great!
avatar
Support
Feb 08, 2021
Hello Olson,

Thank you for the provided details. Please, have a look at the following script from our repository: https://www.adaxes.com/script-repository/status-of-users-mfa-in-microsoft-365-s601.htm.
avatar
Olson
Feb 09, 2021
yes, i have this working already but this is for a single user....
avatar
Support
Feb 09, 2021
Hello Olson,

The script is intended to generate a report of users and their MFA statuses in Microsoft 365. It cannot be executed for a single user. The scope should be an OU or container.
Leave a comment