Azure MFA status reporting for MFA Server (on-prem)

Question

is there a way to gather MFA Status for the MFA Server (on-prem)? For example, registered, unregistered users.

I found the following cmdlet from Microsoft, but this works only for Azure MFA Cloud Users and not MFA Server.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName

Do you know if there is an AD attribute for registered users? The StrongAuthenticationMethods attribute is also cloud-only.

Marilee Turscak - MSFT Marilee Turscak - MSFT · Accepted Answer · 2019-01-09T18:31:14

You can check in the reports in the portal. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

You can't check using Powershell, though. There is a feature request in user voice for this but it is not supported yet. https://feedback.azure.com/forums/598699-azure-cloud-shell/suggestions/33086371-add-mfa-server-on-premises-management-via-powers

You also cannot use the V2 version of the AAD PowerShell Module to check the MFA enrollment/registration status on a user. This is because the property does not appear to be exposed via the AAD Graph API yet and you therefore cannot retrieve the StrongAuthenticationMethods. You can only use the older v1 version of the AAD powershell module for this.

Azure MFA status reporting for MFA Server (on-prem)

1 Answers