Users with ServiceAdministrator, AccountAdministrator and CoAdministrator roles are classic administrators in Azure. We are trying to get MFA status for these classic administrator users. However, using 'Get-MsolUser -UserPrincipalName {classicAdminSignInName}' in PowerShell, we are not getting any user in result. Also the classic administrator users are not found when searching in Azure AD from Azure portal. In respect to above scenario, can you please help us understand. How to get MFA status of classic administrator using PowerShell?
1 Answers
0
votes
This not how you get an ADUser UPN. You'd do this...
Get-MsolUser -UserPrincipalName [email protected]
... no need for the braces, unless you are going to use Where filtering.
Get-MsolUser |
Where-Object { $_.isLicensed -eq "TRUE" } |
Select UserPrincipalName
Just as you would if you were doing this via Get-ADUser in on-prem ADDS.
Doing a search for your use case shows you items you need to be aware of:
Example hits:
Azure Multi-Factor Authentication user states
Powershell script to fetch list of users with MFA status
identify users that were MFA configured:
Get-MsolUser -all |
select UserPrincipalName,
@{N="MFA Status"; E={ if( $_.StrongAuthenticationMethods.IsDefault -eq $true) {($_.StrongAuthenticationMethods|Where IsDefault -eq $True).MethodType}
else { "Disabled"}}} |
FT -AutoSize
