Hello Everyone,
I have the glorious task of compiling the list of users who are MFA Enabled in our tenant. Our tenant is quite messy, over 480 domains, multiple things going on. I’m trying to find a way to only retrieve a list of users from Get-MsolUser that are Enabled, licensed with either E1 or E3, and have Exchange enabled in their plan.
I’ve gotten as far as to be able to figure out who has an E1 or E3, but I can’t figure out the next step. Here is what I have so far:
Get-MsolUser -EnabledFilter EnabledOnly -All |
Where-Object -FilterScript {(($_.licenses).AccountSkuId -match "enterprisepack") -or (($_.licenses).AccountSkuId -match "standardpack")} |
Select-Object DisplayName,UserPrincipalName,@{N="Email Address"; E={$_.ProxyAddresses |
Where-Object {$_ -cmatch '^SMTP\:.*'}}},@{N="MFA Status"; E={ if( $_.StrongAuthenticationRequirements.State -ne $null){ $_.StrongAuthenticationRequirements.State} else { "Disabled"}}} |
Export-CSV "C:\Users\rmartin\Scripts\MFA Users - $((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv" -NoTypeInformation
Here is an update that we’ve come up with:
Get-MsolUser -EnabledFilter EnabledOnly -All |
Where-Object {$_.Licenses.ServiceStatus |
Where-Object {(($_.ServicePlan.ServiceName -eq "EXCHANGE_S_ENTERPRISE") -or ($_.ServicePlan.ServiceName -eq "EXCHANGE_S_STANDARD")) -and $_.ProvisioningStatus -eq "Success"}} |
Select-Object DisplayName, UserPrincipalName, @{N="Email Address"; E={$_.ProxyAddresses |
Where-Object {$_ -cmatch '^SMTP\:.*'}}}, @{N="MFA Status"; E={if($_.StrongAuthenticationRequirements.State -ne $null) {$_.StrongAuthenticationRequirements.State} else {"Disabled"}}} |
Export-CSV "C:\Users\rmartin\Scripts\MFA Users - $((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
Thank you for any help that anyone can provide!
- Rob