Issue:
We are working on enabling MFA and have sent a link to users to register their cell phones in for SMS messages prior to enabling MFA.
How can IT determine (either in the console, or with a PS script) whether a user has input a phone number? We don’t want to enable MFA for a user until the phone number is entered. And we don’t want to keep contacting them about it.
Resolution:
1) Create an elevated Powershell Session
2)Connect-Msolservice
3) Get-MsolUser -All | Where {$_.UserPrincipalName} | Select UserPrincipalName, DisplayName, @{n=”Status”; e={$_.StrongAuthenticationRequirements.State}}, @{n=”Methods”; e={($_.StrongAuthenticationMethods).MethodType}}, @{n=”Chosen Method”; e={($_.StrongAuthenticationMethods).IsDefault}} | Out-GridView
The output will be a grid window (as shown in screenshot below)
For your users, you are looking for OnewaySMS and PhoneAppOTP status under Chosen Methods as True or False.
Note:
The script is made from Get-Msoluser piped with Where operator checking the strong authentication requirements field and outputting it to a grid. This script is AS-IS and WITHOUT WARRANTY.
Comments
0 comments
Article is closed for comments.