What MFA method is used by how many users

SCENARIO
You want to know how many users are using SMS for MFA or mobile app to change user behavior to drive adoption of the MFA app.

PROBLEM
By default when users enrol with MFA they click “Next” all the way and end up with SMS authentication, regardless of what information we provide them with. And the way Microsoft stores this information isn’t very friendly for us to see this easily.

SOLUTION
I wrote this to demonstrate to management that users indeed doesn’t read the e-mails sent out to them which detailed that they should use “Mobile app” verification and what actually happened was they just clicked “Next” all the way and ended up with SMS authentication. In our case we ended up with about 2% of users chosing the application!

$phoneappnotificationcount = 0
# Setting the counters
$PhoneAppOTPcount = 0
$OneWaySMScount = 0
$TwoWayVoiceMobilecount = 0
$nomfamethod = 0
# Getting all users
$allusers = Get-MsolUser -all
# Going through every user
foreach($induser in $allusers)
	{ 
	# Resetting the variables
	$methodtype = ""
	$strongauthmethods = ""
	$upn = ""
	$strongauthmethods = $induser | select -ExpandProperty strongauthenticationmethods
	$upn = $induser.userprincipalname
	# This check is if the user has even enrolled with MFA yet, otherwise we +1 to that counter.
	if(!$strongauthmethods) { $nomfamethod++ }
	# Going through all methods ...
	foreach($method in $strongauthmethods)
		{ 
		# ... to find which is the default method.
		if($method.IsDefault)
			{
			$methodtype = $method.MethodType
			if($methodtype -eq "PhoneAppNotification") { $phoneappnotificationcount++ }
			elseif($methodtype -eq "PhoneAppOTP") { $PhoneAppOTPcount++ }
			elseif($methodtype -eq "OneWaySMS") { $OneWaySMScount++ }
			elseif($methodtype -eq "TwoWayVoiceMobile") { $TwoWayVoiceMobilecount++ }
			# If you want to get a complete list of what MFA method every user got, remove the hashtag below
			# write-host "User $upn uses $methodtype as MFA method"
			} 
		} 
	}
# Now printing out the result
write-host "Amount of users using MFA App Notification: $phoneappnotificationcount"
write-host "Amount of users using MFA App OTP Generator: $PhoneAppOTPcount"
write-host "Amount of users using SMS codes: $OneWaySMScount"
write-host "Amount of users using Phone call: $TwoWayVoiceMobilecount"
write-host "Amount of users with no MFA method: $nomfamethod"

About the Author
Author

stoff

Leave a reply