Table of Contents
Microsoft Adds Last Used Property for Authentication Methods
The Microsoft 365 User Password and Authentication report is one of the scripts that I pay attention to and attempt to keep up to date as new developments emerge. The last version (V1.4) dealt with a change in how the default MFA method is reported; the version before added details of the authentication methods configured for user accounts.
Now it’s time to go back to refresh the script again because Microsoft has refreshed the beta version of the list authentication methods API to add a last used date time property. Entra ID updates the property when the authentication method (SMS code, passkey, Microsoft authenticator app, and so on) is used to authenticate an account. Looking at the dates in my tenant, I see last used dates going back to January 2023. There might be earlier dates than this noted for some authentication methods, but the point is that this information is now available.
The Value of the Last Used Property
The value of the last used property is that if you know what authentication methods are in active use, you might be able to remove unused authentication methods from user accounts to reduce the available attack surface for those accounts.
In any case, knowing when authentication methods are in active use for accounts is good information to have, especially if you want to encourage (“nag”) people to move away from weak secondary authentication methods like SMS and use something stronger, like the authenticator app or passkeys.
Updating the Script to V1.5
In any case, it was time to break out Visual Studio Code to update the Microsoft 365 User Password and Authentication script. The code uses the Get-MgUserAuthenticationMethod cmdlet to fetch authentication methods for an account. Each method has an identifier, and the more interesting information is found in the additionalProperties property (array). You’ll need at least the UserAuthMethod-MicrosoftAuthApp.Read.All Graph permission to access this information:
[array]$AuthMethods = Get-MgUserAuthenticationMethod -UserId $User.Id -ErrorAction Stop $AuthMethods Id -- 28c10230-6103-485e-b985-444c60001490 3ddfcfc8-9383-446f-83cc-3ab9be4be18f 338e704e-bb5c-4b0d-9c2e-458e630e4017
Microsoft updated the Microsoft Graph PowerShell SDK to V2.32 earlier this month. So far, the release has proven stable, and I haven’t run into new problems. It includes the Get-MgBetaUserAuthenticationMethod cmdlet, which returns the last used property:
[array]$AuthMethods = Get-MgBetaUserAuthenticationMethod -UserId $User.Id -ErrorAction Stop $AuthMethods Id CreatedDateTime LastUsedDateTime -- --------------- ---------------- 28c10230-6103-485e-b985-444c60001490 30/05/2020 07:48:05 3ddfcfc8-9383-446f-83cc-3ab9be4be18f 338e704e-bb5c-4b0d-9c2e-458e630e4017 04/08/2025 06:27:29
Not all authentication methods update the created date and last used date properties, but enough do to make the properties worthwhile.
The interesting thing here is that the cmdlet now surfaces the created date time as a property instead of an item in the additionalProperties array. This change is likely due to an update to the underlying Graph API metadata, and it could result in some scripts breaking if, as expected, the change makes it through to production. I certainly had to make some code changes to accommodate the change in how the created date is exposed. Figure 1 shows some example output where the last used date is reported for two authentication methods.
It would be nice if the data provided for every authentication method was consistent, but it’s not. It’s just another challenge to solve when working with Graph data.
New Version Available from GitHub
The updated (V1.5) version of the script can be downloaded from the Office 365 for IT Pros GitHub repository. I make no claim of greatness for the code. It’s there for people to learn about how to access and use the Graph to interact with authentication methods. No doubt this will interest some and not others. Feel free to upgrade and enhance the code to meet your requirements.
Learn about managing Entra ID and the rest of the Microsoft 365 ecosystem by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.