Finding Azure Active Directory with Admin Roles Not Protected with MFA

Microsoft makes a strong case that all Azure Active Directory accounts should be protected with multi-factor authentication (MFA). That’s a great aspiration, but the immediate priority is to check accounts holding admin roles. This post explains how to use a PowerShell script to find and report those accounts.

Advertisements

Reporting MFA-Enabled Accounts

When a problem arises, it’s good to know what user accounts are affected. In the case of the recent MFA outage, the need existed to report the list of accounts that were MFA-enabled. Here’s how to do the job with PowerShell.