Multi-factor authentication method analysis

For a security audit, it is necessary to check which multi-factor authentication method is enabled for each individual user in the Microsoft tenant.

The guide can also be used to make users aware of a multi-factor authentication method that may be more convenient for them than they currently have enabled.

The following are possible multi-factor authentication methods.:

Mobile App (Microsoft Authenticator)
Text message
Phone call

Table of contents hide

1 Preparation

2 Export result as CSV file

3 Analyze multi-factor authentication methods

Preparation

Microsoft has published a PowerShell script on Github for the analysis of multi-factor authentication, download and unzip this script:
https://github.com/azure-samples/azure-mfa-authentication-method-analysis/tree/master/

Analyse Multi-Factor Authentication - Github Download

The TenantID is required to execute the script. This can be found in the Azure Portal (https://portal.azure.com) under “Azure Active Directory”.

Analyse Multi-Factor Authentication - Tenant ID

Export result as CSV file

With the unzipped script “MfaAuthMethodAnalysis.ps1” and the TenantID the script can be started. Note the following:

the following PowerShell code can be executed in “Windows PowerShell ISE” in the path where the previously unzipped script “MfaAuthMethodAnalysis.ps1” is located
Replace with the value from the previous step
No guest account may be used for the sign in
the used user account needs at least the permission “User Administrator”
“MSOnline” Version 1.1.183.57 or higher is required

if (Get-Module -ListAvailable -Name MSOnline) {
    Write-Host "MSOnline exists, nothing to install"
} 
else {
	Write-Host "Module MSOnline missing, installation in progress..."
    Install-Module MSOnline
}

.\MfaAuthMethodAnalysis.ps1 -TenantId &lt;TenantID&gt; -LocationInfo -CsvOutput

if (Get-Module -ListAvailable -Name MSOnline) {

Write-Host "MSOnline exists, nothing to install"

}

else {

Write-Host "Module MSOnline missing, installation in progress..."

Install-Module MSOnline

}

.\MfaAuthMethodAnalysis.ps1 -TenantId <TenantID> -LocationInfo -CsvOutput

PowerShell now takes a short time to export the results to a CSV file.

Analyze multi-factor authentication methods

In our example the script “MfaAuthMethodAnalysis.ps1” was used to create the CSV file with the following content.

Analyse Multi-Factor Authentication - Analyse Authenticationmethod

The user has set up multi-factor authentication with a notification via the Microsoft Authenticator app
as an improvement it is suggested to add a phone number to have another option for the second authentication factor, should the Microsoft Authenticator app not be available.

Follow me on LinkedIn and get informed about my latest posts.

Follow on LinkedIn

Was this post helpful to you? Show your enthusiasm with the delightful aroma of a freshly brewed coffee for me!

Multi-factor authentication method analysis

Preparation

Export result as CSV file

Analyze multi-factor authentication methods

App Password for Multi-Factor Authentication

Block Legacy Authentication with Azure AD Conditional Access