Reporting User-Preferred MFA Methods for Azure AD User Accounts

  1. Connect-MgGraph -Scopes UserAuthenticationMethod.ReadWrite.All
  2. Select-MgProfile Beta
  3. [array]$Users = Get-MgUser -Filter "assignedLicenses/`$count ne 0 and userType eq 'Member'" -ConsistencyLevel eventual -CountVariable Records -All
  4. $Report = [System.Collections.Generic.List[Object]]::new() 
  5. ForEach ($User in $Users) {
  6.  $Uri = ("https://graph.microsoft.com/beta/users/{0}/authentication/signInPreferences" -f $User.Id)
  7.  $AuthData = Invoke-MgGraphRequest -Uri $Uri -Method Get
  8.  $ReportLine = [PSCustomObject]@{
  9.     User   = $User.displayName
  10.     UPN    = $User.userPrincipalName
  11.     'System preferred MFA enabled' = $AuthData.isSystemPreferredAuthenticationMethodEnabled
  12.     'System preferred MFA method'  = $AuthData.systemPreferredAuthenticationMethod
  13.     'Secondary auth method'        = $AuthData.userPreferredMethodForSecondaryAuthentication }
  14.   $Report.Add($ReportLine)
  15. }

Source: https://office365itpros.com/2023/06/21/report-user-authentication-methods/