Quickly Assess Azure MFA use in your Organization

Microsoft recently released a very helpful script that allows Administrators looking to roll out Azure MFA to their organization with a easy-to-read output that can aid in assessing status, or even recommendations to enhance their use of the technology.


Below is a sample output:


Here are some common “Recommendations” from the script

  • ‘Register for MFA, preferably with the Microsoft Authenticator mobile app and also with a phone number, used for SMS or Voice.’
  • ‘Consider adding an alternative phone number for additional resilience.’
  • ‘Consider setting the Microsoft Authenticator mobile app as the default method.’
  • ‘Register at least another authentication method, preferably the Microsoft Authenticator mobile app or hardware OATH token. A user can have up to five hardware OATH tokens or mobile apps registered.’
  • ‘Consider adding an alternative phone number for additional resilience.’


Download the ZIP file from the Microsoft website.


Run the following Powershell commands to Authenticate to your tenant and run the commands

Import-Module MSONLINE


$TenantID = ($skus.AccountObjectID[0]).GUID

.\MfaAuthMethodAnalysis.ps1 –tenantID $TenantID -Location -CsvOutput –Verbose

You’ll may see the following error:


If this occurs, you will need the MSONLINE module, and may need to update as I had to do by running the following Powershell command:

Update-Module MSONLINE


Once updated, try running the command again and you should see the process fire off and save a file in the directory of the script in the format MfaAuthMethodAnalysis_<date>_<time>.csv


This is WAY easier than using the GUI in Azure Active Directory, and allows you to do some sort again the data for taking action, automation, etc.

Chris Blackburn

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.