MSOnline

1 entry has been tagged with MSOnline.

Quickly Assess Azure MFA use in your Organization

Microsoft recently released a very helpful script that allows Administrators looking to roll out Azure MFA to their organization with a easy-to-read output that can aid in assessing status, or even recommendations to enhance their use of the technology.

https://docs.microsoft.com/en-us/samples/azure-samples/azure-mfa-authentication-method-analysis/azure-mfa-authentication-method-analysis/

Below is a sample output

mfa02

Here are some common “Recommendations” from the script

  • ‘Register for MFA, preferably with the Microsoft Authenticator mobile app and also with a phone number, used for SMS or Voice.’
  • ‘Consider adding an alternative phone number for additional resilience.’
  • ‘Consider setting the Microsoft Authenticator mobile app as the default method.’
  • ‘Register at least another authentication method, preferably the Microsoft Authenticator mobile app or hardware OATH token. A user can have up to five hardware OATH tokens or mobile apps registered.’
  • ‘Consider adding an alternative phone number for additional resilience.’

Implementation

Download the ZIP file from the Microsoft website.

https://docs.microsoft.com/en-us/samples/azure-samples/azure-mfa-authentication-method-analysis/azure-mfa-authentication-method-analysis/

Run the following Powershell commands to Authenticate to your tenant and run the commands

Import-Module MSONLINE

Connect-MSOLService

$TenantID = ($skus.AccountObjectID[0]).GUID

.\MfaAuthMethodAnalysis.ps1 –tenantID $TenantID -Location -CsvOutput –Verbose

You’ll may see the following error:

mfa01

If this occurs, you will need the MSONLINE module, and may need to update as I had to do by running the following Powershell command:

Update-Module MSONLINE

mfa03

Once updated, try running the command again and you should see the process fire off and save a file in the directory of the script in the format MfaAuthMethodAnalysis_<date>_<time>.csv

mfa04

This is WAY easier than using the GUI in Azure Active Directory, and allows you to do some sort again the data for taking action, automation, etc.

 

css.php