Taking stock of the different user authentication methods in your tenant

Like any start of a project or task, it helps to get a baseline of where you are before you proceed, this helps check our progress too. With the ever increasing need to protect the identities of your users, this simple script will get all the Entra ID users and the authentication methods they have registered.

It runs at a pace of about 2 accounts per second, hence if your tenant has a lot of accounts, you can either filter it first or simply wait it out.

Below is a sample output:

#microsoft.graph.emailAuthenticationMethod: 21 #microsoft.graph.fido2AuthenticationMethod: 4 #microsoft.graph.microsoftAuthenticatorAuthenticationMethod: 50 #microsoft.graph.passwordAuthenticationMethod: 657 #microsoft.graph.phoneAuthenticationMethod: 83 #microsoft.graph.softwareOathAuthenticationMethod: 1 #microsoft.graph.temporaryAccessPassAuthenticationMethod: 1 #microsoft.graph.windowsHelloForBusinessAuthenticationMethod: 5 Authentication methods saved to authentication-methods.csv

Link here: https://github.com/panoy86/sysadmin/blob/main/graphAPI/get-mfa.ps1

Aside from the console output, it saves the results in a CSV file with the auth-methods in a comma-separated string.