Check if MFA is Enabled in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or Authentication Policy Administrator or Authentication Administrator.

Option 1 Using Microsoft Entra Admin Center

Sign-in to the Microsoft Entra admin center.
Go to All Users residing under Identity»Users and select Per-user MFA. Now, you’d be redirected to the multi-factor authentication page.
In the list of users, view the multi-factor authentication status field to see the current MFA status for each user.

Option 2 Using Windows PowerShell

Run the below cmdlets to check if MFA status is enabled in Microsoft 365.

Windows PowerShell

 Connect-MsolService

Get-MsolUser -all | select DisplayName,UserPrincipalName,@{N= "MFA Status"; E ={if( $_.StrongAuthenticationRequirements.State -ne $null) {$_.StrongAuthenticationRequirements.State} else { "Disabled" }}}

Option 3 Using PowerShell Script

Download and run the following script in the Administrator PowerShell.
By default, the script retrieves user properties with MFA status and authentication methods.

GetMFAStatus.ps1

AdminDroid Solution

More than 150 reports are under the free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 portal.
Navigate to the "User’s MFA Details" report under Reports»Security»MFA reports section.

Get the list of per user’s MFA status with properties like default MFA methods, MFA device name, MFA number of devices, etc. of your Microsoft 365 environment.

Use built-in charts to check if MFA is enabled for users, providing comprehensive visibility into adoption and compliance levels.

Explore a full range of reporting options

Office 365 MFA Status Reports at Their Best!

AdminDroid's Microsoft 365 MFA status reports provide a clear roadmap, making it easier for IT admins to strengthen organizational security.

Witness the report in action using the

Live Demo

Important Tips

Suppressing authenticator notifications from risky sources helps mitigate MFA fatigue attacks by preventing overwhelming prompts and ensuring that only legitimate access attempts trigger authentication requests.

Enable the Report Suspicious Activity feature which empowers you to stay vigilant and proactively respond to potentially suspicious MFA requests.

Switch to the future of account security with passwordless access to Microsoft 365, offering your employees swift and stress-free logins, no more password hassles.

Azure ADKeep an Eye on Azure AD Per-User MFA Reports for Ultimate Security in Microsoft 365

Showing 1 of 9

What are the benefits of enabling MFA in Microsoft 365? How to set up MFA for a user in Microsoft 365? How to enable MFA for external users via Conditional Access? How to recognize that an MFA fatigue attack is happening? How to check if Office 365 MFA is enabled? What are the current limitations of MFA? What are the best practices for MFA? How to monitor MFA in Microsoft 365? How to manage MFA for an organization?

What are the benefits of enabling MFA in Microsoft 365?

MFA (Multi-factor authentication) unlocks a realm of robust security, shielding user accounts with multiple layers of protection. Here are five key advantages of using multi-factor authentication in Microsoft 365:

Increased Microsoft security: MFA requires users to provide two or more ways of authentication when they sign in. This helps to prevent unauthorized access, even if a user's Office 365 password is compromised.
Reduced risk of data loss: MFA can help to reduce the risk of data loss by preventing malicious Microsoft 365 sign-ins to your organization.
Improved compliance: Many Microsoft 365 organizations' regulations such as HIPAA, GDPR, CJIS, and more require admins to implement multi-factor authentication. By using MFA, you can help to ensure that your organization is compliant with these regulations.
Protection against phishing attacks: Even if a user unknowingly discloses their password to a malicious website or email, the second authentication factor acts as a barrier.
Credential theft mitigation: MFA safeguards against cybercriminals using automated tools to test numerous username-password combinations. The second authentication factor resists duplication, reinforcing the account effectively.

AdminDroid: Protect your organization with better MFA monitoring.

Use the dedicated Users without MFA resided under Reports»Security»MFA Reports to list the users with multi-factor authentication (MFA) disabled.
We recommend utilizing the Quick Schedule⏰ feature which periodically sends the report to your inbox. Follow these steps to activate the quick scheduler option.
Set frequency to be scheduled and save the scheduler with name.
Now it is easy to frequently monitor on users whose MFA is disabled.

How to set up MFA for a user in Microsoft 365?

Azure AD MFA is a fundamental step to secure your organization's digital assets and protect against unauthorized access in Microsoft 365.

To set up an MFA, follow the below steps to set up an MFA for your users:

How to enforce or enable MFA in Microsoft 365 admin center?

Sign-in to the Microsoft 365 admin center.
Click on "Users" in the left menu and select "Active Users" Now choose "multi-factor authentication" from the options.
In the list of users, click on a user to set up multi-factor authentication for that specific user.

How to enforce or enable MFA in Entra ID?

Navigate to the Microsoft Entra admin center.
Select Identity»Users»All Users.
Hit ‘Per-user MFA’ option on the above listed options.
Now, you’d be redirected to the multi-factor authentication page.
In the list of users, click on a user to set up multi-factor authentication for that specific user.

How to enforce or enable Microsoft 365 MFA using PowerShell?

Open Windows PowerShell on your computer with the MSOnline PowerShell module installed.

Set-MsolUser -UserPrincipalName ‘user@example.com' -StrongAuthenticationRequirements @()

Replace 'user@example.com' with the User Principal Name (UPN) of the user for whom you want to enable MFA.

Implementing MFA enhances control over your organization's data and resources. It adds extra protection, reducing the risk of unauthorized access.

How to enable MFA for external users via Conditional Access?

Conditional Access in Microsoft 365 empowers organizations to apply granular access policies and control user authentication, including multi-factor authentication (MFA). Admins can set access conditions based on user location, device health, and application sensitivity, ensuring enhanced security with a seamless user experience.

Enable multi-factor authentication (MFA) for external users through Conditional Access:

Sign in to the Microsoft Entra admin center using your admin credentials.
Navigate to Identity and select Conditional Access under Protection.
Click Create New policy to create a new Conditional Access policy.
Under Grant access, select Require multi-factor authentication.
Save the policy, and it will now enforce MFA for the external or guest users and cloud apps based on the defined conditions.

Implementing MFA through Conditional Access not only strengthens security but also acts as a defense against unauthorized access. With this robust measure in place, organizations can confidently safeguard their data and resources from potential cyber threats.

With AdminDroid, you can also generate comprehensive reports on users who sign-ins configured for MFA through CA policies.

This reporting feature enables you to monitor and analyze user sign-ins, providing detailed insights such as signed-in application name, MFA Authentication status, Authenticated via, Authentication method, and even authentication details.

This valuable information allows you to track MFA usage, assess security measures, and gain a deeper understanding of user authentication activities within your organization.

How to recognize that an MFA fatigue attack is happening?

The goal of an MFA fatigue attack is to overwhelm users into granting access.

To safeguard against MFA fatigue attacks and improve user MFA protection, it is crucial to identify and report suspicious activities occurring inside your Microsoft 365 environment. Here are some key indicators to recognize an MFA fatigue attack:

Abnormal Authentication Activity: Detect unusual patterns in authentication, such as a surge in failed logins or repetitive MFA requests, indicating potential MFA fatigue attacks.
Geolocation and IP Anomalies: Pay attention to unfamiliar IP addresses and geographical locations in login attempts, particularly when coupled with MFA challenges, as these can be signs of suspicious activity.
Device Variability and Account Lockouts: Monitor for changes in the devices used for multi-factor authentication (MFA) and frequent account lockouts due to failed MFA attempts or password resets. These could be signs of an attack.
Anomalous User Behavior: Be aware of changes in user behavior, such as accessing unusual resources or performing unusual actions after successful authentication. These could be indicators of an attacker gaining access.

These strategies can help you prevent MFA fatigue attack and reduce the risks associated with this type of cyber threat.

Enhancing Security Through Sign-In Monitoring: Countering MFA Fatigue Attacks

Microsoft 365 risky sign-ins is an important metric for organizations to monitor and mitigate MFA fatigue attacks. To help you with this, AdminDroid lets you identify organizations that are at high risk of attack by counting the number of sign-ins that occurred from devices or locations that are considered to be risky.

By monitoring and responding to Azure AD risky sign-ins, organizations can help to protect their users and data from MFA fatigue attacks.

Schedule the Organization Sign-Ins Count based on Risky Events right away using AdminDroid.

How to check if Office 365 MFA is enabled?

To ensure the security of your organization's data and resources, it's important to confirm whether MFA is enabled for Microsoft 365 users. Below are the steps to determine if MFA is activated for individual users or at the organizational level.

To know list of users who activated MFA using PowerShell,

Install and connect to Azure AD module, run the below cmdlets.
```
 Install-Module -Name Microsoft365 | Connect-Microsoft365 
```

To check MFA Status for a specific user, check the below.

Replacing <UserPrincipalName> with the user's actual UPN.
Get-MsolUser -UserPrincipalName <UserPrincipalName> | Select-Object UserPrincipalName,StrongAuthenticationRequirements

To check MFA Status for all users, run the below cmdlet.

Get-MsolUser -All | Select-Object UserPrincipalName,StrongAuthenticationRequirements

To execute the commands, you'll need appropriate administrative privileges in your Microsoft 365 tenant to run these commands. Also, note that MFA status can change for users over time, so it's a good practice to periodically check and enforce MFA as needed for security purposes.

Effortless Management of Users' MFA Status with AdminDroid

AdminDroid simplifies the task of managing Azure AD user MFA Status by providing comprehensive reporting and analytics.
With detailed insights, AdminDroid empowers organizations to ensure strengthened protection against unauthorized access and cyber threats through efficient MFA management.

What are the current limitations of MFA?

Multi-factor authentication (MFA) does have certain limitations that organizations should be aware of.

Throttling User Sign-ins: Throttling user sign-ins in Azure AD multi-factor authentication could present a disadvantage for users, especially during busy periods or urgent tasks.
- In scenarios where repeated authentication requests are made within a short time frame, users may experience delays in accessing their accounts, potentially impacting productivity and causing frustration.
Licensing Costs: Based on subscription, billing is determined by the number of users configured for MFA, organizations might face unpredictable expenses, especially when dealing with fluctuating user counts or seasonal changes in user authentication patterns.
- The annual license fee and usage-based billing can present challenges in budget planning and cost management for organizations relying on Azure AD multi-factor authentication.
Limited Conditional Access Policies: Microsoft 365's MFA options might not provide the flexibility to tailor complex access rules based on the department's roles, time of access, and geographic location. This limitation hinders the organization's ability to implement a finely tuned access control policy that meets its specific security needs.

By staying informed and implementing supplementary security measures, organizations can strike a balance between usability and protection, fortifying their digital landscape in the face of evolving challenges.

Use the dedicated Azure AD MFA reports column residing under Reports»Security to list the MFA reports which contain MFA Activated users, Users with MFA, Users without MFA, etc.

AdminDroid allows you to directly access the Microsoft 365 user MFA report in different formats without much effort.
You can directly click on the Email this report now option to email the report along with the details to the desired recipient.

Also, you can save the report in your local system by hitting the Download button.

What are the best practices for MFA?

In today's digital landscape, strengthening security is crucial, and multi-factor authentication (MFA) is vital in defending against cyber threats. By implementing a comprehensive set of best practices for MFA, your organization can protect sensitive data and critical assets.

Enable MFA logging: Activate MFA logging to capture relevant information about MFA events.
Centralize MFA logs: Consolidate MFA logs into a central system for easier analysis and comprehensive monitoring.
Set up alerts: Configure alerts for specific MFA events or anomalies, such as failed attempts or unusual patterns.
Monitor authentication events: Regularly review MFA authentication events, including successful and failed attempts.
Monitor user access and permissions: Track user access patterns and permissions changes alongside MFA events to identify potential risks.
Regular security review: Conduct routine reviews, including MFA-related controls and policies, to stay up to date with best practices and new features.

By implementing these best practices for multi-factor Authentication (MFA), your organization fortifies its security framework, safeguarding against potential threats and ensuring a resilient defense.

Admin's Arsenal: Safeguarding Microsoft 365 with MFA Best Practices

In addition to implementing MFA best practices, administrators play a crucial role in securing the tenant and monitoring authentication methods to protect Microsoft 365 accounts.

As an administrator, auditing risky login attempts is crucial to prevent unauthorized usage of a Microsoft 365 account.
Effectively secure the tenant from risky sign-in activities by implementing security measures. By proactively monitoring and addressing potential threats, organizations can ensure the safety of their Microsoft 365 accounts.

How to monitor MFA in Microsoft 365?

Microsoft's native tools may not offer full MFA status reporting, limiting insights for Microsoft 365 admins.

To check MFA status of your users,

Access the Microsoft Entra admin center.
Choose Identity from the menu, then go to Users and select All Users.
Click on the Per-user MFA option among the choices listed above.
You will be directed to the multi-factor authentication page, where you can view the MFA status of all your users.

You may also get to know about the usage & insights from Identity portal. To access usage and insights,

Sign-in to the "Microsoft Entra admin center"
Go to Monitoring & Health, then select Usage & Insights and choose Authentication Method Activities.

However, it’s worth noting that Microsoft usage insights currently does not provide information regarding failed MFA sign-in attempts.

AdminDroid - Simplifying Multi-factor Authentication Management

With detailed user monitoring on users failed MFA signins along with comprehensive reports on MFA challenges and user status, AdminDroid provides invaluable insights for Microsoft 365 admins.

By leveraging AdminDroid, organizations can reinforce their security posture and enhance the overall user experience with multi-factor authentication.

How to manage MFA for an organization?

Managing multi-factor authentication (MFA) for an organization is crucial for enhancing security and protecting sensitive data.

Implement Conditional Access: Microsoft 365 empowers you to fine-tune your security with Conditional Access policies. Customize when and how MFA is required based on specific conditions such as user location, device health, or application sensitivity.
Biometric Authentication: Embracing the future of security, Microsoft 365 incorporates biometric factors like fingerprints or facial recognition as MFA methods. These unique biometric data points make it incredibly challenging for attackers to replicate or phish.
Hardware Tokens: In Microsoft 365, hardware tokens are physical devices that play a vital role in enhancing security. These tokens generate one-time passwords when users press a button. Hardware tokens are a popular MFA method in Microsoft 365 because they are resistant to phishing attacks.
Regular Security Review: As part of Microsoft 365's commitment to security, it's essential to conduct periodic security reviews. Stay up to date with industry best practices and adjust MFA settings accordingly.

By adopting these best practices for managing multi-factor authentication (MFA), organizations can bolster their security. With these measures in place, organizations can confidently safeguard their sensitive data and resources from potential threats.

By using AdminDroid’s Alerts option, you can be on track with your users when they disabled MFA.

You can find the Alert policies under Alerts»Policy Templates. You can also create a new alert policy using the ‘Add alert policy’ under Alerts»Policies in your AdminDroid portal.
You can utilize the Alert preview option to view the recently triggered events of your alert.

AdminDroid Office 365 ReporterMicrosoft 365 MFA Monitoring tool for Ultimate Security

AdminDroid MFA reporting and auditing tool serves as a comprehensive solution for Microsoft 365 admins, enabling effortless identification and management of MFA usage without the need for complex scripts.

Why should you utilize AdminDroid Microsoft 365 Reporter for MFA management?

User’s MFA Details located under Reports»Security»MFA reports provide comprehensive insights into users' multi-factor authentication status. Identify MFA-activated users and those without, reinforcing security measures for robust authentication.

A Quick Summary

MFA reporting for security insights

Effortlessly access a comprehensive overview of MFA reports, gathering valuable insights into user authentication practices in a single and convenient location.

Safeguarding your Microsoft environment

Recognizing and protecting from phishing emails is essential to protect your personal information and maintain online security.

Automated report generation

Schedule regular report generation and receive them directly in your inbox, providing you with up-to-date information on MFA status and trends.

Customizable report export

Experience seamless report customization and export MFA reports to match your specific requirements, ensuring effortless downloads in various formats.

Enact an exquisite alerting system

Craft a sophisticated alert policy to assist you in promptly identifying users without MFA or failed MFA sign-ins.

Insights on granular access management

Enhance security and protect critical resources with Conditional Access,

AdminDroid simplifies MFA user information retrieval and management, providing seamless access to details like MFA methods, failed sign-in attempts, and risky activities. Gain complete control and oversight of your organization's users, and effortlessly monitor and manage MFA settings and activities.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Multi-factor Authentication in Microsoft 365

The following are possible errors and troubleshooting hints while dealing with checking MFA status in Microsoft 365:

Error: Authentication request is not for an activated account

This error message occurs when using mobile app notifications for MFA verification.

Troubleshooting hint :Remove their account from the Microsoft Authenticator app, then add it again using the Azure AD portal.

Error: ./GetMFAStatus.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs when trying to run the script. The execution policy is set to “strict” by default to prevent scripts from running.

Troubleshooting hint :To resolve this error, you can set the execution policy to run the script.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
or
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Error: Access Denied. You do not have permission to call this cmdlet.

This error message occurs when you have incorrect or no admin access to run the cmdlet.

Troubleshooting hint :To resolve this error, set the required permission to the admin.

Error: Microsoft Graph Beta module is unavailable. It is mandatory to have this module installed in the system to run the script successfully.

This error message occurs when you try to run the PowerShell script without the Microsoft Graph Beta module.

Troubleshooting hint :To resolve this error, you must install the Microsoft Graph Beta module of PowerShell.

Install-Module Microsoft.Graph.Beta -Scope CurrentUser –AllowClobber

Error: You do not have sufficient permission to access this page.

This error message occurs when you have incorrect admin access and try visiting Per-user MFA through Azure AD portal.

Troubleshooting hint :To resolve this error, set the Authentication Policy Administrator or Authentication Administrator permission in your Microsoft 365.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Give Just the Right Access to the Right People

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Insightful Charts and Exclusive Dashboards

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Efficient Report Exporting for Microsoft 365

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Check MFA Status Report of Microsoft 365 Users