Export Users Without MFA in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or Authentication Policy Administrator or Authentication Administrator.

Option 1 Using Entra Admin Center

Sign in to the Microsoft Entra admin center.
Go to the 'All Users' tab under Identity»Users.
Select 'Per-user MFA', and you’ll be redirected to the multi-factor authentication page.
Check for the ‘Disabled’ status in the ‘Multi-factor authentication status’ field to find users without MFA in Azure AD.

Option 2 Using Windows PowerShell

Make sure you installed and connected to the MsOnline module using these cmdlets.

Windows PowerShell

 Install-module Msonline
Connect-MsolService

Run the below cmdlet to get users without MFA report.

Windows PowerShell

 Get-MsolUser -all | select DisplayName,UserPrincipalName,@{N= "MFAStatus"; E ={if( $_.StrongAuthenticationRequirements.State -ne $null) {$_.StrongAuthenticationRequirements.State} else {"Disabled" }}} | where MFAStatus -eq "Disabled"

Option 3 Using PowerShell Script

Getting in-depth MFA details along with MFA disabled users report can be challenging due to the complexity of PowerShell cmdlets.
To simplify this process, we've created a PowerShell script to retrieve and export the 'Users with disabled MFA status' report.
Download and run the following script in the Administrator PowerShell.

GetMFAStatusReport.ps1

To get Microsoft 365 users without MFA enabled, run the script with the –MFADisabled parameter.
.\GetMFAStatusReport.ps1 -MFADisabled

AdminDroid Solution

More than 150 reports are under free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by Super Admin.

StepsUsing AdminDroid

Open the AdminDroid Office 365 Reporter.
Navigate to 'User Without MFA' report under Reports»Security»MFA reports.

Export a comprehensive list of users without MFA, including their user details, roles and associated information in a few clicks.

Get a complete overview of MFA-disabled users with a few clicks in the 'Dashboards section' under Security > MFA.

Explore a full range of reporting options

Find users without MFA report with just a few clicks.

Don't let MFA-disabled users be a security risk to your Microsoft 365 environment! Stay safe from malicious security attacks with the help of AdminDroid MFA reporting and auditing tool.

Witness the report in action using the

Live Demo

Important Tips

Review Microsoft 365 MFA enforced users and ensure that each user is registered with a strong authentication method like the Microsoft Authenticator app, security keys and OAUTH tokens.

Periodically monitor MFA device details to ensure compliance standards of registered devices and mitigate identity compromise attacks.

Log out of MFA devices if they are left logged in for a long time. You can limit the number of days (7 to 30 days) MFA should be remembered on trusted devices in the Entra ID per-user MFA service settings.

Azure ADDetect MFA Disabled Users and Defend Against Emerging Threats in Microsoft 365

Showing 1 of 7

What happens if you don't have MFA? What are the security risks of not enabling MFA in Microsoft 365? Why is adaptive MFA authentication important in Microsoft 365? How to get a list of users with MFA disabled? How to monitor MFA usage in Microsoft 365? How to manage MFA in Microsoft 365? What are the benefits of enabling MFA for Microsoft 365?

What happens if you don't have MFA?

Are your users underestimating the importance of MFA and procrastinating on MFA registration? Without MFA, their Microsoft 365 account is an easy target. Hackers are constantly developing new ways to steal passwords and identity information. Every moment of delay exposes your organization's security.

Let's explore some more potential consequences:

Increased Vulnerability: Without MFA, Office 365 accounts and devices are more vulnerable to unapproved access. MFA acts as an additional barrier to your account and prevents Microsoft 365 security breaches.
Compromised User Identities: Lack of MFA can lead to compromised user identities and potential causes like insider threats and other severe security breaches within your organization.
Unauthorized Access to Applications: Many organizations use MFA as an initial authorization method for various applications and cloud services. Without MFA, inappropriate users can access these applications and compromise confidential data.
Potential Impact: The compromise of a single user's account can expose the entire Microsoft 365 tenant to huge risk. Without MFA, the whole organization's data, including customer's information, financial records and more can be stolen by a single cyberattack.

Don't wait until it's too late. Setup MFA today.

With AdminDroid, admins can easily find all MFA non-activated users with a comprehensive report. This report includes details like ‘User Added Time’ that helps you to identify how long users are not activated MFA for their accounts.

With 'Custom charts', you can easily visualize and understand the number of MFA non-activated users over time, using a wide range of visually appealing chart views.

What are the security risks of not enabling MFA in Microsoft 365?

If your organization has yet to implement MFA, it's essential to understand the common security vulnerabilities when configuring only simple and low-level authentication methods:

Microsoft 365 phishing: Phishing attacks are one of the most common types of cyberattacks towards Microsoft 365 accounts. Attackers send phishing emails to trick users into revealing their personal information, such as passwords and credit card numbers.
Password spray: Attackers attempt to gain access to Microsoft 365 by repeatedly trying a list of common passwords with various usernames.
Credential phishing attacks: Attackers can use copied browser cookies to access Microsoft 365 accounts when users enter their credentials on fake websites impersonated as trusted companies.
Man-in-the-middle(MITM) attacks: Attackers gain the power to control or alter the details sent between the two parties. They can manipulate the information shared or even inject malicious content into their Microsoft 365 communication.

These security risks should concern you, especially if your Office 365 users are without MFA enable in your organization. To stand against these serious security risks, it's strongly recommended to change the default MFA for Microsoft 365 users and configure strong MFA authentication methods like Microsoft authenticator app, biometric verification, and more in your organization.

Using AdminDroid’s ‘MFA Authentication methods’ reports section, you can get all types of authentication methods used by your Microsoft 365 users during their sign in. These reports saves your valuable time and helps you ensure that every user utilizes strong authentication methods.

From the MFA analysis section, you can gain complete insights into your organization’s authentication methods and statistics of successful, failed and sign-in interrupts counts.
Note: You can download any of the report in your desired format by clicking the download icon.

Why is adaptive MFA authentication important in Microsoft 365?

By default, per-user MFA uses basic authentication methods such as SMS (text) and call verification for initial authentication. However, these methods are more vulnerable to attacks like SIM swapping, potentially compromising your Microsoft 365 security.

Adaptive MFA is the strongest way to protect your Microsoft 365 accounts. It dynamically adjusts authentication requirements based on factors like user, role, location, etc. and uses pre-defined conditional access policies to enhance security. With adaptive MFA, you can configure multiple strong authentication methods and enforce policies based on user licenses.

Perform the below steps to configure your adaptive MFA policy,

Navigate to Microsoft Entra admin center.
Navigate to ‘Configure Multi-factor authentication’ under Setup and click on it.
Click on ‘Get started’ and configure your adaptive MFA policy.
Configure your adaptive policy with recommended authentication methods and other conditions based on your requirements.
Review and click ‘Save configuration’.

Admins may need to disable MFA for users in certain scenarios, especially to create break glass accounts. These accounts are backup accounts with high admin privileges that can be used to access the organization's data in critical situations, such as when all users are blocked by MFA failing or during a cyberattack.

However, disabling MFA for users in Microsoft 365 is not recommended that can lead to identity compromises. Therefore, it is crucial to closely manage MFA usage activities in your organization.

AdminDroid's alert feature helps you stay informed about specific events, making it easier to manage activities like MFA disabled for user and MFA enabled for user in your organization

Deploy the ‘MFA disabled users’ alert policy from the Alerts > Policy templates section in a few clicks. This policy will trigger alerts whenever MFA of a user disabled in your organization.

Here's a pro tip: For enhanced multi-factor authentication management utilize the alert preview console. It analyzes past events in your organization and suggests possible alerts. You can customize your alert policies with perfect threshold limits and settings to address specific security threats, like an unusual number of MFA disabling activities.

How to get a list of users with MFA disabled?

Verifying MFA status is your initial line of defense against potential threats and improves every Microsoft 365 user's security. Get a list of users without MFA status and level up your Office 365 security with prompt actions.

To check the organization’s MFA usage, identify MFA disabled users in Microsoft 365 using the following methods:

Microsoft 365 Admin Center - To get list of users with MFA disabled in the admin center, navigate to ‘Multifactor Authentication’ under Active users tab.
Microsoft PowerShell - Run the PowerShell cmdlet provided and get users without MFA report.

Still, there are limitations in the above native methods. In the Microsoft 365 admin center, you can't filter out only users with MFA disabled. On the other hand, PowerShell doesn't provide results in a user-friendly report format.

Fortunately, AdminDroid allows you to access a range of MFA status reports in various formats and set up automated schedules to keep a constant eye on Microsoft 365 security.

With AdminDroid’s "Users without MFA" report, it’s as easy as a few mouse clicks to generate automated report schedules for regular monitoring of Office 365 users with MFA disabled.
You can enable and educate users about the significance of MFA and take prompt actions to enhance your Microsoft 365 organization’s security.

Effortless admin updates: Reports delivered directly to your inbox!

By clicking the mail icon on top of the report, you can also directly email any of the report to your specified users for improved monitoring and authentication management.

How to monitor MFA usage in Microsoft 365?

Monitoring MFA usage in Office 365 is equally important as enforcing MFA to ensure the complete visibility of MFA and the organization's security. It includes tracking user MFA activities, such as sign-in attempts without MFA, users' MFA registration, and reset activities on MFA.

How to get MFA logs in Azure AD (Now Entra ID)?

To get users sign-ins without using MFA in Microsoft Entra admin center follow the below steps:

Navigate to ‘All users’ tab under Identity.
Click ‘Sign-in logs’, you can see all the user’s sign-ins with required details.
Apply the ‘Authentication requirement: Multifactor authentication’ filter to see user’s sign-in logs using MFA.

Check the user’s sign-in with disabled MFA and take necessary actions to enable MFA and ensure the Microsoft 365 organization’s security.

AdminDroid makes it simple to get notified about the user MFA usage in your organization without the need for manual monitoring.

It monitors user sign-ins with failed MFA and notifies you when an unusual number of user sign-ins without MFA occurs, exceeding your predefined threshold limit in your organization.
Alert policies can be created simply by clicking the 🔔 bell icon present at the top right corner of the report page.

Effectively monitor the Microsoft 365 tenant by using reports on Azure MFA registration and reset events and implement the necessary security measures.

How to manage MFA in Microsoft 365?

Managing multi-factor authentication in Office 365 is crucial for enhanced security and protection. By managing MFA, organizations mitigate password-related risks, comply with security standards, safeguard against phishing attacks and improve overall account security.

How to enable MFA for all users?

Navigate to Microsoft Entra admin center.
Click ‘All users’ under the Identity tab.
Click ‘Per-user MFA’, you can view all users with their multi-factor auth status.
Select any specific user and click ‘Enable’ under quick steps.
For bulk MFA operations, click the ‘bulk update’.
Upload the CSV file and perform the bulk actions of MFA.

To disable per-user MFA, follow the above navigation steps and click the ‘Disable’ option under quick steps in the Microsoft Entra admin center. By performing the bulk actions in MFA, you can manage Azure AD users without MFA and effortlessly take control of your organization MFA operations in a few clicks.

How to enable MFA for admins in Microsoft 365?

Admins are a crucial data source since they may have access to sensitive Microsoft 365 data related to their administrative roles. Therefore, if an admin account is compromised, attackers can gain access to the entire organization's data, including confidential financial or customer information.

Perform the below steps to enable MFA for admins using conditional access policy,

Navigate to Entra admin center.
Click ‘Conditional Access’ under protection.
Click ‘Create new policy from templates’ and select ‘require multi-factor authentication for admins’.
Click ‘Review + create’.

This policy requires MFA for administrators with conditional access and ensures all the admin accounts are safe and reliable.

AdminDroid simplifies the task of monitoring MFA status on important accounts in your organization, especially to find admins without MFA.

To enhance your monitoring capabilities, AdminDroid offers Quick Schedule feature, which automates the report generation and delivers them to your inbox at predefined intervals.

In this digital era, MFA methods can even be vulnerable to attacks like MFA fatigue and MFA spamming. Attackers can perform these attacks by sending you multiple push notifications in a short period and hoping that you'll approve one of them without paying attention. Monitor your push notifications regularly and safeguard yourselves against against push notifications security flaws.

What are the benefits of enabling MFA for Microsoft 365?

As you can see from the topics above, the risks and attacks become a major concern due to not having an MFA in Microsoft 365. MFA is an effective way to protect your organization from the above risks and to ensure the security of your data and applications.

Let's see some of the key benefits of the enabling MFA for clear understanding of importance of MFA:

Protection Against Identity compromises: MFA ensures the users identity through authentication methods and reduces identity compromise attacks.
Preventing Password Breaches: As an additional layer of security, MFA can effectively reduce the risk of multiple password attempts and get rid of Microsoft 365 password breaches.
Uphold Remote Work Security: MFA ensures secure access in the growing hybrid and remote work, when employees access Microsoft 365 from various locations and devices outside the company network.
Proactive Security Monitoring: MFA allows admins to proactively track and ensure the security of user accounts and address security concerns effectively.

Regular updates on Microsoft 365 users MFA trends helps you to proactively manage MFA settings in your organization.

With AdminDroid’s MFA activated users report, you can access information on all users' MFA status and comprehensive user MFA details. This report provides real-time MFA status for your users and helps to actively track any changes in user MFA status over time.

Also, you can export the report in desired format by hitting the ‘Download’ button.

AdminDroid Office 365 ReporterMFA reporting and auditing is at ease in Microsoft 365

AdminDroid MFA reporting tool is a comprehensive solution for streamlined MFA management. It lets you take charge of your MFA security with dedicated reports on users with disabled MFA and other detailed MFA insights, eliminating the difficulties of native solutions.

Suspecting an MFA Security Gap in Your Organization? Improve your MFA monitoring with AdminDroid!

'Users wihtout MFA' report under Reports»Security»MFA reports gives you the detailed information of all your users with disabled MFA status, includes detailed user information like email address, admin role, license status, etc.

A Quick Summary

Simplified MFA Management:

Effectively manage admin accounts and identify admins without MFA, gathering valuable insights into user authentication practices in a single and convenient location.

Complete MFA insights:

Effortlessly locate the list of users with MFA disabled, gathering valuable insights into user authentication practices in a single and convenient location.

Real-Time MFA Alerting:

Get instant notifications and identify users failed to pass MFA, challenge through advanced alerting. Take immediate action against an unusual number of failed activities.

Automated MFA Trend Monitoring:

Say goodbye to manual tasks. Schedule automated reports to keep you updated on Azure AD MFA usage, delivered straight to your inbox for effortless monitoring.

In-depth MFA Analysis:

Gain a complete understanding of MFA authentication methods, MFA enforcement sources and more with advanced MFA analytics. Optimize your MFA management for enhanced organization-wide security.

Export Options and Customization:

Export your MFA reports in multiple formats with advanced filtering, column merging, and sorting features. Admins can customize the report export that match your specific preferences.

Overall, AdminDroid comprehensive reports provide complete visibility into your Microsoft 365 environment, covering MFA enforcement sources, MFA authentication methods, admins without MFA, and more. Empower admins to proactively address potential security threats by effectively monitoring and managing MFA-related tasks and settings.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Multi-factor Authentication in Microsoft 365

The following are possible issues and troubleshooting hints while getting MFA disabled users report:

Error: .\GetMFAStatus.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs when trying to run the script. The execution policy is set to “strict” by default to prevent scripts from running.

Troubleshooting hint :To resolve this error, you can set the execution policy to run the script.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
or
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Error: It looks like you're about to manage your organization's security configurations. That's great! You must first disable security defaults before enabling a Conditional Access policy.

This error will occur if you try to enable the MFA using a conditional access policy for Azure users without MFA, when the security defaults is turned on.

Troubleshooting hint :If you need to use a conditional access policy to enable MFA, disable the security defaults and use the conditional policy method in your organization.

Error: There were errors in the file you uploaded. Please fix these errors and upload the file again. ERROR: Invalid username.

This error will occur when your username has invalid syntax or an invalid domain name in the CSV file, while uploading it for bulk update of MFA.

Troubleshooting hint : Ensure the syntax of the username is valid and cross-verify your domain name in the CSV file.

Error: Does not provide any result for the cmdlet.

The output shows nothing in PowerShell. This error occurs if all users are MFA enabled.

Troubleshooting hint :This shows that all the users are MFA enabled and there are no users with MFA disabled.

Error: Need admin approval.

This error will occur when you try to execute the script with incorrect or no admin privileges.

Troubleshooting hint :To resolve this error, assign the admin-privileged role to the user.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Get Users Without MFA Report in Microsoft 365