Liongard Ideas Portal

I'm able to pull this information from MSOL using the $user.strongauthenticationrequirements properties including "state", "methodtype" (isdefault subproperty) "phonenumber", "alternativephonenumber", "email"

Hi Dave,
That's correct. We're only able to capture this information based on the access Microsoft provides and currently we're only able to capture the MFA status of users for accounts with an Azure AD Premium P1 license or higher.

Was this considered shipped even though it requires the Azure AD Premium license? I'm seeing unknown for all my tenants.

It's worth also noting that Microsoft have MFA implemented in two different ways. Enforcement on a per user basis and also via conditional access.

So also having an MFA registered/enrolled state and by which authentication type would be useful.

Sent from my iPhone

Kind Regards,
Josh Kelly
Service Manager

P: 1300 688 020
M: 0447 805 457
E: josh.kelly@hdit.com.au

Technical Support: support@hdit.com.au
Quotes & Sales: sales@hdit.com.au
The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without the written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. Please consider the environment before printing this email.���

This is becoming a key security requirement and would be nice to report and alert on it. 

This could help with the alerts also. We like the alerts that alert on MFA not being enabled for certain users but it does not show which users.