Esporta la lista degli utenti che fanno uso di MFA e riporta il metodo di autenticazione predefinito (SMS/call/TOTP/Authenticator App). Maggiori informazioni disponibili sul blog all'indirizzo https://wp.me/pdQ5q-tOk

Export-MFAStatusDefaultMethod.ps1

function _CheckCSVFolder($path) {
    if ([string]::IsNullOrEmpty($path)) {
        $path = ".\"
    } else {
        $path = $path.TrimEnd('\')
    }
    return $path
}

function _SaveFileWithProgressiveNumber($path) {
    $baseName = [System.IO.Path]::GetFileNameWithoutExtension($path)
    $extension = [System.IO.Path]::GetExtension($path)
    $directory = [System.IO.Path]::GetDirectoryName($path)
    $count = 1
    while (Test-Path $path)
    {
        $fileName = $baseName + "_$count" + $extension
        $path = Join-Path -Path $directory -ChildPath $fileName
        $count++
    }
    return $path
}

function Export-MFAStatusDefaultMethod {
  # Credits: https://thesysadminchannel.com/get-per-user-mfa-status-using-powershell
  param(
    [Parameter(Mandatory=$false, ValueFromPipeline=$true, HelpMessage="Folder where export CSV file (e.g. C:\Temp)")]
    [string] $folderCSV,
    [Parameter(Mandatory=$false, ValueFromPipeline=$true, HelpMessage="Extract into CSV all users (even those with MFA disabled).")]
    [switch] $All
  )

  Set-Variable ProgressPreference Continue
  $folder = _CheckCSVFolder($folderCSV)

  if (-not (Get-MsolDomain -ErrorAction SilentlyContinue)) {
    Write-Error "You must connect to the MSolService to continue" -ErrorAction Stop
  }

  $Result = @()
  $ProcessedCount = 0
  $MsolUserList = Get-MsolUser -All -ErrorAction Stop | 
      Where-Object {$_.UserType -ne 'Guest' -And $_.DisplayName -notmatch 'On-Premises Directory Synchronization'}
  $totalUsers = $MsolUserList.Count

  foreach ($User in $MsolUserList) {
    $ProcessedCount++
    $PercentComplete = (($ProcessedCount / $totalUsers) * 100)
    Write-Progress -Activity "Processing $User" -Status "$ProcessedCount out of $totalUsers completed ($($PercentComplete.ToString('0.00'))%)" -PercentComplete $PercentComplete
    
    if ($User.StrongAuthenticationRequirements) {
      $PerUserMFAState = $User.StrongAuthenticationRequirements.State
    } else {
      $PerUserMFAState = 'Disabled'
    }

    $MethodType = $User.StrongAuthenticationMethods |
        Where-Object {$_.IsDefault -eq $true} | 
        Select -ExpandProperty MethodType

    if ($MethodType) {
      switch ($MethodType) {
        'OneWaySMS' {$DefaultMethodType = 'SMS Text Message'}
        'TwoWayVoiceMobile' {$DefaultMethodType = 'Call to Phone'}
        'PhoneAppOTP' {$DefaultMethodType = 'TOTP'}
        'PhoneAppNotification' {$DefaultMethodType = 'Authenticator App'}
      }
    } else {
      $DefaultMethodType = 'Not Enabled'
    }

    if ($All) {
      $Result += New-Object -TypeName PSObject -Property $([ordered]@{ 
        UserPrincipalName = $User.UserPrincipalName
        DisplayName = $User.DisplayName
        PerUserMFAState = $PerUserMFAState
        DefaultMethodType = $DefaultMethodType
      })
      
      $MethodType = $null
    } else {
      if (!($PerUserMFAState -eq 'Disabled')) {
        $Result += New-Object -TypeName PSObject -Property $([ordered]@{ 
          UserPrincipalName = $User.UserPrincipalName
          DisplayName = $User.DisplayName
          DefaultMethodType = $DefaultMethodType
        })
        
        $MethodType = $null
      }
    }

  }
  $CSV = _SaveFileWithProgressiveNumber("$($folder)\$((Get-Date -format "yyyyMMdd").ToString())_M365-MFA-DefaultAuthMethod-Report.csv")
  $Result | Export-CSV $CSV -NoTypeInformation -Encoding UTF8 -Delimiter ";"
}

Export-MFAStatusDefaultMethod