How to renew the Client Secret for the Azure AD application? There are two ways…
You don’t want to use PowerShell to list Microsoft 365/Azure MFA users status? Instead, you want to use a Graphical User Interface (GUI). Do not worry because you can get all MFA details from the Microsoft Azure portal. In this article, you will learn how to list MFA users authentication methods in Azure portal.
Table of contents
Configure MFA in Microsoft tenant
There are two ways to configure MFA in your Microsoft tenant:
We recommend option 1 because you have more control and more features to configure. But it requires Azure Premium P1 or Azure Premium P2. So if you can’t afford those Azure Active Directory editions, choose option 2, which is free.
While you are at it, read the article Prevent MFA fatigue attacks in organization and enable the settings shown for extra protection.
Important: Enable MFA for every tenant because it’s CRUCIAL.
Suppose you have Azure Premium P1 or P2 and configured per-user MFA but want to move to Conditional Access MFA; read the article Move from per-user MFA to Conditional Access MFA.
How to get MFA status in Azure
Check which users have registered for MFA in the Azure portal by following these steps:
- Sign in to Microsoft Azure
- Click on Menu > Azure Active Directory
- Click on Usage & insights
- Click on Authentication methods activity
- Click on User registration details
- Check the below columns to get the MFA user account status:
- Multifactor authentication capable
- Default multifactor authentication method
- Methods registered
Multi-Factor authentication FAQs
There will be questions about when the status Capable and Not Capable appear for the user account in the list. Here are the main questions you might have in your mind with answers.
What is the difference between Capable and Not Capable?
- Capable: MFA is set up for the user account
- Not Capable: MFA is not set up for the user account
When does Multi-Factor Authentication appear as Capable?
It will show as Capable if the user completes the MFA wizard configuration. So as long as the user didn’t finish the MFA setup, it will appear as Not Capable.
If you enable or enforce per-user MFA for the user, and the user didn’t configure MFA, it still shows as Not Capable. The same applies if you configure MFA Conditional Access and add the user to the policy. If the user does not configure MFA, it shows as Not Capable.
Do per-user MFA and Conditional Access MFA appear in the list?
Important: Disable per-user MFA for all users when enabling MFA using Conditional Access.
Note: For the user accounts that show as Not Capable, contact the users and remind them to go through the MFA setup wizard.
You learned how to get MFA status in Azure portal. It’s great to have the authentication methods section in Azure. This helps the administrators that don’t want to use PowerShell to get the MFA status information. Every user must configure Multi-Factor Authentication, and by looking at the Azure user registration details, you can quickly identify which MFA methods are used and who still needs to configure MFA.
Did you enjoy this article? You may also like Conditional Access MFA breaks Azure AD Connect synchronization. Don’t forget to follow us and share this article.