skip to Main Content

Get MFA status in Azure portal (without PowerShell)

You don’t want to use PowerShell to list Microsoft 365/Azure MFA users status? Instead, you want to use a Graphical User Interface (GUI). Do not worry because you can get all MFA details from the Microsoft Azure portal. In this article, you will learn how to list MFA users authentication methods in Azure portal.

Configure MFA in Microsoft tenant

There are two ways to configure MFA in your Microsoft tenant:

  1. Configure MFA with Conditional Access (Azure)
  2. Configure per-user MFA (Microsoft 365)

We recommend option 1 because you have more control and more features to configure. But it requires Azure Premium P1 or Azure Premium P2. So if you can’t afford those Azure Active Directory editions, choose option 2, which is free.

While you are at it, read the article Prevent MFA fatigue attacks in organization and enable the settings shown for extra protection.

Important: Enable MFA for every tenant because it’s CRUCIAL.

Suppose you have Azure Premium P1 or P2 and configured per-user MFA but want to move to Conditional Access MFA; read the article Move from per-user MFA to Conditional Access MFA.

How to get MFA status in Azure

Check which users have registered for MFA in the Azure portal by following these steps:

  1. Sign in to Microsoft Azure
  2. Click on Menu > Azure Active Directory
Get MFA status Azure AAD
  1. Click on Usage & insights
Get MFA status Azure Usage and insights
  1. Click on Authentication methods activity
Get MFA status Azure authentication methods activity
  1. Click on User registration details
Get MFA status Azure user registration details
  1. Check the below columns to get the MFA user account status:
  • Multifactor authentication capable
  • Default multifactor authentication method
  • Methods registered
Get MFA status Azure list

Multi-Factor authentication FAQs

There will be questions about when the status Capable and Not Capable appear for the user account in the list. Here are the main questions you might have in your mind with answers.

What is the difference between Capable and Not Capable?

  • Capable: MFA is set up for the user account
  • Not Capable: MFA is not set up for the user account

When does Multi-Factor Authentication appear as Capable?

It will show as Capable if the user completes the MFA wizard configuration. So as long as the user didn’t finish the MFA setup, it will appear as Not Capable.

If you enable or enforce per-user MFA for the user, and the user didn’t configure MFA, it still shows as Not Capable. The same applies if you configure MFA Conditional Access and add the user to the policy. If the user does not configure MFA, it shows as Not Capable.

Do per-user MFA and Conditional Access MFA appear in the list?

Yes, per-user MFA and Conditional Access MFA users and their authentication methods will appear in the list.

Important: Disable per-user MFA for all users when enabling MFA using Conditional Access.

Note: For the user accounts that show as Not Capable, contact the users and remind them to go through the MFA setup wizard.

Read more: Secure MFA and SSPR registration with Conditional Access »

Conclusion

You learned how to get MFA status in Azure portal. It’s great to have the authentication methods section in Azure. This helps the administrators that don’t want to use PowerShell to get the MFA status information. Every user must configure Multi-Factor Authentication, and by looking at the Azure user registration details, you can quickly identify which MFA methods are used and who still needs to configure MFA.

Did you enjoy this article? You may also like Conditional Access MFA breaks Azure AD Connect synchronization. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *