Export a list of Office 365 users, their licenses and MFA Status in all customer tenants with delegated administration

Here’s a script that I have been using to get all users with their MFA Status & what licenses they have been allocated.

I modified the script from Elliot Munro GCITS for exporting a list of users licenses to include the MFA status, the orignal script is available here.

You will get the output of the CSV like this, I usually use it in excel and format as a table, then filter from there.

Output of the CSV file

How to Export all office 365 Users to the CSV

  1. Copy and paste the code into PowerShell ISE
  2. Save it as a .ps1 file
  3. Run the script
  4. Enter your account credentials that has deligated admin permissions
  5. Leave the script to run
  6. See all users and their MFA status along with their licence allocations at C:\Temp\UserLicenseReport.csv

The Script

$customers = Get-MsolPartnerContract -All
Write-Host "Found $($customers.Count) customers for $((Get-MsolCompanyInformation).displayname)." -ForegroundColor DarkGreen
$CSVpath = "C:\Temp\UserLicenseReport.csv"

foreach ($customer in $customers) {
    Write-Host "Retrieving license info for $($customer.name)" -ForegroundColor Green
    $licensedUsers = Get-MsolUser -TenantId $customer.TenantId -All | Where-Object {$_.islicensed}

    foreach ($user in $licensedUsers) {
        Write-Host "$($user.displayname)" -ForegroundColor Yellow
        $licenses = $user.Licenses
        $licenseArray = $licenses | foreach-Object {$_.AccountSkuId}
        $licenseString = $licenseArray -join ", "
        Write-Host "$($user.displayname) has $licenseString and MFA: "  -ForegroundColor Blue
		Write-Host "$user.StrongAuthenticationRequirements.State "
        $licensedSharedMailboxProperties = [pscustomobject][ordered]@{
            CustomerName      = $customer.Name
            DisplayName       = $user.DisplayName
            Licenses          = $licenseString
            TenantId          = $customer.TenantId
            UserPrincipalName = $user.UserPrincipalName
	    MFAStatus		  = $user.StrongAuthenticationRequirements.State
        }
        $licensedSharedMailboxProperties | Export-CSV -Path $CSVpath -Append -NoTypeInformation
    }
}

MFA Status’s??

If your unsure about what the different states for MFA Status they are available here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates