Get MFA Status using MS Graph

Get MFA Status using MS Graph

Export MFA Status Report using MS Graph/GetMFAStatusReport.ps1

@@ -1,4 +1,26 @@
-
+<#
+=============================================================================================
+Name:           Export Office 365 users' MFA status using Microsoft Graph PowerShell
+Description:    This script exports O365 users MFA status report to CSV file
+Version:        1.0
+Website:        o365reports.com
+Script by:      O365Reports Team
+
+Script Highlights :
+~~~~~~~~~~~~~~~~~
+
+1.	The script exports MFA status for all users. 
+2.	You can filter results based on MFA status. I.e., you can export MFA enabled/disabled users separately. 
+3.	Exports report to CSV file 
+4.	You can filter the result to display Licensed users alone. 
+5.	You can generate MFA report for sign-in allowed users only. 
+6.	Shows MFA registration done through Conditional Access and Security Defaults too.
+7.	Automatically installs Microsoft Graph PowerShell module (if not installed already) upon your confirmation. 
+
+
+For detailed script execution: https://o365reports.com/2022/04/27/get-mfa-status-of-office-365-users-using-microsoft-graph-powershell
+============================================================================================
+#>
 Param
 (
     [Parameter(Mandatory = $false)]
@@ -12,21 +34,22 @@ Param
 Function Connect_MgGraph
 {
  #Check for module installation
- $Module=Get-Module -Name microsoft.graph -ListAvailable
- if($Module.count -eq 0) 
+ $MsGraphBetaModule =  Get-Module Microsoft.Graph.Beta -ListAvailable
+ if($MsGraphBetaModule -eq $null)
  { 
-  Write-Host Microsoft Graph PowerShell SDK is not available  -ForegroundColor yellow  
-  $Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No 
-  if($Confirm -match "[yY]") 
-  { 
-   Write-host "Installing Microsoft Graph PowerShell module..."
-   Install-Module Microsoft.Graph -Repository PSGallery -Scope CurrentUser -AllowClobber -Force
-  }
-  else
-  {
-   Write-Host "Microsoft Graph PowerShell module is required to run this script. Please install module using Install-Module Microsoft.Graph cmdlet." 
-   Exit
-  }
+    Write-host "Important: Microsoft Graph Beta module is unavailable. It is mandatory to have this module installed in the system to run the script successfully." 
+    $confirm = Read-Host Are you sure you want to install Microsoft Graph Beta module? [Y] Yes [N] No  
+    if($confirm -match "[yY]") 
+    { 
+        Write-host "Installing Microsoft Graph Beta module..."
+        Install-Module Microsoft.Graph.Beta -Scope CurrentUser -AllowClobber
+        Write-host "Microsoft Graph Beta module is installed in the machine successfully" -ForegroundColor Magenta 
+    } 
+    else
+    { 
+        Write-host "Exiting. `nNote: Microsoft Graph Beta module must be available in your system to run the script" -ForegroundColor Red
+        Exit 
+    } 
  }
  #Disconnect Existing MgGraph session
  if($CreateSession.IsPresent)
@@ -34,11 +57,11 @@ Function Connect_MgGraph
   Disconnect-MgGraph
  }
  #Connecting to MgGraph beta
- Select-MgProfile -Name beta
  Write-Host Connecting to Microsoft Graph...
  Connect-MgGraph -Scopes "User.Read.All","UserAuthenticationMethod.Read.All"
 }
 Connect_MgGraph
+Write-Host "`nNote: If you encounter module related conflicts, run the script in a fresh PowerShell window.`n" -ForegroundColor Yellow
 if((Get-MgContext) -ne "")
 {
  Write-Host Connected to Microsoft Graph PowerShell using (Get-MgContext).Account account -ForegroundColor Yellow
@@ -51,7 +74,7 @@ $ExportCount=0
  $Results=@()
 
 #Get all users
-Get-MgUser -All -Filter "UserType eq 'Member'" | foreach {
+Get-MgBetaUser -All -Filter "UserType eq 'Member'" | foreach {
  $ProcessedUserCount++
  $Name= $_.DisplayName
  $UPN=$_.UserPrincipalName
@@ -76,7 +99,7 @@ Get-MgUser -All -Filter "UserType eq 'Member'" | foreach {
  $MFAPhone="-"
  $MicrosoftAuthenticatorDevice="-"
  Write-Progress -Activity "`n     Processed users count: $ProcessedUserCount "`n"  Currently processing user: $Name"
- [array]$MFAData=Get-MgUserAuthenticationMethod -UserId $UPN
+ [array]$MFAData=Get-MgBetaUserAuthenticationMethod -UserId $UPN
  $AuthenticationMethod=@()
  $AdditionalDetails=@()
  
@@ -196,7 +219,7 @@ Get-MgUser -All -Filter "UserType eq 'Member'" | foreach {
 if((Test-Path -Path $ExportCSV) -eq "True") 
  {
   Write-Host `nThe output file contains $ExportCount users.
-  Write-Host `nThe Output file available in the current working directory with name: $ExportCSV -ForegroundColor Green
+  Write-Host `nThe Output file available in the current working directory with name: -NoNewline -Foregroundcolor Yellow; Write-Host $ExportCSV
   Write-Host `n"For more Microsoft 365 PowerShell scripts, visit: https://o365reports.com"
   $Prompt = New-Object -ComObject wscript.shell   
   $UserInput = $Prompt.popup("Do you want to open output file?",`   
@@ -208,13 +231,7 @@ if((Test-Path -Path $ExportCSV) -eq "True")
  }
  else
  {
-  Write-Host No users found
+  Write-Host No users found.
  }
-
- <#
-=============================================================================================
-Name:           Export Office 365 users' MFA status using Microsoft Graph PowerShell
-Website:        o365reports.com
-For detailed script execution: https://o365reports.com/2022/04/27/get-mfa-status-of-office-365-users-using-microsoft-graph-powershell
-============================================================================================
-#>
+ Write-Host `n~~ Script prepared by AdminDroid Community ~~`n -ForegroundColor Green
+ Write-Host "~~ Check out " -NoNewline -ForegroundColor Green; Write-Host "admindroid.com" -ForegroundColor Yellow -NoNewline; Write-Host " to get access to 1800+ Microsoft 365 reports. ~~" -ForegroundColor Green `n`n