# Connect to Azure AD
Connect-AzureAD
# Initialize variables for counting users with MFA enabled
$totalUsers = 0
$usersWithMFA = 0
# Initialize an array to store user information
$userInfo = @()
# Get users with Office E5 licenses assigned
$licensedUsers = Get-AzureADUser -All $true | Where-Object { $_.AssignedLicenses -ne $null -and $_.AssignedLicenses.SkuID -contains "c7df2760-2c81-4ef7-b578-5b5392b571df" }
# Iterate through users with Office E5 licenses
foreach ($user in $licensedUsers) {
$totalUsers++
$userData = [PSCustomObject]@{
'User' = $user.DisplayName
'MFA Methods' = @()
'MFA Status' = ""
}
# Get user's MFA information
$mfaMethods = Get-AzureADUserRegisteredDevice -ObjectId $user.ObjectId
foreach ($method in $mfaMethods) {
$userData.'MFA Methods' += $method.DisplayName
}
# Check for MFA status
if ($mfaMethods.Count -gt 0) {
$usersWithMFA++
$userData.'MFA Status' = "Enabled"
} else {
$userData.'MFA Status' = "Not enabled"
}
# Add user data to the array
$userInfo += $userData
}
# Calculate percentage of users with MFA enabled
if ($totalUsers -gt 0) {
$percentageMFAEnabled = ($usersWithMFA / $totalUsers) * 100
} else {
$percentageMFAEnabled = 0
}
# Display summary information
Write-Host "Total Users with Office E5 Licenses: $totalUsers"
Write-Host "Users with MFA Enabled: $usersWithMFA"
Write-Host "Percentage of Users with MFA Enabled: $percentageMFAEnabled%"
Write-Host "-------------------------"
Optional Updates
Exclude Users from Search - based on the username exclusions
If you wish to exclude a list of usernames that start with the syntax in an external file then use this:
# Read excluded usernames from the text file
$excludedUsernames = Get-Content -Path "ExcludedUsernames.txt"
Then update the $licensedusers sections to this:
# Get users with Office E5 licenses assigned, excluding specific username prefixes
$licensedUsers = Get-AzureADUser -All $true | Where-Object {
$_.AssignedLicenses -ne $null -and
$_.AssignedLicenses.SkuID -contains "c7df2760-2c81-4ef7-b578-5b5392b571df" -and
$excludedUsernames | ForEach-Object { $_ -notlike "$($_)*" }
}
Show User Authentication in a table at the end of the script
If you wish to see a list of users and their authentication methods then add this to the end of the script: