Make sure you have installed all of the following prerequisites on your machine:
- Git - Download & Install Git.
- Python 3.7 or higher - Download & Install Python.
- Azure CLI - Download & Install Azure CLI.
- Poetry - Download & Install Poetry.
-
Download contents of this repository and navigate to mfa_report script folder:
$ git clone https://github.com/JayDoubleu/azure-aad-mfa-report-python.git $ cd azure-aad-mfa-report-python -
If you are behind SSL proxy place your custom CA file in PEM format at the root directory of this repository. CA needs to be in PEM format and named "certificate.pem" . Script will try to detect this file and add it to certifi CA store within poetry's virtual environment.
-
If you have multiple versions of python installed instruct poetry to use correct one:
$ poetry env use python3.9 -
Install poetry dependencies:
$ poetry install --no-dev -
Navigate to https://portal.azure.com and login to tenant which you want to run MFA report against.
-
Make sure your browser session is signed with MFA if one is enabled.
-
Activate PIM role if neccesary.
-
Login to azure cli:
$ az login -
Run MFA script:
$ poetry run mfa_report 2021-10-24 23:55:03 INFO Authenticating using azure cli .. 2021-10-24 23:55:04 INFO Tenant ID: <Your tenant GUID> 2021-10-24 23:55:04 INFO Tenant Name: <Your tenant name> 2021-10-24 23:55:04 INFO Retrieving user authentication registration report ... 2021-10-24 23:55:04 INFO Retrieved X user authentication registration records ... 2021-10-24 23:55:04 INFO Retrieving user details ... 2021-10-24 23:55:05 INFO Retrieved X user details records ... 2021-10-24 23:55:05 INFO Generating XLSX report file mfa_report_<tenant name>_20211024_23_55_05.xlsx... 2021-10-24 23:55:05 INFO Done.
-
If everything went fine you should be able to see generated xlsx report in your current directory
| ⚡ Please note, this script is using Microsoft's beta API's which are subject to change |
|---|
| Column name | Details |
|---|---|
| userId | Account object ID |
| isEnabled | Is account enabled Value can be "Yes" only as Azure MFA registration reports only enabled accounts |
| userDisplayName | Account display name |
| userPrincipalName | Account UPN |
| isExternal | Is account a "Guest" Values can be "Yes" or "N/A" |
| externalDomain | External account domain name Values can be a DNS name of external domain or "N/A" if account type is "Member" |
| externalUserState | State of external account Values can be "PendingAcceptance", "Accepted" or "N/A" |
| externalUserStateLastChangeUTC | Timestamp of external account last change of state Values can be UTC Datetime or "N/A" |
| tenantDomain | Domain name of user account's tenant. |
| methodsRegistered | MFA methods registered by the account Values can be: microsoftAuthenticatorPush softwareOneTimePasscode officePhone mobilePhone OR No AAD MFA configured Please note that this only shows the MFA user state on the Azure AD tenant. User can be configured with MFA at office.com level and it will not be reflected in this report. |
| onPremisesSyncEnabled | Type of user account Values can be: "Yes" - Windows AD account "No" - Azure AD account |
| lastInteractiveSignInUTC | Last user's interactive sign in date in UTC Values can be UTC Datetime or "N/A" if never signed in via AAD |
| lastNonInteractiveSignInUTC | Last user's non-interactive sign in date in UTC Values can be UTC Datetime or "N/A" if never signed in via AAD |