7.4.4 - Pull Azure MFA info

I have installed 7.4.4, how can I pulled MFA information for the Azure AD accounts.

With PowerShell you can pull this information with get-msoluser -userprincipalname account | select strongauthenticaitonmethod

I would like for our Service Desk to be able to get this information through Active Roles, is this possible?

  • I have not looked for this put you could check the user advanced properties and see if there is an edsaAzure... property relating to this on the user object.

    If there is then you can just either expose that directly in the web UI or interrogate it with the Get-QADUser PoSh cmdlet.

  • There is a edsaAzureMFAEnabled Attribute but its empty for all users

  • Hi Jack

    Could you confirm if you have Active Roles configured to connect to your Azure tenant(s)? Both via the Web Interface, and also as a back-sync via Active Roles Sync Services?

    TBH, I've not looked at these values (and whether they are computed or stored), but it is possible they are computed (retrieved from Azure) "onGet", if Active Roles doesn't see them as enable for Azure, it may not try and get those values.

  • yes connection to AR is configured, all Health Checks are ok and i can see stuff like groups, cloud users and attributes for onprem users.

    I'm not sure how this is supposed to work since there is no global MFAEnabled Attribute in Azure. You have to check each MFA methode if its enabled and if all a disabled this means mfa is not configured for the user. So AR would need some kind of logic or display the result for all mfa methods