Update
For the latest version of this code please visit msgraph-sdk-powershell-examples.
Deprecated Content
Getting All Azure AD Users Capable of Passwordless authentication using the Microsoft Graph SDK for PowerShell.
‘Capable’ refers to whether the user has registered a passwordless strong authentication method (including FIDO2, Windows Hello for Business, and Microsoft Authenticator (Passwordless)) that is allowed by the authentication methods policy.
PowerShell Code
Note: This code requires the Microsoft Graph SDK for PowerShell.
Sample Output
DefaultMfaMethod : microsoftAuthenticatorPush
Id : bc6eb11d-...
IsAdmin : True
IsMfaCapable : True
IsMfaRegistered : True
IsPasswordlessCapable : True
IsSsprCapable : True
IsSsprEnabled : True
IsSsprRegistered : True
MethodsRegistered : {microsoftAuthenticatorPush, microsoftAuthenticatorPasswordless}
UserDisplayName : Chris Dymond
UserPrincipalName : ChrisDymond@...
UserType : member
AdditionalProperties : {}
DefaultMfaMethod : none
Id : 95112621-...
IsAdmin : False
IsMfaCapable : True
IsMfaRegistered : True
IsPasswordlessCapable : True
IsSsprCapable : False
IsSsprEnabled : True
IsSsprRegistered : False
MethodsRegistered : {fido2SecurityKey}
UserDisplayName : John Smith
UserPrincipalName : john.smith@...
UserType : member
AdditionalProperties : {}