Microsoft Graph - All Users Capable of Passwordless

Getting All Azure AD Users Capable of Passwordless authentication using the Microsoft Graph SDK for PowerShell.

‘Capable’ refers to whether the user has registered a passwordless strong authentication method (including FIDO2, Windows Hello for Business, and Microsoft Authenticator (Passwordless)) that is allowed by the authentication methods policy.

PowerShell Code

Note: This code requires the Microsoft Graph SDK for PowerShell.

Sample Output

DefaultMfaMethod      : microsoftAuthenticatorPush
Id                    : bc6eb11d-...
IsAdmin               : True
IsMfaCapable          : True
IsMfaRegistered       : True
IsPasswordlessCapable : True
IsSsprCapable         : True
IsSsprEnabled         : True
IsSsprRegistered      : True
MethodsRegistered     : {microsoftAuthenticatorPush, microsoftAuthenticatorPasswordless}
UserDisplayName       : Chris Dymond
UserPrincipalName     : ChrisDymond@...
UserType              : member
AdditionalProperties  : {}

DefaultMfaMethod      : none
Id                    : 95112621-...
IsAdmin               : False
IsMfaCapable          : True
IsMfaRegistered       : True
IsPasswordlessCapable : True
IsSsprCapable         : False
IsSsprEnabled         : True
IsSsprRegistered      : False
MethodsRegistered     : {fido2SecurityKey}
UserDisplayName       : John Smith
UserPrincipalName     : john.smith@...
UserType              : member
AdditionalProperties  : {}