Usage
m365 entra user registrationdetails list
Description
Retrieves a list of the authentication methods registered for users.
Options
| Option |
Description |
--isAdmin [isAdmin] |
Filter for users who are admins. Allowed values are true or false. If not specified, returns all users. |
--userType [userType] |
Filter for members or guest users. Allowed values are member or guest. If not specified, returns all users. |
--userPreferredMethodForSecondaryAuthentication [userPreferredMethodForSecondaryAuthentication] |
Filter users by selected method as default second-factor authentication. Allowed values are push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms or none. Specify either one method or more methods separated by a comma. |
--systemPreferredAuthenticationMethods [systemPreferredAuthenticationMethods] |
Filter users by most secure authentication methods registered for second-factor authentication. Allowed values are push, oath, voiceMobile, voiceAlternateMobile, voiceOffice, sms or none. Specify either one method or more methods separated by a comma. |
--isSelfServicePasswordResetRegistered [isSelfServicePasswordResetRegistered] |
Filter for users who have registered for self-service password reset. Allowed values are true or false. If not specified, returns all users. |
--isSelfServicePasswordResetEnabled [isSelfServicePasswordResetEnabled] |
Filter for users who have been enabled for self-service password reset. Allowed values are true or false. If not specified, returns all users. |
--isSelfServicePasswordResetCapable [isSelfServicePasswordResetCapable] |
Filter for users who are ready to perform self-service password reset. Allowed values are true or false. If not specified, returns all users. |
--isMfaRegistered [isMfaRegistered] |
Filter for users who are registered for multi-factor authentication. Allowed values are true or false. If not specified, returns all users. |
--isMfaCapable [isMfaCapable] |
Filter for users who are ready to perform password reset or multi-factor authentication. Allowed values are true or false. If not specified, returns all users. |
--isPasswordlessCapable [isPasswordlessCapable] |
Filter for user who have registered a password less strong authentication method. Allowed values are true or false. If not specified, returns all users. |
--isSystemPreferredAuthenticationMethodEnabled [isSystemPreferredAuthenticationMethodEnabled] |
Filter for users who have enabled system preferred authentication method. Allowed values are true or false. If not specified, returns all users. |
--methodsRegistered [methodsRegistered] |
Filter users by registered methods used during registration. Allowed values are mobilePhone, email, fido2, microsoftAuthenticatorPush or softwareOneTimePasscode. Specify either one method or more methods separated by a comma. |
--userIds [userIds] |
Filter users by ids. Specify at most 20 ids separated by a comma. |
--userPrincipalNames [userPrincipalNames] |
Filter users by user principal names. Specify at most 20 UPN separated by a comma. |
-p, --properties [properties] |
Comma-separated list of properties to retrieve. |
Examples
Retrieve registration details for all users
m365 entra user registrationdetails list
Retrieve user registration details and returns only specific properties
m365 entra user registrationdetails list --properties 'id,isAdmin'
Retrieve registration details for admins
m365 entra user registrationdetails list --isAdmin true
Retrieve registration details for guest users
m365 entra user registrationdetails list --userType guest
Retrieve registration details for users who selected push authentication method as the default second-factor for performing multifactor authentication
m365 entra user registrationdetails list --userPreferredMethodForSecondaryAuthentication push
Retrieve registration details for users who selected either sms or push authentication method as the default second-factor for performing multifactor authentication
m365 entra user registrationdetails list --userPreferredMethodForSecondaryAuthentication sms,push
Retrieve registration details for users with push authentication method as the most secure authentication method among the registered methods for second factor authentication determined by the system
m365 entra user registrationdetails list --systemPreferredAuthenticationMethods push
Retrieve registration details for users with either sms or push authentication method as the most secure authentication methods among the registered methods for second factor authentication determined by the system
m365 entra user registrationdetails list --systemPreferredAuthenticationMethods sms,push
Retrieve registration details for users who have used Microsoft Authenticator app during registration
m365 entra user registrationdetails list --registeredMethods microsoftAuthenticatorPush
Retrieve registration details for users who have used either Microsoft Authenticator app or mobile phone during registration
m365 entra user registrationdetails list --registeredMethods microsoftAuthenticatorPush,mobilePhone
Retrieve registration details for users who are not registered for multi-factor authentication
m365 entra user registrationdetails list --isMfaRegistered false
Retrieve registration details for users specified by id
m365 entra user registrationdetails list --userIds '121bca22-1a6b-455b-9e5d-64c5ef5e471d,fec200ce-a7a9-42cd-9717-3a3179a99b72'
Retrieve registration details for users specified by user principal names
Default properties
- userPrincipalName
- methodsRegistered
- lastUpdatedDateTime
Additional Info
It is quite useful report at least for administrators.
API: https://learn.microsoft.com/en-us/graph/api/authenticationmethodsroot-list-userregistrationdetails?view=graph-rest-1.0&tabs=http
The same report is in the Entra admin center
Filtering by userPrincipalNames and userDisplayNames is supported by default by the endpoint. When userIds option is specified, the command will find userPrincipalNames first.
The endpoint requires AuditLog.Read.All permission.
Add remark to the documentation about the behavior when multiple values for the options userPreferredMethodForSecondaryAuthentication, systemPreferredAuthenticationMethods, and registeredMethods are set.
When multiple values are specified for userPreferredMethodForSecondaryAuthentication option, the command returns registration details with at least one specified selected method as default second-factor authentication.
When multiple values are specified for systemPreferredAuthenticationMethods option, the command returns registration details with at least one specified most secure authentication methods registered for second-factor authentication.
When multiple values are specified for registeredMethods option, the command returns registration details with at least one specified registered methods used during registration.
I will work on it.
Usage
m365 entra user registrationdetails list
Description
Retrieves a list of the authentication methods registered for users.
Options
--isAdmin [isAdmin]trueorfalse. If not specified, returns all users.--userType [userType]memberorguest. If not specified, returns all users.--userPreferredMethodForSecondaryAuthentication [userPreferredMethodForSecondaryAuthentication]push,oath,voiceMobile,voiceAlternateMobile,voiceOffice,smsornone. Specify either one method or more methods separated by a comma.--systemPreferredAuthenticationMethods [systemPreferredAuthenticationMethods]push,oath,voiceMobile,voiceAlternateMobile,voiceOffice,smsornone. Specify either one method or more methods separated by a comma.--isSelfServicePasswordResetRegistered [isSelfServicePasswordResetRegistered]trueorfalse. If not specified, returns all users.--isSelfServicePasswordResetEnabled [isSelfServicePasswordResetEnabled]trueorfalse. If not specified, returns all users.--isSelfServicePasswordResetCapable [isSelfServicePasswordResetCapable]trueorfalse. If not specified, returns all users.--isMfaRegistered [isMfaRegistered]trueorfalse. If not specified, returns all users.--isMfaCapable [isMfaCapable]trueorfalse. If not specified, returns all users.--isPasswordlessCapable [isPasswordlessCapable]trueorfalse. If not specified, returns all users.--isSystemPreferredAuthenticationMethodEnabled [isSystemPreferredAuthenticationMethodEnabled]trueorfalse. If not specified, returns all users.--methodsRegistered [methodsRegistered]mobilePhone,email,fido2,microsoftAuthenticatorPushorsoftwareOneTimePasscode. Specify either one method or more methods separated by a comma.--userIds [userIds]--userPrincipalNames [userPrincipalNames]-p, --properties [properties]Examples
Retrieve registration details for all users
Retrieve user registration details and returns only specific properties
m365 entra user registrationdetails list --properties 'id,isAdmin'Retrieve registration details for admins
m365 entra user registrationdetails list --isAdmin trueRetrieve registration details for guest users
Retrieve registration details for users who selected push authentication method as the default second-factor for performing multifactor authentication
Retrieve registration details for users who selected either sms or push authentication method as the default second-factor for performing multifactor authentication
Retrieve registration details for users with push authentication method as the most secure authentication method among the registered methods for second factor authentication determined by the system
Retrieve registration details for users with either sms or push authentication method as the most secure authentication methods among the registered methods for second factor authentication determined by the system
Retrieve registration details for users who have used Microsoft Authenticator app during registration
Retrieve registration details for users who have used either Microsoft Authenticator app or mobile phone during registration
Retrieve registration details for users who are not registered for multi-factor authentication
m365 entra user registrationdetails list --isMfaRegistered falseRetrieve registration details for users specified by id
m365 entra user registrationdetails list --userIds '121bca22-1a6b-455b-9e5d-64c5ef5e471d,fec200ce-a7a9-42cd-9717-3a3179a99b72'Retrieve registration details for users specified by user principal names
m365 entra user registrationdetails list --userPrincipalNames '[email protected],[email protected]'Default properties
Additional Info
It is quite useful report at least for administrators.
API: https://learn.microsoft.com/en-us/graph/api/authenticationmethodsroot-list-userregistrationdetails?view=graph-rest-1.0&tabs=http
The same report is in the Entra admin center
Filtering by
userPrincipalNamesanduserDisplayNamesis supported by default by the endpoint. WhenuserIdsoption is specified, the command will finduserPrincipalNamesfirst.The endpoint requires
AuditLog.Read.Allpermission.Add remark to the documentation about the behavior when multiple values for the options
userPreferredMethodForSecondaryAuthentication,systemPreferredAuthenticationMethods, andregisteredMethodsare set.When multiple values are specified for
userPreferredMethodForSecondaryAuthenticationoption, the command returns registration details with at least one specified selected method as default second-factor authentication.When multiple values are specified for
systemPreferredAuthenticationMethodsoption, the command returns registration details with at least one specified most secure authentication methods registered for second-factor authentication.When multiple values are specified for
registeredMethodsoption, the command returns registration details with at least one specified registered methods used during registration.I will work on it.