M365 2FA Audit

1. <############
2.     Run this script and use your email credentials, and then all client tenants that have delegated access in the partner portal with your account credentials.
3. ############>
4.  
5. ## Create 2FA Audit folder if it doesn't exist
6. if(Test-Path "C:\2FAAudit" -PathType Container){} else {New-Item -Path "C:\" -Name "2FAAudit" -ItemType "directory"}
7. if(Test-Path "C:\SKU" -PathType Container){} else {New-Item -Path "C:\" -Name "SKU" -ItemType "directory"}
8. Connect-MsolService -Credential $cred
9.  
10. # Get list of tenants
11. Get-MsolPartnerContract -All | ForEach {
12.     # Get all users in an office 365 tenant
13.     Write-Host ($_.Name) -ForegroundColor Green
14.     $tenant = $_.DefaultDomainName # This determines the filename of the csv
15.    
16.     ## Export list of Licensed Users and 2FA Status    
17.     Get-MsolUser -TenantId $_.TenantId.Guid -EnabledFilter EnabledOnly -MaxResults 2000 | Where-Object { $_.isLicensed -eq "TRUE" } | select DisplayName,@{N='Email';E={$_.UserPrincipalName}},@{n="Licenses";e={$_.Licenses.AccountSKUid}},@{N='2FA';E={($_ | Select -ExpandProperty StrongAuthenticationRequirements)}} | Export-Csv C:\2FAAudit\$tenant`.csv
18.     ## Export list Administrators and 2FA status, this  doubles up if there are licensed administrators.
19.     Get-MsolRoleMember -TenantId $_.TenantId.Guid -RoleObjectId $(Get-MsolRole -RoleName "Company Administrator").ObjectId | select DisplayName,@{N='Email';E={$_.EmailAddress}},@{n="Licenses";e={$_.Licenses.AccountSKUid}},@{N='2FA';E={($_ | Select -ExpandProperty StrongAuthenticationRequirements)}} | Export-Csv C:\2FAAudit\$tenant`.csv -Append
20. }
21.