[Microsoft 365: Non-Admin, Non-Guest, License Assigned, MFA disabled] | Voters

[Microsoft 365: Non-Admin, Non-Guest, License Assigned, MFA disabled]

submitted

Charles Duynhoven

This query looks for non-admin users who have an active license within your organization that do not have MFA enabled (ignoring guest users).

Users[? Privileged ==

&& userType !=

Guest

&& Assigned_Products!=

&& isMfaRegistered_r ==

Disabled

].displayName

November 22, 2021

Lamont Largie

You can replace the "ExcludedGroupName" with the name of the group you would like to exclude. You can also select multiple groups with something like this:Users[? Privileged ==

&& userType !=

Guest

&& Assigned_Products!=

&& isMfaRegistered_r ==

Disabled

&& !contains(Groups,

ExcludedGroupName1, ExcludedGroupName2, etc

)].displayName

Lamont Largie

You can replace the "ExcludedGroupName" with the name of the group you would like to exclude. You can also select multiple groups with something like this:Users[? Privileged ==

&& userType !=

Guest

&& Assigned_Products!=

&& isMfaRegistered_r ==

Disabled

&& !contains(Groups,

ExcludedGroupName

)].displayName

Lamont Largie

Hey Scott a group exclusion would look like this: Users[? Privileged ==

&& userType !=

Guest

&& Assigned_Products!=

&& isMfaRegistered_r ==

Disabled

&& !contains(Groups,

ExcludedGroupName

)].displayName

Scott Stafford

I like this Query, but how would you modify to exclude users from a group, say !MFA ExcludeThere are Conference Rooms etc that wouldn't be able to use MFA.

Ben Jones

Just FYI:Liongard: So for that field to show information, the environment needs an Azure Premium P1 license or higher