Hey r/sysadmin,
Been working in MSP for a couple years and kept running into the same problem — clients with no idea who has MFA and who doesn't.
Built a free PowerShell script that scans your entire M365 tenant and outputs:
- Users with NO MFA (critical)
- Users with weak MFA only (SMS/voice — bypassable)
- Admin accounts without MFA
- Per-user method breakdown (Authenticator, FIDO2, TOTP, SMS...)
- Color-coded HTML report + CSV export
Uses Microsoft.Graph module, no legacy MSOnline.
GitHub: https://github.com/JUrica11/m365-security-toolkit
If you find it useful — I also put together a full Security Hardening Pack (CA audit, guest cleanup, admin roles audit, legacy auth detection, Secure Score report) available separately.
Happy to answer questions or take feedback.