# Install the MSOnline module if it is not already installed
Install-Module -Name MSOnline -Force

# Connect to the MSOnline service
Connect-MsolService

# Retrieve all users, suppressing any errors by redirecting to $null
$AllUsers = Get-MsolUser -All 2>$null

# Container for MFA information
$MFAInfo = @()

# Loop through all users to check their MFA status
foreach ($user in $AllUsers) {
    # Check if MFA is enabled by looking at StrongAuthenticationRequirements
    if ($user.StrongAuthenticationRequirements.State -ne $null) {
        $MFAInfo += [pscustomobject]@{
            UserPrincipalName = $user.UserPrincipalName   # User's UPN (email address)
            DisplayName       = $user.DisplayName         # User's display name
            MFAEnabled        = $true                     # MFA is enabled
            Method            = "Conditional Access/MFA Policy"  # MFA policy used
        }
    } else {
        # If no MFA policy is found, mark MFA as disabled
        $MFAInfo += [pscustomobject]@{
            UserPrincipalName = $user.UserPrincipalName
            DisplayName       = $user.DisplayName
            MFAEnabled        = $false                    # MFA is not enabled
            Method            = "None"                    # No MFA method applied
        }
    }
}

# Define the path for the CSV file
$CsvFilePath = "C:\MFA_Overview.csv"

# Export the MFA data to a CSV file without including type information
$MFAInfo | Export-Csv -Path $CsvFilePath -NoTypeInformation

# Display a message indicating that the export was successful
Write-Host "MFA overview successfully exported to $CsvFilePath"