PowerShell script to retrieve Azure AD Users Authentication Methods and add them as additional attributes on the User Object. Associated Blogpost https://blog.darrenjrobinson.com/reporting-on-users-azure-ad-authentication-methods-using-microsoft-graph-and-powershell/

Get-AzureADAuthenticationMethods.ps1

Function AuthN {
    <#
    .SYNOPSIS
Authenticate to Azure AD and receieve Access and Refresh Tokens.

.DESCRIPTION
Authenticate to Azure AD and receieve Access and Refresh Tokens.

.PARAMETER tenantID
(required) Azure AD TenantID.

.PARAMETER credential
(required) ClientID and ClientSecret of the Azure AD registered application with the necessary permissions.

.EXAMPLE
$myCred = Get-Credential
AuthN -credential $myCred -tenantID '74ea519d-9792-4aa9-86d9-abcdefgaaa' 

.LINK
http://darrenjrobinson.com/

    #>
    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [string]$tenantID,
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [System.Management.Automation.PSCredential]$credential
    )

    if (!(get-command Get-MsalToken)) {
        Install-Module -name MSAL.PS -Force -AcceptLicense
    }

    try {
        # Authenticate and Get Tokens
        $token = Get-MsalToken -ClientId $credential.UserName -ClientSecret $credential.Password -TenantId $tenantID  
        return $token 
    }
    catch {
        $_
    }
}

Function GetAADUsers {
    <#
    .SYNOPSIS
Get AAD Users.

.DESCRIPTION
Get AAD Users.

.PARAMETER limit
(optional) number of users to limit the results too

.EXAMPLE
GetAADUsers 

.EXAMPLE
GetAADUsers -limit 250

.LINK
http://darrenjrobinson.com/

    #>
    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $false, ValueFromPipeline = $true)]
        [int]$limit 
    )

    # Refresh Access Token
    $global:myToken = AuthN -credential $myCred -tenantID $myTenantId

    try {
        if ($limit) {
            
            if ($limit -gt 999) {
                $pageSize = 999
            }
            else {
                $pageSize = $limit 
            }
            # Get AAD Users.
            $results = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
                -Uri  "https://graph.microsoft.com/v1.0/users?`$top=$pageSize" `
                -Method Get

            if ($results.value.count -lt $limit) {
                if ($results.'@odata.nextLink') {
                    $aadUsers += $results.value
                    # There's more, let's get them
                    do {
                        $results = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
                            -Uri  $results.'@odata.nextLink' `
                            -Method Get

                        $aadUsers += $results.value

                    } while ($results.'@odata.nextLink' -AND $aadUsers.count -lt $limit)
                }
                else {
                    # That's all there is
                    $aadUsers = $results.value
                }
            }
            else {
                $aadUsers = $results.value | Select-Object -First $limit
            }

            return $aadUsers | Select-Object -First $limit
        }
        else {
            # Get AAD Users.
            $results = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
                -Uri  "https://graph.microsoft.com/v1.0/users?`$top=999" `
                -Method Get

            $aadUsers += $results.value
            
            if ($results.'@odata.nextLink') {
                $aadUsers += $results.value
                # There's more, let's get them
                do {
                    $results = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
                        -Uri  $results.'@odata.nextLink' `
                        -Method Get

                    $aadUsers += $results.value

                } while ($results.'@odata.nextLink')
            }

            return $aadUsers
        }
    }
    catch {
        $_
    }
}

Function GetAuthMethods {
    <#
    .SYNOPSIS
Get AAD User Authentication Methods.

.DESCRIPTION
Get AAD User Authentication Methods.

.PARAMETER UPN
(required) UPN of the user to retrieve Auth Methods for

.EXAMPLE
GetAuthMethods -UPN [email protected] 

.LINK
http://darrenjrobinson.com/

    #>
    [cmdletbinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [string]$UPN 
    )

    # Refresh Access Token
    $global:myToken = AuthN -credential $myCred -tenantID $myTenantId

    try {
        # Get AAD User Authentication Methods.
        $authMethods = Invoke-RestMethod -Headers @{Authorization = "Bearer $($myToken.AccessToken)" } `
            -Uri  "https://graph.microsoft.com/beta/users/$($UPN)/authentication/methods" `
            -Method Get
  
        return $authMethods
    }
    catch {
        $_
    }
}

# Globals
# Tenant ID
$global:myTenantId = '74ea519d-9792-4aa9-86d9-abcdefgaaa'
# Registered AAD App ID and Secret
$global:myCred = [pscredential]::new("1c29e80e-ec64-43f7-b07a-1324567890", ("UEy9yEnU6vcCLzdZm+123ABC456DEFyjyL2nYQeU=" | ConvertTo-SecureString -AsPlainText -Force))

Import-Module MSAL.PS 

<#
    Get Users
#>
$users = GetAADUsers -limit 10

foreach ($user in $users) {
    $authMethods = GetAuthMethods -UPN $user.userPrincipalName
    
    if ($authMethods.value.count -gt 0) {
        $user | Add-Member -Type NoteProperty -Name "authMethods" -Value @($authMethods.value).'@odata.type'.replace("#microsoft.graph.", "")
        $authDetails = $authMethods.value
        foreach ($authMethod in $authDetails) {
            $authMethod.'@odata.type' = $authMethod.'@odata.type'.replace("#microsoft.graph.", "")
        } 
        $user | Add-Member -Type NoteProperty -Name "authMethodsDetail" -Value @($authDetails)
        $user | Add-Member -Type NoteProperty -Name "authMethodsCount" -Value $authMethods.value.count
    }
}

$users