Updated MFA Report to include default MFA method

Entra/Get-MFAReport.ps1

@@ -24,19 +24,24 @@ foreach ($user in $users) {
     $mfaMethods = Get-MgUserAuthenticationMethod -UserId $user.Id
 
     # Check if any MFA method is registered
-    $mfaRegistered = $mfaMethods.Count -gt 0
+    $mfaRegistered = $mfaMethods.Count -gt 1
+
+    # Check the preferred MFA method
+    $uri = "https://graph.microsoft.com/beta/users/$($user.Id)/authentication/signInPreferences"
+    $currentDefaults = Invoke-MgGraphRequest -Uri $uri -Method GET -OutputType PSObject
 
     # Get user licenses
     $licenses = Get-MgUserLicenseDetail -UserId $user.Id
 
     # Create a custom object for each user
     $userObject = [PSCustomObject]@{
-        UserPrincipalName = $user.UserPrincipalName
-        DisplayName       = $user.DisplayName
-        AccountEnabled    = $user.AccountEnabled
-        MFARegistered     = $mfaRegistered
-        MFAMethods        = ($mfaMethods.AdditionalProperties.'@odata.type' -join ', ').Replace('#microsoft.graph.', '')
-        Licenses          = ($licenses.SkuPartNumber -join ', ')
+        UserPrincipalName     = $user.UserPrincipalName
+        DisplayName           = $user.DisplayName
+        AccountEnabled        = $user.AccountEnabled
+        MFARegistered         = $mfaRegistered
+        DefaultMFAMethod      = $currentDefaults.userPreferredMethodForSecondaryAuthentication
+        AuthenticationMethods = ($mfaMethods.AdditionalProperties.'@odata.type' -join ', ').Replace('#microsoft.graph.', '')
+        Licenses              = ($licenses.SkuPartNumber -join ', ')
     }
 
     # Add the user object to the array
@@ -49,4 +54,4 @@ $userInfo | Export-Csv -Path "EntraIDUsersMFAReport.csv" -NoTypeInformation
 # Disconnect from Microsoft Graph
 Disconnect-MgGraph
 
-Write-Host "Report generated: EntraIDUsersMFAReport.csv"
+Write-Host "Report generated: EntraIDUsersMFAReport.csv"