When I run the get-AzureADUser -objectID someone@contoso.com | Select Displayname,Othermails I cannot see the othermails property. The property turns up as:
OtherMails: {}
I would like to see this property, to check if everyone in the organisation has an authentication method filled in. So they can use the SSPR.
I am using the tenant administrator account. So I should be able to see everything. In the GUI of Azure AD, when I click on a user and authentication methods. I can see that the emailaddress is there. But it turns up blanc in Powershell.
Anyone has a clue why this is?
For getting SSPR information you need to use Get-MsolUser cmdlet. The data included under StrongAuthenticationUserDetails is the one you can see under Authentication methods:
$t = Get-MsolUser -UserPrincipalName upn@domain.com
$t.StrongAuthenticationUserDetails
# Returns
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AlternativePhoneNumber :
Email : email@gmail.com
OldPin :
PhoneNumber : +48 123456789
Pin :
There are other fields, which can be used for SSPR (such as alternate email address), but they won't be displayed under Authentication methods.