private/graph/Get-ZtUserAuthenticationMethodInfoByType.ps1

<#
.SYNOPSIS
  Returns DisplayName and IsMfa metadata about a specific user authentication method type

.DESCRIPTION
    The user authentication method returned by the /users/{id}/authentication/methods endpoint
    is missing key information such as the display name (as shown in the Portal) and if an auth method
    is a multi-factor authentication method or not.

    This cmdlet returns the DisplayName and IsMfa metadata for a specific user authentication method type.

.EXAMPLE

    $userId = 'john@contoso.com'
    $userAuthMethods = Invoke-ZtGraphRequest -RelativeUri "users/$userId/authentication/methods"
    $authMethod | Get-ZtUserAuthenticationMethodInfoByType

    # Returns the DisplayName and IsMfa metadata for the authentication methods registered by the specified user.
#>


Function Get-ZtUserAuthenticationMethodInfoByType {

    [CmdletBinding()]
    param(
        # The type of authentication method to get metadata for
        [Parameter(Position = 0, ValueFromPipeline = $true)]
        [psobject] $AuthenticationMethod
    )

    begin {
        # Static list of each auth method and its metadata
        # This is used to determine if the auth method is MFA or not
        # Update this list as new methods are added by Microsoft
        # ReportType maps to the type returned when the /reports/authenticationMethods/userRegistrationDetails endpoint is used
        # Type maps to the type returned when the /users/{id}/authentication/methods endpoint is used
        $authMethodMetadata = @(
            @{
                ReportType  = 'passKeyDeviceBoundAuthenticator'
                Type        = $null
                DisplayName = 'Passkey (Microsoft Authenticator)'
                IsMfa       = $true
            },
            @{
                ReportType  = 'passKeyDeviceBound'
                Type        = '#microsoft.graph.fido2AuthenticationMethod'
                DisplayName = "Passkey (other device-bound)"
                IsMfa       = $true
            },
            @{
                ReportType  = 'email'
                Type        = '#microsoft.graph.emailAuthenticationMethod'
                DisplayName = 'Email'
                IsMfa       = $false
            },
            @{
                ReportType  = 'microsoftAuthenticatorPush'
                Type        = '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod'
                DisplayName = 'Microsoft Authenticator'
                IsMfa       = $true
            },
            @{
                ReportType  = 'mobilePhone'
                Type        = '#microsoft.graph.phoneAuthenticationMethod'
                DisplayName = 'Phone'
                IsMfa       = $true
            },
            @{
                ReportType  = 'softwareOneTimePasscode'
                Type        = '#microsoft.graph.softwareOathAuthenticationMethod'
                DisplayName = 'Authenticator app (TOTP)'
                IsMfa       = $true
            },
            @{
                ReportType  = $null
                Type        = '#microsoft.graph.temporaryAccessPassAuthenticationMethod'
                DisplayName = 'Temporary Access Pass'
                IsMfa       = $false
            },
            @{
                ReportType  = 'windowsHelloForBusiness'
                Type        = '#microsoft.graph.windowsHelloForBusinessAuthenticationMethod'
                DisplayName = 'Windows Hello for Business'
                IsMfa       = $true
            },
            @{
                ReportType  = $null
                Type        = '#microsoft.graph.passwordAuthenticationMethod'
                DisplayName = 'Password'
                IsMfa       = $false
            },
            @{
                ReportType  = $null
                Type        = '#microsoft.graph.platformCredentialAuthenticationMethod'
                DisplayName = 'Platform Credential for MacOS'
                IsMfa       = $true
            },
            @{
                ReportType  = 'microsoftAuthenticatorPasswordless'
                Type        = '#microsoft.graph.passwordlessMicrosoftAuthenticatorAuthenticationMethod'
                DisplayName = 'Microsoft Authenticator'
                IsMfa       = $true
            }
        )
    }
    process {
        function GetMethodInfo($authMethod) {
            $type = $authMethod.'@odata.type'
            $methodInfo = $authMethodMetadata | Where-Object { $_.Type -eq $type }
            if ($null -eq $methodInfo) {
                # Default to the type and assume it is MFA
                $methodInfo = @{
                    Type        = $type
                    DisplayName = ($type -replace '#microsoft.graph.', '') -replace 'AuthenticationMethod', ''
                    IsMfa       = $true
                }
            }
            Write-Output $methodInfo
        }

        if ($AuthenticationMethod -is [array]) {
            Write-Verbose "Processing multiple authentication methods"
            $AuthenticationMethod | ForEach-Object { GetMethodInfo $_ }
        } else {
            Write-Verbose "Processing single authentication method"
            GetMethodInfo $AuthenticationMethod
        }
    }
}