![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 84%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Turner,
Thank you for posting your query on Microsoft Q&A.
With regard to your questions about the CIPP MFA reports with Microsoft integration, please find the detailed information below:
- Account Enabled: This status indicates whether an account is active and allowed to sign in. If "Account Enabled" is true, the account is not blocked and the user should be able to attempt sign-in, unless other restrictions like conditional access or sign-in blocks are in place. "Disabled" means the account is not permitted to sign in.
- MFA Registration: MFA registration status can sometimes show inaccuracies due to differences in tenant configuration, delayed API data, or permission/role inconsistencies. Inconsistent reports may occur if MFA policies are not uniformly applied or if the CIPP service account lacks full read access to user details. Confirm that MFA enforcement and reporting are consistent across all tenants being monitored.
- No Data: A "No Data" value usually means that the relevant information is not available, either because the tenant or user is not configured for the queried attribute, or the tool does not have sufficient permissions to retrieve it. It may also result from temporary communication issues with Microsoft APIs or insufficient licensing (e.g., Entra P1 requirement).
Steps to Troubleshoot and Improve Reporting:
- Verify that the CIPP integration account has sufficient API permissions and directory read access.
- Ensure that targeted tenants have the appropriate Microsoft Entra licensing for MFA reporting.
- Review and apply uniform MFA policies across users and groups.
- Refer to official CIPP documentation for specific configuration and troubleshooting steps.
Please refer to:
- Manage user profiles in Microsoft Entra ID
- Troubleshoot Azure Multi-Factor Authentication issues | Microsoft Learn
Please click "Accept as Answer" if this resolves your query. This will help others with similar questions find a quick solution.