How to interpret description and properties of secureScoresResponse controlScores in Graph API for MFARegistrationV2?

steven-898945 1 Reputation point

Within the control scores of the secureScoreResponse of the Microsoft Graph API, the MFARegistrationV2 and AdminMFA controls give ambiguous results. As you can see in the code pasted below, from just reading the text, it seems that 23 users are not registered with MFA. Since there are a total of 45 (users), this indicates that 22 users are registered with MFA, hence the count with a value of 22. However, this does not translate to the score and the scoreInPercentage because (22/45)*100 != 51.11. So it looks somehow switched because (23/45)*100 = 51.11. Is this a bug or how should this be interpreted?

And just a comment: it would be more clear if the implementation status used a non-negative sentence, x out of n users are registered with MFA, instead of aren't.

                                "IsApplicable": "true",  
                                "controlCategory": "Identity",  
                                "controlName": "MFARegistrationV2",  
                                "controlState": "active",  
                                "count": "22",  
                                "description": "",  
                                "implementationStatus": "You have 23 out of 45 users that aren\u2019t registered with MFA.",  
                                "lastSynced": "",  
                                "score": 4.6,  
                                "scoreInPercentage": 51.11,  
                                "total": "45"  
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,106 questions
{count} votes