Azure AD Security defaults MFA not enforced for user loging to PowerBI

Edgaras Stroginis 21 Reputation points

We have security defaults enabled through Active directory for specific tenant. While users log in to azure portal they seem to require MFA when needed according to "
Security defaults", however the ones using Power BI app (user account configured in azure AD) - were not enforced to register for MFA and in the logs I see that required MFA is single factor. Does security defaults does not cover PowerBI mfa (when auth is done via Azure AD) - and that should be configured in some other way (conditional access, powerbi admin panel or sth)?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,418 questions
{count} votes

Accepted answer
  1. Saurabh Sharma 23,671 Reputation points Microsoft Employee

    Hi @37040339,

    I have received confirmation from products team that Security Defaults doesn’t always prompt the user for MFA. It only does so when necessary (if Azure AD detects some sort of risky sign-in).
    However, you can see the source of the authentication requirement for a sign-in by going to the Azure AD sign-in logs and clicking on the authentication details tab. At the top, it shows which policies applied (e.g. Security Defaults, Conditional Access, Per-user MFA) and then you can see which Authentication methods were used to sign-in and which authentication requirements (e.g. single factor, MFA) it satisfied. (See screenshots below)

    Please let me know if you have any other questions.



    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

0 additional answers

Sort by: Most helpful