Azure AD Security defaults MFA not enforced for user loging to PowerBI

Edgaras Stroginis 21 Reputation points
2021-04-30T08:34:22.86+00:00

We have security defaults enabled through Active directory for specific tenant. While users log in to azure portal they seem to require MFA when needed according to "
Security defaults", however the ones using Power BI app (user account configured in azure AD) - were not enforced to register for MFA and in the logs I see that required MFA is single factor. Does security defaults does not cover PowerBI mfa (when auth is done via Azure AD) - and that should be configured in some other way (conditional access, powerbi admin panel or sth)?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,736 questions
{count} votes

Accepted answer
  1. Saurabh Sharma 17,291 Reputation points Microsoft Employee
    2021-05-20T22:41:34.627+00:00

    Hi @37040339,

    I have received confirmation from products team that Security Defaults doesn’t always prompt the user for MFA. It only does so when necessary (if Azure AD detects some sort of risky sign-in).
    However, you can see the source of the authentication requirement for a sign-in by going to the Azure AD sign-in logs and clicking on the authentication details tab. At the top, it shows which policies applied (e.g. Security Defaults, Conditional Access, Per-user MFA) and then you can see which Authentication methods were used to sign-in and which authentication requirements (e.g. single factor, MFA) it satisfied. (See screenshots below)

    98431-image.png
    Please let me know if you have any other questions.

    Thanks
    Saurabh

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    No comments

0 additional answers

Sort by: Most helpful