Share via

Please Sanity-Check This For Me

Michael O'Hara 1 Reputation point
2022-08-11T10:41:32.79+00:00

There is some disagreement among teams around whether or not MFA single-auth is used. I say it is not for the snippet of users shown below.
Based on the field I exported out of AAD login activity are these users truly using single?

Also (again, questioning my sanity) I see we do not have Enforce Policy checked on.

My concern is this - never trust users to do the right thing.

230432-image.png

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,511 Reputation points
    2022-08-11T11:21:38.507+00:00

    Hi Michael,

    Not sure if I understand the question but it seems to me you would like to know and verify if users are registered for MFA?

    For this I would suggest you can also use Powershell command and pre-req is to install the MSOL and ExcahngeOnline Module.

    Connect-MsolService
    Get-MsolUser -All | select DisplayName,BlockCredential,UserPrincipalName,@{N="MFA Status"; E={ if( $.StrongAuthenticationRequirements.State -ne $null){ $.StrongAuthenticationRequirements.State} else { "Disabled"}}}

    Also there is a way from the GUI - Admin portal.
    From the Azure Portal, select users, then Active users. On top section, select per user -Multi-factor Authentication. This list will show for whom MFA is enabled (Enforced).

    Further more reading and knowledge base article from MS - https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

    ----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2022-08-18T22:12:05.447+00:00

    @Michael O'Hara
    Thank you for your post and I apologize for the delayed response!

    From your screenshot, it's definitely hard to tell if users are signing in with single-factor authentication. However, when it comes to the different Azure AD MFA user states (Enabled/Enforced), as mentioned in your conversation with Jimmy, the table below provides a great depiction of the three states:

    When you enroll users in per-user MFA, their state changes to Enabled. When enabled users sign in, and complete the registration process, their state changes to Enforced.
    230812-image.png

    Based off the table, if a user in your org is using a browser app, they'll be required to register for MFA after the session expires. Additionally, you can also reference the Azure AD Sing-in Logs and filter for Multifactor authentication.
    230785-image.png

    Additional Link:
    Conditional Access policy - Use Conditional Access policies to apply the right access controls when needed to keep your organization secure.
    Building a Conditional Access policy
    Authentication Methods Activity - The new authentication methods activity dashboard enables admins to monitor authentication method registration and usage across their organization.

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.