Reputation: 1
How to audit MFA status of users in Azure
I am trying to build a Policy definition to list out the users who have not enabled MFA in Azure. I saw that i can't target users through Policy
Any solutions or views?
I tried altering the built-in policy which requires users to have MFA enabled mandatory but couldn't make it work.
Upvotes: 0
Views: 420
Answers (1)
Reputation: 298
Azure Policy does not do anything meaningful for Entra ID (which used to be Azure AD) users, at least from what I know. I think what you might be looking for is a Conditional Access policy, that can certainly require users to use MFA. Depending on your needs you may also do better with Security Defaults, which enable some basic Microsoft recommendations. Some references below.
Conditional Access: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
Security Defaults: https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults
As far as audit, its been a while since I looked at this problem myself, but this seems like a recent enough source: https://www.alitajran.com/get-mfa-status-entra/
Upvotes: 0
Related Questions
- Azure policy not evaluating compliance correctly, non-compliance reason: Current value must not be equal to the target value
- Getting MFA prompt on user, with exclusion on conditional access policy
- Unable to setup an Authenticator registration campaign in the Azure portal
- Gathering MFA status of users on Azure
- Azure AD guest users encountering double MFA
- Is AWS Enforce MFA policy AllowIndividualUserToDeactivateOnlyTheirOwnMFAOnlyWhenUsingMFA mandatory?