📝 Microsoft Entra ID User Multi-Factor Auth Status is not enabled 🟢

• Contextual name: 📝 Users Multi-Factor Auth Status is not enabled 🟢
• ID: /ce/ca/azure/microsoft-entra-id/multi-factor-auth-status
• Located in: 📁 Microsoft Entra ID

Flags

• 🟢 Impossible policy
• 🟢 Policy with categories
• 🟢 Policy with type

Our Metadata

• Policy Type: COMPLIANCE_POLICY
• Policy Category:
  • SECURITY

Similar Policies

• Cloud Conformity
  • Multi-factor Authentication For All Privileged Users

Description

Open File

Description

[IMPORTANT - Please read the section overview: If your organization pays for Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, F5, or Business Premium, and EM&S E3 or E5 licenses) and CAN use Conditional Access, ignore the recommendations in this section and proceed to the Conditional Access section.]

Enable multifactor authentication for all users.

Note: Since 2024, Azure has been rolling out mandatory multifactor authentication. For more information:

• https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in
• https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication

Rationale

Multifactor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multifactor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multifactor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

... see more

Remediation

Open File

Remediation

From Azure Portal

1. Go to Microsoft Entra ID.
2. Under Manage, click Users.
3. Click Per-user MFA from the top menu.
4. Click the box next to a user with Status disabled.
5. Click Enable MFA.
6. Click Enable.
7. Repeat steps 1-6 for each user requiring remediation.

Other Options within Azure Portal

• https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings • https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted#enable-multi-factor-authentication-with-conditional-access

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS Azure v2.1.0 → 💼 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users - Level 1 (Manual)			1
💼 CIS Azure v2.1.0 → 💼 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Level 2 (Manual)			1
💼 CIS Azure v3.0.0 → 💼 2.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users (Manual)			1
💼 CIS Azure v3.0.0 → 💼 2.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users (Manual)			1
💼 CIS Azure v4.0.0 → 💼 6.1.2 Ensure that 'multifactor authentication' is 'enabled' for all users (Manual)			1
💼 Cloudaware Framework → 💼 Multi-Factor Authentication (MFA) Implementation			16