search
Ctrlk
Get CIPPJoin Discord
githubEdit

MFA Report

This report provides an overview of the Multi-Factor Authentication (MFA) status for all users within the tenant. It's a combination of the built in Entra MFA report and getting the Per User MFA state and combining them for a complete picture.

circle-info

Note: To utilize the Entra MFA report part of this report, the tenant must be licensed for Entra P1 or higher. Per-User MFA status will still function even if the tenant isn't licensed.

hashtag
MFA Protection Criteria

A user must have at least one checkmark in any of the following categories to be protected by MFA:

  • Per-User MFA: This means MFA is enabled directly on a per-user basis. It ensures that any sign-in attempt by the user is subjected to MFA verification.

  • Covered by Security Defaults (SD): This indicates that the user is protected by default security settings, automatically enabling and enforcing usage of MFA, when Microsoft deems a sign-in as risky.

  • Covered by Conditional Access (CA): In this case, MFA is enabled through Conditional Access policies which might require MFA based on conditions like user location, device compliance, etc.

hashtag
Page Actions

chevron-rightLive/Cachedhashtag

This button will toggle the table between live data and cached data. The live data will pull directly from Microsoft while the cached data is from the most recent CIPP cache database update.

When toggled to cached, the Sync button will appear allowing you to queue a task to run a fresh database sync.

hashtag
Table Details

The report lists every user in the tenant and provides detailed information about their MFA status, including:

  • Whether MFA is enabled and enforced through Per-User MFA settings.

  • If the user is safeguarded by Security Defaults that enforce MFA.

  • Whether Conditional Access policies require MFA for the user.

  • If the user is capable of using MFA.

  • The MFA methods the user has setup.

hashtag
Table Actions

Action
Description
Bulk Action Available

Set Per-User MFA

Allows you to select the per-user MFA state for the user. One of Enforced, Enabled, or Disabled.

hashtag
Feature Requests / Ideas

We value your feedback and ideas. Please raise any feature requestsarrow-up-right on GitHub.

PreviousReportsNextInactive Users

Last updated

Was this helpful?