Ensure all users are being registered and enabled for multifactor authentication.
Risk
Users who are not MFA capable are more vulnerable to account compromise, as they may rely solely on single-factor authentication (typically a password), which can be easily phished or cracked.
Run this check with Prowler CLI
prowler m365 --checks entra_users_mfa_capable
Remediation
Remediation steps will depend on the status of the personnel in question or configuration of Conditional Access policies. Administrators should review each user identified on a case-by-case basis.
Ensure all member users are MFA capable by registering and enabling a strong authentication method that complies with the organization's authentication policy. Regularly review user status to detect gaps in MFA deployment and correct misconfigurations.
Source Code
Resource Type
Conditional Access Policy