Forum Discussion

dbetlow's avatar
dbetlow
Iron Contributor
Feb 27, 2018
Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup).  Looking at the status of users who I know have enabled...
Azure Active Directory (AAD)
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 28, 2018

    No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

Magnus Tengmo's avatar
Magnus Tengmo
Copper Contributor
Sep 05, 2018

What is the difference between enabled and enforced for 

StrongAuthenticationRequirements.State

?

I can see enabled users with methods active, don´t really understand this. 

Jef_Kazimer's avatar
Jef_Kazimer
Icon for Microsoft rankMicrosoft
Sep 10, 2018

Magnus,

 

You can find the different user states for user MFA here:

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

 

The description column in each of the states describes the state.

 

However, many organizations are using Conditional Access to invoke MFA, or policy based MFA which will show the users as Disabled for user state.  This is because the user may be registered for MFA (has methods registered) but is not enforced on every authentication, and using the sign in state and policies to invoke MFA.   https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

 

Jef

 

 

Resources