Forum Discussion

dbetlow's avatar
dbetlow
Iron Contributor
Feb 27, 2018
Solved

Report on users with MFA Enabled

We are not currently enforcing MFA for all users, but have sent out instructions to allow users to self-enroll in MFA (http://aka.ms/MFASetup).  Looking at the status of users who I know have enabled...
Azure Active Directory (AAD)
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Feb 28, 2018

    No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

dbetlow's avatar
dbetlow
Iron Contributor
Feb 28, 2018

Maybe it is a bug, but it works.  Try it out.  I'd like it better, if it updated the status to Enabled...

Pablo R. Ortiz's avatar
Pablo R. Ortiz
Iron Contributor
Feb 28, 2018

No, your users are not enabling MFA for themselves by using those URLs, That's a fact. You may have some other configuration going on.

  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Iron Contributor
    Mar 01, 2018
    What you can do is search Azure AD audit logs for activity "Enable Strong Authentication" to find out those details
  • Pablo R. Ortiz's avatar
    Pablo R. Ortiz
    Iron Contributor
    Feb 28, 2018

    Correct, you need to find out how MFA is enabled for those users

  • dbetlow's avatar
    dbetlow
    Iron Contributor
    Feb 28, 2018

    Looks like you are correct, Pablo.

     

    Although the sign-in logs show that MFA was required for users who went through the MFA setup process, it is only saying that when either they were in the Office location (MFA description says that MFA requirement satisfied by token) or they were elsewhere and setup or used the Self-Service Password Reset which must use the same MFA parameters to sign in / verify their account and/or reset/unblock their account.

     

    I guess I still have to ask users to be put on the MFA list and manually intervene.

Resources