Forum Discussion
Attack Simulator
No. What you need is to have actually performed the MFA challenge before you access the page. It will check the access token for the presence of the "user has performed MFA" bit, and only let you manage the settings if this is true. Think of it as added security for one of the more sensitive features we have in O365.
No. What you need is to have actually performed the MFA challenge before you access the page. It will check the access token for the presence of the "user has performed MFA" bit, and only let you manage the settings if this is true. Think of it as added security for one of the more sensitive features we have in O365.
It would be great if Microsoft has an online reference/documentation on all MS365/Defender XDR/Purview admin operations that require this "user has performed MFA" bit. I knew about the Attack Simulator based on an onlie documentation, but was caught by surprise in yet another case where I needed to turn on auditing in Purview (start recording user and admin activity) but received an error at the "Complete organizational setup" step.