My understanding was that if O365 said that MFA was enabled for a user then that user would be required to register for MFA and, once they completed that process, their status would change from enabled to enforced.
I just noticed a user with a status of enabled who has been signing in for months with MFA. Every signin says the Authentication Requirement is Multifactor Authentication.
Why does his status not say enforced?
