We are using AATP and when we review our Secure Score(security.microsoft.com) one of the action items is to "Require MFA for administrative roles". We have setup MFA but not sure what this is coming up as an "Improvement action".
I wanted to create a Policy within Cloud app so I could be alerted whenever there is a user that has an admin role but not required to utilize MFA. Is that possible?
Hi, this is not something you configure using ATP. Instead, you need to look at Azure AD Conditional Access. You can enforce MFA based on roles. Just be careful not to lock yourself out of your tenant,and exclude your permanent break glass accounts.