cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Secure Score / 2FA on sharedmailbox

L0lo_
Copper Contributor

‎Apr 23 2024 04:49 AM

‎Apr 23 2024 04:49 AM

Secure Score / 2FA on sharedmailbox

Good morning, everybody.
I am responsible for maintaining a SecureScore at a fairly high level in an organization.

The recommended actions include "Verify that MultiFactor Authentication is enabled for all users" and this one concerns me.
For about a year and a half, conditional access has been put in place to ensure that no account is forgotten. It's all working fine.

 

Problem, the recommended action in the SecureScore reports that only 256 users out of 317 have MFA enabled. As I dig deeper, I realize that among those 317 users, there are the shared boxes, resource calendars (room and equipment), and guest users that are included.
Since 2FA cannot be set up on a resource calendar or on a shared mailbox, how can I make sure that these are not included in the list?

Would it be possible to add a feature to have the ability to exclude certain types of accounts from the Secure Score calculation, or to change the calculation directly?

300 Views
0 Likes
5 Replies
Reply
5 Replies
JosvanderVaart

‎Apr 23 2024 07:01 AM

‎Apr 23 2024 07:01 AM

Re: Secure Score / 2FA on sharedmailbox

Do I understand correctly that you excluded these accounts from the policy? In any case, this would not be the intention. If you have a policy on for all users with no exclusions this advice should not be given. Be sure to share your MFA policy with us!

0 Likes
Reply
L0lo_

‎Apr 23 2024 07:08 AM - edited ‎Apr 23 2024 07:08 AM

‎Apr 23 2024 07:08 AM - edited ‎Apr 23 2024 07:08 AM

Re: Secure Score / 2FA on sharedmailbox

@JosvanderVaart We cannot exclude these accounts from the "secure score checking" : 

(sorry it's in French)

L0lo__0-1713881137705.png

 

I have 264 users with 2FA enabled (perfect !) but the 63 left doesn't have 2FA enabled. These accounts are resource calendar, shared mailbox, and external users. 

The logique would be to exclude the accounts which cannot have 2FA enabled, right ?

 

0 Likes
Reply
JosvanderVaart

‎Apr 23 2024 07:09 AM

‎Apr 23 2024 07:09 AM

Re: Secure Score / 2FA on sharedmailbox

Can you share the configuration of the conditional access policy?
0 Likes
Reply
L0lo_

‎Apr 23 2024 07:50 AM

‎Apr 23 2024 07:50 AM

Re: Secure Score / 2FA on sharedmailbox

I didn't make that policy myself, I give you what I found :)

 

L0lo__0-1713883716184.pngL0lo__1-1713883719599.png

 

0 Likes
Reply
JosvanderVaart

‎Apr 29 2024 12:34 AM

‎Apr 29 2024 12:34 AM

Re: Secure Score / 2FA on sharedmailbox

Can you please show who is excluded from this rule?
0 Likes
Reply