Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Secure Score / 2FA on sharedmailbox

Copper Contributor

Good morning, everybody.
I am responsible for maintaining a SecureScore at a fairly high level in an organization.

The recommended actions include "Verify that MultiFactor Authentication is enabled for all users" and this one concerns me.
For about a year and a half, conditional access has been put in place to ensure that no account is forgotten. It's all working fine.

 

Problem, the recommended action in the SecureScore reports that only 256 users out of 317 have MFA enabled. As I dig deeper, I realize that among those 317 users, there are the shared boxes, resource calendars (room and equipment), and guest users that are included.
Since 2FA cannot be set up on a resource calendar or on a shared mailbox, how can I make sure that these are not included in the list?

Would it be possible to add a feature to have the ability to exclude certain types of accounts from the Secure Score calculation, or to change the calculation directly?

5 Replies

Do I understand correctly that you excluded these accounts from the policy? In any case, this would not be the intention. If you have a policy on for all users with no exclusions this advice should not be given. Be sure to share your MFA policy with us!

@JosvanderVaart We cannot exclude these accounts from the "secure score checking" : 

(sorry it's in French)

L0lo__0-1713881137705.png

 

I have 264 users with 2FA enabled (perfect !) but the 63 left doesn't have 2FA enabled. These accounts are resource calendar, shared mailbox, and external users. 

The logique would be to exclude the accounts which cannot have 2FA enabled, right ?

 

Can you share the configuration of the conditional access policy?

I didn't make that policy myself, I give you what I found :)

 

L0lo__0-1713883716184.pngL0lo__1-1713883719599.png

 

Can you please show who is excluded from this rule?