SOLVED

SFA versus MFA in 365 sign in logs

%3CLINGO-SUB%20id%3D%22lingo-sub-2236924%22%20slang%3D%22en-US%22%3ESFA%20versus%20MFA%20in%20365%20sign%20in%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2236924%22%20slang%3D%22en-US%22%3E%3CP%3Eall%20of%20our%20users%20have%20enforced%20MFA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIssue%20is%20that%20hen%20you%20look%20at%20the%20sign-in%20logs%20there%20are%20SFA%20entries%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eall%20sign%20in%20should%20be%20MFA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewhat%20causes%20the%20SFA%20logs%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20known%20fix%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Etnx%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Capture.PNG%22%20style%3D%22width%3A%20171px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267361i24E1C11CE77086F1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Capture.PNG%22%20alt%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2236924%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2237175%22%20slang%3D%22en-US%22%3ERe%3A%20SFA%20versus%20MFA%20in%20365%20sign%20in%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2237175%22%20slang%3D%22en-US%22%3EHave%20you%20disabled%20Legacy%20authentication%20across%20all%20users%2Fworkloads%3F%20PowerShell%20scripts%2C%20devices%20sending%20email%2C%20third-party%20aps%20-%20all%20will%20default%20to%20using%20legacy%20auth%2Fsingle%20factor.%3C%2FLINGO-BODY%3E
Super Contributor

all of our users have enforced MFA

 

Issue is that when you look at the sign-in logs there are SFA entries

 

all sign in should be MFA

 

what causes the SFA logs?

 

any known fix?

 

tnx

 

Capture.PNG

1 Reply
best response confirmed by Marvin Oco (Super Contributor)
Solution
Have you disabled Legacy authentication across all users/workloads? PowerShell scripts, devices sending email, third-party aps - all will default to using legacy auth/single factor.