Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

MFA shows disable

Copper Contributor

Hi guys, 

 

MFA is enabled through Azure AD, but when i want to check to see who still not using MFA, it shows that it is disable for all users. i have been looking around to see what is the issues and found some in Microsoft community and they says that we should turn security default off but we never used security default and it is already off.

I tried another ways using PowerShell scripts but it gives wrong result like users are using MFA but the result was they don't. 

 

 

4 Replies
Hello, if enabling AAD MFA through conditional access it doesn't change the state of the user. So in other words, if you're using CA for MFA you're all set.
If you are using Conditional Access, check the sign-in logs to verify users are being prompted, cfr https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-...
Thanks for the response,
Is there any way to see who uses MFA and who does not,
I tried a PowerShell script but it gives wrong results, in the report generated by the PowerShell script shows that users did not register for MFA so I went back to AAD to look up the account and found that user is using MFA while the report shows they don't.

@Mohalkhateeb 
good tool could be: 
Azure active directory > security > authentication methods > registration and reset events

Here you can see which user has completed his mfa registration.