MFA status is based on a user registering for MFA. So, MFA should be on, enabled, enforced and user must have completed signup for the MFA status to show "On".
In order to obtain MFA status information from Microsoft, a client tenant requires an Azure Active Directory P1 license or similar in the client's tenant. It appears that MFA information is available for all client users if there is at least one license for the client. It is not dependent on being assigned to a particular user. If you don't have the Azure P1 license, the client will receive the following error message under 365 MFA messages:
Neither tenant is B2C or tenant doesn't have premium license
If you assign a P1 license (or a trial) to the client's tenant, it may take a few days for the information to become accessible during the CloudRadial scan. Syncing with Office 365 is done automatically every night. Or, you can run a manual sync on the client that will pull the most information. Use the Sync button when viewing a client under Partner Clients.
If you do not want to setup an Azure P1 license for a client, you can edit the client to disable the MFA column on most reports.
Excluded Users
CloudRadial does not process MFA information for Excluded Users. Users can be excluded because of they have been explicitly excluded or because they don't have a license (and unlicensed users are excluded). If you have service accounts for which you want to pick up MFA information, but not want to include all users without a license, you can assign a free license to the account to allow CloudRadial to import and report.
Comments
0 comments
Please sign in to leave a comment.