When running an MFA report sometimes it may appear to conflict with the Azure Multi-Factor Authentication (MFA) management page in that what is shown in the report may not match the content shown.
Here are a few things that may cause this:
- Users making MFA changes to their own account may not correctly update within Azure
- A caching issue within the management panel itself
- Delayed synchronization between the management panel and Azure Active Directory
- User account updates often not reflected in real-time
- Incorrect MFA configuration on the user account
One thing to note is that the MFA report is pulled from a direct API connection and may have more recent information than the management panel.
One way to compare the output is to use Microsoft Graph Explorer and run a query for a tenant showing report differences.
The provided link will load the needed GET command and load the User Authentication Methods output which is used to generate the MFA report itself.
Once the page loads please follow these steps:
- Click the Sign in icon and sign in with the user credentials that were used to join the organization to the SaaS Alerts UI.
- Once sign-in is complete please click the Run Query button
- If the query runs successfully, please copy the contents and paste them into an empty notepad file or similar application (Notepad++).
- You can compare this information to the MFA report and the Azure Multi-Factor Authentication (MFA) management page to see if a user has made a change that isn't updating within the management page.
One further thing noted from Microsoft is that they are now considering MFA via SMS to be considered a weak authentication method and is being reported as Authentication not being enabled.
Please sign in to leave a comment.