How can we help you?

Please click the link below to view a video explaining understanding the MFA report and why it may differ from the Microsoft Admin portal view

MFA Report Explanation video link

MFA Report FAQ

To view an MFA report for a Microsoft Tenant a minimum of a P1 Azure or better license is required.

MFA reports do not include Guest or Blocked user accounts.

For a Microsoft Tenant, when running an MFA report sometimes it may appear to conflict with the Azure Multi-Factor Authentication (MFA) management page in that what is shown in the report may not match the content shown.

Here are a few things that may cause this:

1. Users making MFA changes to their own account may not correctly update within Azure 
2. A caching issue within the management panel itself
3. Delayed synchronization between the management panel and Azure Active Directory
4. User account updates often not reflected in real-time
5. Incorrect MFA configuration on the user account

One thing to note is that the MFA report is pulled from a direct API connection and may have more recent information than the management panel.

One way to compare the output is to use Microsoft Graph Explorer and run a query for a tenant showing report differences.

The provided link will load the needed GET command and load the User Authentication Methods output which is used to generate the MFA report itself. 

Once the page loads please follow these steps:

1. Click the Sign in icon and sign in with the user credentials that were used to join the organization to the SaaS Alerts UI.
2. Once sign-in is complete please click the Run Query button
3. If the query runs successfully, please copy the contents and paste them into an empty notepad file or similar application (Notepad++).
4. You can compare this information to the MFA report and the Azure Multi-Factor Authentication (MFA) management page to see if a user has made a change that isn't updating within the management page.