Office 365 Users Multi-Factor Authentication (Legacy MFA) Status
Rule description
This rule queries the specified Microsoft 365/Entra ID scope and for each user returned, reports the user's MFA status (Enabled, Disabled). This rule reports on but does not change the MFA status.
NOTE: This rule covers the legacy Microsoft MFA mechanism. The recommendation is to use the newer Conditional Access Policies or Security Defaults instead of legacy MFA. This rule will be redesigned in the future to take advantage of the newer mechanisms.
When to use this rule
Use this rule when you need to get the report with the MFA statuses of Microsoft 365 users.
Rule settings
Query section
| Setting name | Description |
|---|---|
Account Status |
Select user account status: enabled, disabled, or both. |
Filter |
To hide unwanted data returned by the query, select the filtering conditions. Example: Find all users with E1 plan assigned: {$_.Licenses.AccountSkuId -match "STANDARDPACK"}You can find out the license plan ID in the cache file on the machine where the Cayosoft Administrator Service is installed: C:\ProgramData\Cayo Software\AdminAssistant\ItemCache\O365LicenseDefCache.xml. This XML file contains friendly names of plans and their IDs. |
Exclude Global Admins |
Specify if Global Admins should be excluded. |
Query Filters | |
|
Display Name/ E-mail starts with |
Specify the first letters of Name or Email attributes. |
|
Specify the value of the corresponding attributes. |
More Options | |
Properties to Display |
Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query. To display additional columns, add the required properties to the Properties to display list. To add extension attribute 1 that is synchronized from AD, you need to use a value like:
Copy
|
Sort by |
Sort result object list. |
Limit query for Office 365 |
Specify integer value. By default, all objects that you have in Microsoft 365 are returned. TIP: It is possible to change the default value in Microsoft 365 extension settings. |
Output section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Comments
0 comments
Please sign in to leave a comment.