Multi-factor Authentication (MFA) is an authentication process that requires at least two forms of authentication to verify identity.
The most common single method of authenticating a sign-in to a computer or online service is by using a password, but it can also be the most vulnerable. This is because people can choose easy to guess passwords and they may use the same passwords for multiple sign-ins to different computers and services.
To overcome this vulnerability, an extra level of security for sign-ins can be required. This is done by using multifactor authentication (MFA), which uses both a password, which should be strong, and an additional verification method based on one of the following:
- a smart phone
- your fingerprints, face, or other biometric attribute
The additional verification method isn’t employed until after the user’s password has been verified. With MFA, even if a strong user password is compromised, an attacker won’t have your smart phone or your fingerprint to complete the sign-in.
Use of Multi Factor Authentication (MFA) in Microsoft 365
Microsoft 365 Multi Factor Authentication (MFA) is a method for identifying and authenticating users who have access to Office 365 services within an organization.
It requires users to enter their phone number, or other unique identifier, to log in to their account. This helps to prevent email accounts becoming a target for any kind of phishing or cyber attack.
Why multi-factor authentication in Office 365 MFA should be enabled?
1. Increased Security – MFA requires users to provide two or more methods of authentication when they sign in. This helps to prevent unauthorized access, even in the situation where a user’s Office 365 password has been compromised.
2. Reduced Risk of Data Loss – MFA helps to reduce the risk of data loss by preventing unauthorized Microsoft 365 sign-ins to your organization.
3. Credential Theft Mitigation – MFA safeguards against the use of automated tools to test username-password combinations. The second authentication factor helps to prevent duplication, reinforcing the account security more effectively.
4. Compliance – Many compliance regulations such as HIPAA, GDPR and CJIS, require multi-factor authentication to be implemented. By using MFA, you can help to ensure that your organization is compliant with these regulations.
Types of Microsoft 365 MFA Status
Microsoft 365 MFA uses Azure Active Directory for its authentication which is a default setting. There are four available authenticators:
- Microsoft Authenticator App – It generates time-based one-time passwords. As a part of the sign-in process, you receive a text or a time sensitive code on your device for authentication purposes.
- SMS – This authentication procedure allows you to sign in to your account without any password or username. However, you are then required to enter your phone number for signing in which then generates a text or a code to the registered number.
- OATH Token – This is an application like the Microsoft Authenticator App. A secret key is generated by Azure AD which has to be entered into the app.
- Voice – This is a process involving voice call authentication where you sign in to the account by entering a code received on a voice call on the registered number.
Types Of MFA Status
- Enabled: MFA is enabled when you are enrolled into the per user Azure AD multi factor authentication, but your registration is incomplete. In this case, you are prompted to complete the registration during the next sign-in attempt using , for example, a Web browser.
- Enforced: This MFA status suggests that you have been enrolled post registration completion. The users who complete the registration by providing multi factor authentication details in the ‘Enabled’ category, automatically get updated in the ‘Enforced’ category.
- Disabled: This is a default multi factor authentication setting.
How to Check If MFA is Enabled in Microsoft 365 for Users
To ensure the security of your organization’s data and resources, it’s important to know whether MFA is enabled for Microsoft 365 users. Below are the ways to determine if MFA is activated for individual users or at the organizational level.
- Using PowerShell
- Using the Microsoft Admin Center
Using PowerShell
To install and connect to the Azure AD module, run the following cmdlets.
Install-Module -Name Microsoft365 | Connect-Microsoft365
To check the MFA Status for a specific user:
Replacing with the user’s actual UPN.
Get-MsolUser -UserPrincipalName | Select-Object UserPrincipalName,StrongAuthenticationRequirements
To execute the commands, you’ll need appropriate administrative privileges in your Microsoft 365 tenant. It’s also important to note that MFA status can change for users over time, so it’s good practice to regularly check and enforce MFA as needed for security purposes.
Using the Microsoft Admin Center
- In the Microsoft 365 admin center, in the left navigation choose Users, Active users
- On the Active users page, choose multifactor authentication
- On the multifactor authentication page, the users will be displayed alongside their multifactor authentication status
How Lepide can Help
A more straightforward solution to this native method is to use the Lepide Microsoft 365 auditing tool which allows you to audit logon/logoff activity along with other critical events.
The Lepide solution includes many pre-defined reports including the Failed Logons Report. An example of this report is shown as follows:
To run this report:
- Select Lepide Auditor, Reports
- From here, expand Active Directory
- Select Failed Logons
- Choose a date range
- Select Generate Report
The report is generated and can be filtered, sorted and exported to CSV and PDF format