No MFA Configured
Last updated
Last updated
Detects users with no Multi-Factor Authentication (MFA) enabled on at least one identity source.
MFA requires users to provide something you know, like a password or PIN, or something you have, like an out-of-band device or a one-time password provider. All users should be using MFA to gain access to the system.
Users will not fail this check if they fall within the grace period of 14 days (configurable).
You can add known domains to either ignore or include list.
Some system accounts may not have MFA. We recommend categorizing those for easy detection. Consider using solutions like expired passwords to block access to these accounts.
Grace period for new accounts (days): 14