Enforcing Multi-Factor Authentication for All Users via Conditional Access Policies [CHK-1921]
This check verifies if multi-factor authentication (MFA) is enforced for all users through conditional access policies.
Rationale
Enforcing MFA through conditional access policies enhances security by adding an extra layer of protection against unauthorized access and potential security breaches.
Fix
An automated fix is available through Attic.
For manual steps:
- Navigate to the Azure portal.
- Go to Azure Active Directory > Security > Conditional Access.
- Create a new policy or modify an existing one.
- Under Assignments, select 'All users'.
- Under Cloud apps or actions, select 'All cloud apps'.
- Under Access controls > Grant, select 'Require multi-factor authentication'.
- Enable the policy and save changes.
Impact
Enforcing MFA for all users through conditional access policies will ensure that all user accounts are protected by an additional layer of security, thereby reducing the risk of unauthorized access. Keep in mind that after enabling this policy MFA is required, make sure not to lock yourself out.
More Information
For more details, refer to the official Microsoft documentation on Conditional Access Policies.