[THEME] Multi-Factor Authentication

What does Attic do?

Attic verifies MFA configuration at multiple levels and monitors for changes that could weaken your MFA posture.

The checks in this theme cover:

• Security Defaults status and configuration
• MFA enforcement for all administrators and users
• Detection of admins without MFA enabled
• MFA policy exclusion monitoring (detecting when users are removed from MFA requirements)
• Microsoft Authenticator configuration: push notifications, number matching, additional context, and location display
• Fraud reporting capabilities are enabled
• SMS sign-in is disabled (weaker authentication method)
• FIDO2 security key support is enabled
• Conditional Access policies use authentication strength requirements for admins
• Device code flow restrictions via Conditional Access
• Monitoring of Conditional Access policy changes
• Report-only policies are identified for review

Why is this important?

MFA blocks over 99% of credential-based attacks. Without MFA, a stolen password is all an attacker needs to access your environment. Attic ensures MFA is not only enabled, but configured with the strongest available methods and continuously monitored for gaps or weakening changes.

Checks in this theme