This article provides more information on how to resolve the MFA on Office 365 test.
What is Vanta looking for?
Vanta checks that MFA is enabled for Office365 users via the "isMfaRegistered" field from the following credentialUserRegistrationDetails endpoint from the Microsoft Graph API: https://docs.microsoft.com/en-us/graph/api/reportroot-list-credentialuserregistrationdetails?view=graph-rest-beta&tabs=http
If that field returns false, Vanta checks if legacy MFA is being used by checking the "isMfaRegistered" field from the reports/authenticationMethods/userRegistrationDetails endpoint.
How can I test this?
You can see information from the credentialUserRegistrationDetails endpoint in the Entra UI here. Vanta will require that the users have a registered method listed:
You can also use Microsoft Graph Explorer to check what this endpoint is returning for users. To test this, log in to the graph explorer here and query the following endpoint: https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails
You will find the user details in the response data preview:
If the "IsMfaRegistered" field returns false, Vanta will show that the user does not have MFA enabled for their account. Ensure that the user has MFA turned on and that it is registered for their account.
The same can be done for the reports/authenticationMethods/userRegistrationDetails endpoint if legacy MFA is being used. You'll choose "beta" and enter the following - https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails
Service accounts
Personnel marked as Service Accounts in Vanta may be flagged on the MFA on Office 365 test if Vanta detects past logins on the account.
To see if this is the case, export the test results spreadsheet. If the service account in question has a time populated in the 'lastLoginTime' column, the account is expected to appear on the test and will need to be remediated or deactivated.