Troubleshooting Office365 MFA Issues
If you're encountering issues with your Microsoft Office account MFA Status syncing to Vanta. First, try the following steps below to determine if MFA has been correctly configured via Azure AD:
- View your User Registration details via the Authentication Methods Activity Dashboard
- Confirm that your User account is first Capable of Multifactor Authentication registration, then has an authentication method registered and set as a default.
-
- Read more on Microsoft's new authentication methods activity dashboard
- Read more on Microsoft's Supported authentication methods
- Read more on Microsoft's new authentication methods activity dashboard
Azure Premium License required for Office365 MFA Test
Currently, We can only support the detection of MFA on Azure AD Premium P1 or Azure AD Premium P2 plans. These plans expose the 'IsMfaRegistered' field on users through the MSGraph API. If your users aren't showing as passing the test, Confirm that you have a compatible Azure AD Plan via the information below:
- If your Azure AD License is the Free version, our MFA Tests will not be able to retrieve MFA User information from MSGraphAPI:
- If you're a user of Microsoft 365 Business Premium and EMS or Microsoft 365 E3 and E5 then your Azure Plan includes Azure AD Premium P2 or Azure AD Premium P1 and is compatible!
- Read more about Azure Active Directory pricing plans
Troubleshooting MFS via MSGraph Explorer
- If you would like to see info directly from the API, you can use the following steps:
- Log in to the graph explorer here and hit the following endpoint
- https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails
- Find the user's details in the returned list:
- The "IsMfaRegistered" field must be set to true