What is Vanta looking for?
- Vanta checks that MFA is enabled for Office365 users via the "isMfaRegistered" field from the following credentialUserRegistrationDetails endpoint from the Microsoft Graph API: https://docs.microsoft.com/en-us/graph/api/reportroot-list-credentialuserregistrationdetails?view=graph-rest-beta&tabs=http
- If that field returns false, Vanta checks if legacy MFA is being used by checking the "isMfaRegistered" field from the reports/authenticationMethods/userRegistrationDetails endpoint.
How can I test this?
- You can see information from the credentialUserRegistrationDetails endpoint in the Azure UI here. Vanta will require that the users have a registered method listed:
- You can also use Microsoft Graph Explorer to check what this endpoint is returning for users. To test this, log in to the graph explorer here and query the following endpoint: https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails
You will find the user details in the response data preview:
- If the "IsMfaRegistered" field returns false, Vanta will show that the user does not have MFA enabled for their account. Ensure that the user has MFA turned on and that it is registered for their account.
- The same can be done for the reports/authenticationMethods/userRegistrationDetails endpoint if legacy MFA is being used. You'll choose "beta" and enter the following - https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails