ID-01CriticalRecommended Secure
User MFA Registration
Identity & Authentication control for Microsoft 365 and Entra ID
Why This Control Matters
MFA blocks over 99.9% of account compromise attacks. Even with a CA policy requiring MFA, users must actually register MFA methods to be protected. Low registration means users are vulnerable.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 195% or more of users have MFA methods registered
- 2Users have registered Microsoft Authenticator, security keys, or phone
- 3Break-glass accounts are excluded from this metric
Enforcement
Default Mode
Advisory
Alerts on deviations but does not make changes
Auto-Remediation
Manual Only
TrueConfig can launch an MFA registration campaign / send MFA reminders in one click to prompt users to register. Users still register their own methods; the manual alternative is starting the campaign from Entra ID MFA registration campaign settings.
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.