ID-01CriticalRecommended Secure

User MFA Registration

Identity & Authentication control for Microsoft 365 and Entra ID

Why This Control Matters

MFA blocks over 99.9% of account compromise attacks. Even with a CA policy requiring MFA, users must actually register MFA methods to be protected. Low registration means users are vulnerable.

Expected State

When this control is compliant, your tenant should meet these criteria:

  • 195% or more of users have MFA methods registered
  • 2Users have registered Microsoft Authenticator, security keys, or phone
  • 3Break-glass accounts are excluded from this metric

Enforcement

Default Mode
Advisory

Alerts on deviations but does not make changes

Auto-Remediation
Manual Only

TrueConfig can launch an MFA registration campaign / send MFA reminders in one click to prompt users to register. Users still register their own methods; the manual alternative is starting the campaign from Entra ID MFA registration campaign settings.

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.