To perform a security audit, it is necessary to review the registered multi-factor authentication methods of each user in the Microsoft Tenant. This can help identify and address potential vulnerabilities before they are exploited. Additionally, this evaluation can be used to inform users of potentially more convenient MFA methods they could use instead of their current methods.
Here are some common multi-factor authentication methods and their respective security levels:
- Security Keys (FIDO2)
This method is considered highly secure. Physical FIDO2 security keys provide robust cryptographic authentication. They are resistant to phishing and man-in-the-middle attacks because the private key never leaves the device.
Passwordless Sign In with Microsoft Entra ID (Azure AD) and YubiKey (FIDO2) – cloudcoffee.ch - Passkeys
Passkeys are based on FIDO2 technology and offer passwordless authentication. They are also highly secure, as they prevent phishing and other common attack vectors.
Hardening your Identities: Microsoft Authenticator device-bound passkey – cloudcoffee.ch - Mobile App (Microsoft Authenticator)
This method is considered highly secure because the 2FA codes are generated locally on the device and are not transmitted over the internet or mobile networks. This minimizes the risk of interception by cybercriminals. Additionally, this method offers a cost-effective, passwordless login solution. Passwordless Sign In with Microsoft Authenticator App – cloudcoffee.ch - SMS
This method is less secure because SMS messages can be intercepted or redirected. There are known vulnerabilities that attackers can exploit to gain access to SMS codes. - Voice call
This method offers moderate security. There is a risk that calls can be intercepted or redirected. Additionally, this method can be vulnerable to social engineering attacks. - Email
This method is less secure because emails can be intercepted or compromised. Attackers can gain access to email accounts through phishing or other techniques, allowing them to intercept authentication codes.
Prerequisites and Licensing
This guide uses User registration details from the Microsoft Entra admin center and requires a Microsoft Entra ID P1 or higher license.
An overview of Microsoft 365 license packages with their features can be accessed at https://m365maps.com/.
Review user registrations for multi-factor authentication
The overview of registered multi-factor authentication methods per user can be accessed in the Microsoft Entra admin center.
Sign in to Microsoft Entra admin center (https://entra.microsoft.com) and select Protection > Authentication methods > User registration details.
The following columns indicate a user’s MFA status:
- userPrincipalName (UPN)
- Multi-factor authentication capable
- Default multi-factor authentication method
- Registered methods
- Last update of this entry
Good to Know
Download CSV File
The list of registered multi-factor authentications can be downloaded as a CSV file and further edited.
Download (1) > Start Download (2)
The downloaded CSV file can be further edited in Microsoft Excel.
Follow me on LinkedIn and Bluesky to always stay updated on my recent posts.
Was this post helpful to you? Show your enthusiasm with the delightful aroma of a freshly brewed coffee for me!
