1.2 Ensure that multi-factor authentication is enabled for all non-privileged users - Role Definitions

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Enable multi-factor authentication for all non-privileged users.

Rationale:

Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.

Impact:

Users would require two forms of authentication before any action is granted. Also, this requires an overhead for managing dual forms of authentication.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Follow Microsoft Azure documentation and setup multi-factor authentication in your environment.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

Default Value:

By default, multi-factor authentication is disabled for all users.

See Also

https://workbench.cisecurity.org/files/3459