ID-01CriticalRecommended Secure

User MFA Registration

Identity & Authentication control for Microsoft 365 and Entra ID

Why This Control Matters

MFA blocks over 99.9% of account compromise attacks. Even with a CA policy requiring MFA, users must actually register MFA methods to be protected. Low registration means users are vulnerable.

Expected State

When this control is compliant, your tenant should meet these criteria:

195% or more of users have MFA methods registered
2Users have registered Microsoft Authenticator, security keys, or phone
3Break-glass accounts are excluded from this metric

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Users must register MFA methods themselves. Use Entra ID MFA registration campaign to prompt users.

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.