Microsoft Security Analysis

MFA Coverage Reports

Understand your MFA enrollment rates, gaps, and how to remediate uncovered accounts.

Multi-Factor Authentication (MFA) is one of the most effective controls against account compromise. TrustCyber analyzes MFA enrollment across all user accounts in your Microsoft 365 tenant and generates a detailed coverage report showing which accounts are protected and which are at risk.

What the MFA Report Shows

  • Overall MFA enrollment percentage across all licensed users.
  • Breakdown by user type: Admin accounts, standard users, service accounts.
  • List of admin accounts without MFA (Critical severity finding).
  • List of standard user accounts without MFA.
  • MFA method breakdown: Microsoft Authenticator, SMS, FIDO2, etc.
  • Conditional Access policies enforcing MFA.
ImportantAdmin accounts without MFA are flagged as Critical severity findings. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Remediating admin account MFA gaps should be your highest priority.

Remediating MFA Gaps

The recommended remediation path is to enable Security Defaults in Azure AD (for organizations without Conditional Access) or to create a Conditional Access policy requiring MFA for all users. TrustCyber's remediation roadmap includes step-by-step instructions for both approaches.

powershell
# Check MFA status for all users via Microsoft Graph PowerShell
Connect-MgGraph -Scopes "UserAuthenticationMethod.Read.All"

$users = Get-MgUser -All
foreach ($user in $users) {
    $methods = Get-MgUserAuthenticationMethod -UserId $user.Id
    $hasMFA = $methods | Where-Object { $_.AdditionalProperties["@odata.type"] -ne "#microsoft.graph.passwordAuthenticationMethod" }
    [PSCustomObject]@{
        User = $user.UserPrincipalName
        MFAEnabled = ($hasMFA.Count -gt 0)
    }
}
← PreviousSecure Score IntegrationMicrosoft Security Analysis
Next →Framework Mapping OverviewRisk & Compliance Engine