Authentication

Privileged user MFA is disabled

Risk Level

Hazardous (3)

Platform(s)

Description

Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like Service Co-Administrators, Subscription Owners and Contributors
  • Recommended Mitigation

    Enable MFA for privileged user. ## Remediation --- >1. Sign in to the **[Azure Portal](https://portal.azure.com/)**. >2. Search for and select **Azure Active Directory**. Then select **Security** from the menu on the left-hand side. >3. Select **Conditional Access**, select **+ New policy**, and then select **Create new policy**. >4. Enter a name for the policy. >5. Under **Assignments**, select the current value under **Users or workload identities**. >6. Under What does this policy apply to?, verify that **Users and groups** is selected. >7. Under **Include**, choose **Select users and groups**, and then select **Users and groups**. >8. Browse for and select your Azure AD privileged user. >9. Under **Cloud apps or actions**, configure which apps require mfa. >10. Under **Access controls**, select the current value under **Grant**, and then select **Grant access**. >11. Select **Require multi-factor authentication**, and then choose **Select**. >12. Under **Enable policy**, select **On**. >13. To apply the Conditional Access policy, select **Create**.