User in use with disabled MFA

Risk Level

Hazardous (3)

Compliance Frameworks


Multi-Factor Authentication (MFA) adds another mechanism of authentication on top of a username and password, using a device. It makes it harder to an attacker to gain access to protected resources. Therefore, it should be enabled for all users that have console logon password enabled. We have found that the user {AliCloudUser} (ID: {AliCloudUser.UserId}) does not have MFA enabled.