Multi-Factor Authentication Disabled

Multi-factor authentication (MFA) prevents unauthorized access to assets by requiring more than one form of authentication during sign-in.

Systems that use MFA grant access to data and applications only after users present two or more credentials. Commonly used credentials include passwords, PINs, tokens, and fingerprints. MFA is effective because threat actors that are able to compromise system passwords are unlikely to meet the second authentication requirement.


Risk Insights only detects this issue for Azure AD. Active Directory does not have built-in MFA capability.

You can remediate the issue through the following methods:



Active Directory

Integrate third-party tools such as Cisco Duo and Google Authenticator that can confirm user identities and provide secure access to data and applications.

Azure AD

Enable MFA using any of the following methods:


When you enable security defaults and per-user Azure AD Multi-Factor Authentication, Risk Insights infers the MFA configuration from collected sign-in activity data. This can sometimes result in false positives, particularly for accounts with few sign-in activities.