Control: Azure > CIS v4.0 > 06 - Identity Services > 06.01 - Security Defaults (Per-User MFA) > 06.01.02 - Ensure that 'multifactor authentication' is 'enabled' for all users
Configures auditing against a CIS Benchmark item.
Level: 1
[IMPORTANT - Please read the section overview: If your organization pays for Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, F5, or Business Premium, and EM&S E3 or E5 licenses) and CAN use Conditional Access, ignore th recommendations in this section and proceed to the Conditional Access section.]
Enable multifactor authentication for all users.
Multifactor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multifactor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multifactor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.01 - Security Defaults (Per-User MFA) > 06.01.02 - Ensure that 'multifactor authentication' is 'enabled' for all users
- Azure > CIS v4.0 > 06 - Identity Services > 06.01 - Security Defaults (Per-User MFA) > 06.01.02 - Ensure that 'multifactor authentication' is 'enabled' for all users > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
- Azure > CIS v4.0 > 06 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r060102
- tmod:@turbot/cis#/control/categories/v071603
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r060102"
Get Controls