Control: Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access > 06.02.04 - Ensure that a multifactor authentication policy exists for all users
Configures auditing against a CIS Benchmark item.
Level: 2
A Conditional Access policy can be enabled to ensure that users are required to use Multifactor Authentication (MFA) to login.
Note: Since 2024, Azure has been rolling out mandatory multifactor authentication. For more information: - https://azure.microsoft.com/blog/announcing-mandatory-multi-factorauthentication-for-azure-sign-in - https://learn.microsoft.com/entra/identity/authentication/concept-mandatory-multifactor-authentication
Multifactor authentication is strongly recommended to increase the confidence that a claimed identity can be proven to be the subject of the identity. This results in a stronger authentication chain and reduced likelihood of exploitation.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access > 06.02.04 - Ensure that a multifactor authentication policy exists for all users
- Azure > CIS v4.0 > 06 - Identity Services > 06.02 - Conditional Access > 06.02.04 - Ensure that a multifactor authentication policy exists for all users > Attestation
- Azure > CIS v4.0 > Maximum Attestation Duration
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
- Azure > CIS v4.0 > 06 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r060204
- tmod:@turbot/cis#/control/categories/v071603
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r060204"
Get Controls