From Azure Portal<br /><br />1. From Azure Home select the Portal Menu 2. Select the Azure Active Directory blade 3. Select Users 4. Take note of all users with the role Service Co-Administrators, Owners or Contributors 5. Click on the Per-User MFA button in the top row menu 6. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all noted users<br /><br />Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation. 

Azure > Management Group

Azure > Subscription

Azure > Tenant

Turbot > Folder

Turbot

Turbot > IAM > Turbot Identity

Turbot > IAM > Unidentified Identity

Azure > Active Directory > Directory

Kubernetes > Cluster

GitHub > Repository

AWS > Account

ServiceNow > Instance

GCP > Project

Azure > Search Management > Search Service

Azure > API Management > API Management Service

Azure > Service Bus > Namespace

Azure > Resource Group

Azure > Synapse Analytics > SQL Pool

Azure > Synapse Analytics > Workspace

Azure > Firewall > Firewall

Azure > Recovery Service > Vault

Azure > PostgreSQL > Flexible Server

Azure > PostgreSQL > Server

Azure > Compute > Availability Set

Azure > Compute > Disk

Azure > Compute > Disk Encryption Set

Azure > Compute > Image

Azure > Compute > Snapshot

Azure > Compute > Ssh Public Key

Azure > Compute > Virtual Machine

Azure > Compute > Virtual Machine Scale Set

Azure > Container Registry > Registry

Azure > Monitor > Action Group

Azure > Monitor > Metric Alert

Azure > Automation > Automation Account

Azure > Automation > Runbook

Azure > Load Balancer > Load Balancer

Azure > Network > Application Security Group

Azure > Network > Express Route Circuits

Azure > Network > Network Interface

Azure > Network > Network Security Group

Azure > Network > Private DNS Zones

Azure > Network > Private Endpoints

Azure > Network > Public IP Address

Azure > Network > Route Table

Azure > Network > Virtual Network

Azure > Network > Virtual Network Gateway

Azure > Network > Private Link Service

Azure > DNS > Zone

Azure > DNS > Record Set

Azure > AKS > Managed Cluster

Azure > Databricks > Workspace

Azure > Network Watcher > Network Watcher

Azure > MySQL > Flexible Server

Azure > MySQL > Server [Deprecated]

Azure > Relay > Namespace

Azure > Storage > Storage Account

Azure > Log Analytics > Log Analytics Workspace

Azure > Managed Identity > User Assigned Identity

Azure > SQL > Database

Azure > SQL > Elastic Pool

Azure > SQL > Managed Instance

Azure > SQL > Server

Azure > Data Factory > Factory

Azure > SQL Virtual Machine Service > SQL Virtual Machine

Azure > SignalR Service > SignalR

Azure > App Service > App Service Plan

Azure > App Service > Web App

Azure > Key Vault > Vault

Azure > Cosmos DB > Database Account

Azure > Application Insights > Application Insight

Azure > Application Gateway Service > Application Gateway

AWS > CodeBuild > Project

AWS > CodeBuild > Source Credential

AWS > CodeCommit > Repository

AWS > SageMaker > Domain

AWS > SageMaker > Endpoint

AWS > SageMaker > Endpoint Configuration

AWS > SageMaker > Model

AWS > SageMaker > Notebook Instance

AWS > SageMaker > Training Job

AWS > Lightsail > Relational Database

AWS > Lightsail > Instance

AWS > Lightsail > Load Balancer

AWS > ACM > Certificate

AWS > Well-Architected Tool > Workload

AWS > WAF > Rule Group v2 Global

AWS > WAF > Web ACL [Deprecated]

AWS > WAF > Web ACL v2 Regional

AWS > WAF > Web ACL v2 Global

AWS > WAF > Regex Pattern Set v2 Regional

AWS > WAF > Rule Group v2 Regional

AWS > WAF > Regex Pattern Set v2 Global

AWS > WAF > IP Set v2 Regional

AWS > WAF > IP Set v2 Global

AWS > ElastiCache > Cache Cluster

AWS > ElastiCache > Snapshot

AWS > ElastiCache > Replication Group

AWS > DynamoDB > Table

AWS > Route 53 > Hosted Zone

AWS > VPC > Customer Gateway

AWS > VPC > Transit Gateway

AWS > VPC > Transit Gateway Route Table

AWS > VPC > Peering Connection

AWS > VPC > VPN Connection

AWS > VPC > VPN Gateway

AWS > Kinesis > Stream

AWS > Kinesis > Kinesis Video Stream

AWS > Data Pipeline > Pipeline [Deprecated]

AWS > QLDB > Ledger

AWS > Athena > Workgroup

AWS > Athena > NamedQuery

AWS > Region

AWS > EC2 > Instance

GCP > Folder

From Azure Portal&#92;n&#92;n1. From Azure Home select the Portal Menu&#92;n2. Select the Azure Active Directory blade&#92;n3. Select Users&#92;n4. Take note of all users with the role Service Co-Administrators, Owners or&#92;nContributors&#92;n5. Click on the Per-User MFA button in the top row menu&#92;n6. Ensure that MULTI-FACTOR AUTH STATUS is Enabled for all noted users&#92;n&#92;nOnce verified, enter the date that this attestation expires. Note that the&#92;ndate can not be further in the future than is specified in&#92;nreport level Maximum Attestation Duration policy.&#92;nSet to a blank value to clear the attestation.&#92;n

Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that &#39;Multi-Factor Auth Status&#39; is &#39;Enabled&#39; for all Privileged Users

Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that &#39;Multi-Factor Auth Status&#39; is &#39;Enabled&#39; for all Privileged Users > Attestation

Policy: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation

Targets

Primary Policy

Policy Specification

Category

In Your Workspace

Developers