Introduction:
This article will explain why some Liongard users may be unable to view MFA (Multi-Factor Authentication) user information, with a focus on the role of Azure AD's P1 license and how to acquire and incorporate it.
Understanding the Issue:
Our Inspector uses Microsoft’s Graph API userRegistration Details endpoint to return information on the state of a user's authentication methods. As documented by Microsoft, “In order to access the sign-in reports for a tenant, an Azure AD tenant must have associated Azure AD Premium P1 or P2 license.“ Consequently, without this license, Liongard is unable to pull back this information.
How to Resolve:
Acquire a P1 license or higher for your Microsoft Azure AD tenant.
Purchase a P1/P2 License: Start by obtaining a P1 license from Microsoft if you haven't done so already. This license provides features that are important in more demanding business requirements and compliance standards.
Assign P1 License: After acquiring the P1 license, assign it to your tenant in the Microsoft Azure AD domain.
Upon next inspection in Liongard, Microsoft inspectors will start pulling back the additional information.
Understanding P1 License:
The P1 license is an upgrade to the basic Azure AD license and provides an expanded suite of identity management capabilities. These include access to MFA user information, advanced administrative control, group-based access management, and more advanced security and governance features.
For more detailed information about acquiring and assigning a P1 license, refer to these resources from Microsoft:
Conclusion:
Remember that the lack of a P1 license or above in your tenant restricts Liongard's ability to access MFA user information. By acquiring a P1 license, you not only unlock access to MFA user info but also add a layer of security and control in your Azure environment.