Skip to main content

Microsoft 365 | What setup is necessary to return isMfaRegistered_r on a user?

isMgaRegistered_r setup

Updated over 2 months ago

Problem:

There is occasionally confusion when looking at our isMfaRegistered_r datapoint in the Microsoft 365 inspector

Information

To accurately return the isMfaRegistered_r value, the following conditions must be met:

  • Microsoft Entra ID P1 License Requirement: The tenant must possess Microsoft Entra ID P1 licenses. This license is included with Microsoft 365 E3 and Microsoft 365 Business Premium plans.

  • Understanding isMfaRegistered_r: This attribute indicates whether a user has completed the registration process for multi-factor authentication (MFA). It's important to note that:

    • Being MFA registered does not necessarily mean that MFA is enforced for the user.

    • The isMfaRegistered_r attribute does not account for users utilizing legacy per-user MFA configurations.

Microsoft 365 E3 and E5 Plans

Both Microsoft 365 E3 and E5 plans include features that support MFA registration tracking:

  • Microsoft 365 E3:

    • Includes Microsoft Entra ID P1.

    • Supports Conditional Access policies to enforce MFA based on specific conditions.

  • Microsoft 365 E5:

    • Includes Microsoft Entra ID P2, which encompasses all P1 features.

    • Adds advanced capabilities like risk-based Conditional Access and Microsoft Entra ID Protection.

Microsoft Entra ID P1 License Functionalities

The Microsoft Entra ID P1 license provides several features pertinent to MFA:

  • Conditional Access: Allows administrators to define policies that require MFA under specific conditions, enhancing security without compromising user experience.

  • MFA Registration Reporting: Enables tracking of users' MFA registration status, facilitating compliance and security audits.

  • Self-Service Password Reset (SSPR): Permits users to reset their passwords securely, reducing administrative overhead.

Further Reading

Did this answer your question?