Skip to content
English
  • There are no suggestions because the search field is empty.

User has MFA disabled

Associated with

Inboxes

Underlying signals

IDAM MFA Disabled (RS24)

Reasonings

  • Regular user, and
    • Shared inboxes and distribution groups should be ignored and should never have this event
  • MFA connection does not have any secondary authentication factors configured, or
    • A user may be enrolled to have MFA enabled, but they may not have actually configured secondary factors
  • Email connection does not have secondary authentication configured
    • An inbox may have policies that force MFA, but the user may not have actually configured secondary factors

Resolutions

  • Configure a secondary authentication factor, or
  • If user is being offboarded, consider turning their inbox into a shared mailbox, or deactivating the user entirely

Additional Considerations