Understanding MFA data

On most platforms, when a user registers for Multi-Factor Authentication (MFA) they start getting prompted for MFA as necessary by the platform. Admins can often require users to register for MFA but any user that decides to register without requirement is still prompted.

For Microsoft 365, this is not the case. On Microsoft 365, users can register for MFA but an admin also needs to enforce it somehow before the user will be prompted. You can enforce MFA on Microsoft 365 in a few ways but without any of them turned on users that register for MFA will not be prompted for MFA on login.

When looking at MFA adoption in the Push platform we focus on the effective MFA status - "will this user be prompted for MFA?". Unless specified otherwise, all graphs and stats reflect this value.

Of course you might want to see specifically which users have registered for MFA, or which users are subject to a Conditional Access policy. For this level of granularity, go to the explore view.

The explore view has a column for each connected platform and, by default, shows that effective MFA status. A green tick means everything is good, this user is being prompted for MFA. A red cross means they are not. Sometimes we aren't able to tell so you might also see a grey question mark. You can hover over each icon to see exactly what it means if you're unsure.

022 explore grid example
A green tick means this user is being prompted for MFA. A red cross means they are not. You can hover over an icon for a more detailed explanation of what it means.

Clicking on the arrow next to the platform name in the column header expands the column to show specifically whether a user is registered yet and whether an admin has enforced MFA somehow.

022 explore grid expanded platform
Expanding a platform column shows whether a user has enrolled for MFA and if it is required.