Office 365: Admin Users with MFA Disabled List
submitted
A
Addison Caldwell
This is helpful to someone who's trying to obtain/maintain visibility into the admin users in an organization's M365 instance. This is a good Metric for QBRs, recurring site reviews, and an onboarding report. Also, this Metric could be used to build a user audit with the intention of an end customer confirming that all looks as expected. This Metric can also be used to create a pointed Actionable Alert that helps to maintain visibility into changes to the list of Admin users with MFA disabled.
Users[? Privileged ==
Yes
&& isMfaRegistered_r == Disabled
].displayNameR
Ricky Kocyigit
Hi Guys, This is a metric what I have created perhaps is this also helpfullUsers[?Privileged=='Yes' && (isMfaRegistered_r == 'Disabled' || isMfaRegistered_r == 'Unknown') && contains(AssignedRoles, 'Global Administrator')].userPrincipalNameGoodluck!
J
John Larger
We believe this requires a P1 license or greater to return valid data. I believe the data print returns 'Unknown' for this value otherwise.