Understanding the MFA report

To view an MFA report for a Microsoft Tenant a minimum of a P1 Azure or better license is required.

MFA reports do not include Guest or Blocked user accounts.

For a Microsoft Tenant, when running an MFA report sometimes it may appear to conflict with the Azure Multi-Factor Authentication (MFA) management page in that what is shown in the report may not match the content shown.

Here are a few things that may cause this:

Users making MFA changes to their own account may not correctly update within Azure.
A caching issue within the management panel itself.
Delayed synchronization between the management panel and Azure Active Directory.
User account updates often not reflected in real-time.
Incorrect MFA configuration on the user account.

One thing to note is that the MFA report is pulled from a direct API connection and may have more recent information than the management panel.

One way to compare the output is to use Microsoft Graph Explorer and run a query for a tenant showing report differences.

The provided link will load the needed GET command and load the User Authentication Methods output which is used to generate the MFA report itself.

Once the page loads please follow these steps:

Sign in with the user credentials that were used to join the organization to the SaaS Alerts UI.
Once sign-in is complete, click Run Query.
If the query runs successfully, copy the contents and paste them into an empty notepad file or similar application (Notepad++).
You can compare this information to the MFA report and the Azure Multi-Factor Authentication (MFA) management page to see if a user has made a change that isn't updating within the management page.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.