Control: 1.1 Ensure that multi-factor authentication is enabled for all privileged users
Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like:
- Service Co-Administrators
- Subscription Owners
Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.
Note: By default, multi-factor authentication is disabled for all users.
- Log in to Azure Active Directory
- Go to
- Go to
- Click on Multi-Factor Authentication button on the top bar
- Ensure that MULTI-FACTOR AUTH STATUS is
Enabledfor all users who are
To enable MFA, follow Microsoft Azure documentation and setup multi-factor authentication in your environment.
steampipe check azure_compliance.control.cis_v130_1_1
This control uses a named query:ad_manual_control