Control: 1.2 Ensure that multi-factor authentication is enabled for all non- privileged users
Enable multi-factor authentication for all non-privileged users.
Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.
Note: By default, multi-factor authentication is disabled for all users.
- Log in to Azure Active Directory
- Go to
- Go to
- Click on Multi-Factor Authentication button on the top bar
- Ensure that MULTI-FACTOR AUTH STATUS is
Enabledfor all users
To enable MFA
Follow Microsoft Azure documentation and setup multi-factor authentication in your environment.
steampipe check azure_compliance.control.cis_v130_1_2
This control uses a named query:ad_manual_control