What are New Admin/User without MFA Alerts
MFA alerts monitor for new Admins/Users added to an M365 environment by evaluating the state of the new users' MFA upon creation.
Set-up Alert
Navigate to Secure > Alerts > Settings
Why should I monitor new users without MFA
As per Microsoft, 99.9% of cyberattacks can be prevented simply by enabling MFA. Monitoring your customer's MFA posture ensures that they remain compliant and hardened against attacks.
Alert Logic
New User without MFA (admin and user):
Hardcoded logic based on the following:
Logic is not evaluated at the time the integration/feature enablement. We don't want to hammer your inbox with notifications for nothing
Daily comparisons evaluated(previous days record at scan time vs new record at scan time)
Alert is sent when Augmentt discovers a new user added to the M365 environment without MFA requirement from Conditional Access, Azure Per-User or Security Defaults.
Email Notification Layout
Subject; New Admin/User without MFA Alert for <tenant>
Tenant: <tenant>
Discovered on: yyyy-mm-dd
===========
New Administrators added without MFA:
Name: <admin1>
Email: <adminemail1>
New Users added without MFA:
Name: <user1>
Email: <useremail1>