How to check a the MFA status of a user

  • Last update on February 10th, 2025

Table of Contents

Problem

How do I check if a user has MFA enabled and who enabled it using CoreView?

Solution

In this article, we will understand how to verify 

  1. If MFA is enabled from the Entra portal.
  2. If MFA is enabled using CoreView
  3. Who has updated the MFA for a user through CoreView 

If you want to know how to configure MFA please refer to the “How to enable MFA” article. 

1. Checking if user MFA is enabled on the Entra portal

To view and manage user states, complete the following steps to access the Entra portal page:

  • Sign in to Microsoft Entra as a Global administrator
  • From the side panel menu, select Users > All users
  • In the top bar menu, select the “Per-user MFA” report
  • A new page will open. Here you will be able to see the MFA status for each user.

To learn more about user MFA, please refer to Microsoft documentation.

2. Checking if user MFA is enabled on CoreView

  • Open the CoreView app and login
  • Navigate to the “Active users” reports
  • From the “Columns” dropdown, check “Multifactor auth state” and click “Apply”:
  • The column “Multifactor auth state” will indicate if the user has MFA enabled, enforced or disabled.

Key terminologies:

  • Enabled: the user has been enrolled in MFA but has not completed the registration process. They will be prompted to complete the registration process the next time they sign in.
  • Enforced: the user has been enrolled and has completed the MFA registration process. Users are automatically switched from enabled to enforced when they register for Entra ID MFA.
  • Disabled: this is the default state for a new user that has not been enrolled in MFA.

3. Finding out who made changes

  1. If the MFA was enabled through CoreView, you can see the details from in Audit logs

Here you can apply a filter on the “Action” or “Created on” columns to find the desired output:

  1. If the changes were made through Microsoft 365, then you can find the details from Microsoft 365 Audit log. Please follow the steps below:
    • Navigate to “Audit > Microsoft 365
  • Apply the filter “Enable Strong Authentication” on the “Operation” column. 
  • Change the date range as per your requirement:
  • This will show details of the users with MFA and who made the changes

Key terminologies:

User ID: User who performed the action
Object ID: User on whom the action was performed

Related Articles

DID THIS PAGE HELP YOU?