How do I check if a user has MFA enabled and who enabled it?
In this article, we will explain how to verify:
- If MFA was enabled using the Entra portal
- Who updated the MFA for a user through Entra
Investigating where MFA was enabled
Checking if user MFA was enabled using the Entra portal
- Sign in to Microsoft Entra as a Global administrator.
- From the side panel menu, select Users > All users.
- In the top bar menu, select the “Per-user MFA” report.
- A new page will open. Here, you will be able to see the MFA status for each user.
To learn more about user MFA, please refer to Microsoft documentation.
Finding out who made changes
If MFA was enabled on the Entra portal
If the changes were made through Microsoft 365, then you can find the details in the Microsoft 365 Audit log.
- Navigate to “Audit > Microsoft 365”.
- Apply the filter “Enable Strong Authentication” on the “Operation” column.
- Change the date range as per your requirement.
- This will show details of the users with MFA and who made the changes.
Key columns:
- User ID: user who performed the action
- Object ID: user on whom the action was performed