Remote access is secured with multi-factor authentication (MFA)
Protect · Access Control
Compliance Score
82%
Partially CompliantDocumentation Maturity
Target: 2.5
Implementation Maturity
Target: 2.5
All remote access to organizational resources requires multi-factor authentication. This includes VPN connections, remote desktop, cloud applications, and email access from outside the corporate network.
Microsoft Graph API Endpoints Used
GET /identity/conditionalAccess/policiesGET /reports/authenticationMethods/userRegistrationDetailsGET /users/{id}/authentication/methodsRequired Permissions
| Severity | Finding | Recommendation |
|---|---|---|
| medium | Improvement needed: Remote access is secured with multi-factor authentication (MFA) Current implementation does not fully meet the requirements of PR.AC-3(b). | Create a Conditional Access policy requiring MFA for all users, all cloud apps, from any location. Use Microsoft Authenticator app (not SMS). Ensure all users have registered MFA methods. Block legacy authentication protocols. |
Create a Conditional Access policy requiring MFA for all users, all cloud apps, from any location. Use Microsoft Authenticator app (not SMS). Ensure all users have registered MFA methods. Block legacy authentication protocols.