Carmine Punella, a Microsoft Certified Professional, is renowned for his C# expertise, contributions to the Windows 8 App Hall of Fame, and extensive experience in designing scalable, reliable cloud-based platforms.
From the “Columns” dropdown, check “Multifactor auth state” and click “Apply”:
The column “Multifactor auth state” will indicate if the user has MFA enabled, enforced or disabled.
Key terminologies:
Enabled: the user has been enrolled in MFA but has not completed the registration process. They will be prompted to complete the registration process the next time they sign in.
Enforced: the user has been enrolled and has completed the MFA registration process. Users are automatically switched from enabled to enforced when they register for Entra ID MFA.
Disabled: this is the default state for a new user that has not been enrolled in MFA.
3. Finding out who made changes
If the MFA was enabled through CoreView, you can see the details from in Audit logs.
Here you can apply a filter on the “Action” or “Created on” columns to find the desired output:
If the changes were made through Microsoft 365, then you can find the details from Microsoft 365 Audit log. Please follow the steps below:
Navigate to “Audit > Microsoft 365”
Apply the filter “Enable Strong Authentication” on the “Operation” column.
Change the date range as per your requirement:
This will show details of the users with MFA and who made the changes
Key terminologies:
User ID: User who performed the action Object ID: User on whom the action was performed