Empty strongAuthenticationDetail - How to get MFA status of each user

Question

Empty strongAuthenticationDetail - How to get MFA status of each user

quentinhardy opened this issue 2 years ago · comments

Hello,

All my AAD users have this following configuration in my roadrecon database:

strongAuthenticationDetail => {'encryptedPinHash': None, 'encryptedPinHashHistory': None, 'methods': [], 'oathTokenMetadata': [], 'requirements': [], 'phoneAppDetails': [], 'proofupTime': None, 'verificationDetail': None}

If I have well understood, the strongAuthenticationDetail key should give information about the MFA status for a user.

Why all my users have an "empty" strongAuthenticationDetail while some of them have MFA enable? Is it a privilege problem of the AAD user which has been used for running Roadrecon ? This user was the "Gloabl reader" role.

How I can get the MFA status of each AAD user through Roadtools ?

Thank you in advance,

Dirk-jan · Answer 1 · Thu Aug 18 2022 19:23:40 GMT+0800 (China Standard Time)

In my testing this still works with the correct privileges (Global reader/Admin). If you're sure you gathered the information with the correct privileges, then i'm not sure what the issue could be here.
You could try running the tool with --mfa explicitly to see if that does gather the MFA information.

Dirk-jan · Answer 2 · Mon Aug 22 2022 17:26:03 GMT+0800 (China Standard Time)

It appears that in larger tenants the --mfa switch is needed to collect this even with the correct privileges. In small tenants it collects it without that flag as well.