We have the "Security Defaults" enabled on our Azure AD tenant.
Some users have reported that they have never been prompted to authenticate their MS365/Teams/SharePoint logins using MFA. I'm not sure I believe this, but wish to verify that MFA is set up and functioning correctly.
To investigate, I asked several users to visit our SharePoint site in a new Chrome incognito window. When I do this myself, I'm always forced to login and authenticate using MFA. However, several users are not asked for MFA authentication when they do this.
I'm not sure if this indicates a problem with the MFA setup or whether my test method (i.e. assuming the incognito window should force MFA authentication) is flawed.
So my questions are:
Should users be prompted to authenticate using MFA when using an incognito window?
(if no to Q1) Is there a way to force MFA authentication for a user? (Or is there another way to test MFA?).
Is it possible to view the MFA settings of individual users?
(NB: I'm aware of the page https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx, but I understand that the settings on this page are not used for MFA enabled using "Security Defaults" and "Multi-Factor Auth Status" on this pages is displayed as "Disabled" for all users - which I know is not true.)