Share via

Customer multifactor authentication (MFA) statistics

  • Article

This article describes extended security best practices regarding setting up multifactor authentication for your customers' tenant.

In a previous article, Security at your organization, we discussed how even though our security team blocks millions of attacks every day, some still manage to get through and compromise accounts. We emphasized the importance of implementing good security practices, such as multifactor authentication and modern authentication protocols, to prevent many of these attacks. We provided information on how to assess the security of your partner tenant and identify areas where action needs to be taken.

The Customer MFA Statistics page offers an aggregate view of your customers' tenant security. This resource empowers you with the data to take proactive measures, ensuring MFA compliance across all customer accounts and fortifying defenses against potential compromises.

How do I visit this page?

Go to Customer MFA statistics.

This page highlights key information around your customers' MFA security posture:

  • Customer: This column highlights the customer's name.
  • Admins with MFA enabled: Provides data on how many admins in the customer's tenant have MFA enabled.
  • Non-admins with MFA enabled: Provides data on how many non-admins users in the customer's tenant have MFA enabled.
  • Total users: Provides data on the total number of users in the customer's tenant.
  • You can search for statistics of a specific customer on the same page using the Search box.

Screenshot of the Customer multifactor authentication page, showing a list of customers and their MFA status.

How can I manage my customer's MFA security posture?

To enable MFA for your customer, you should have the appropriate GDAP role to manage the MFA security posture of your customer.

  • To enhance security for your customers, you now have the ability to activate Multi-Factor Authentication (MFA) directly. Use the command bar button to initiate this feature.

    1. Select the radio button next to a customer, and select either Security defaults or a Conditional Access policy.

    2. To see all users associated with a customer: select the customer, and then select View all users.

      Screenshot of the Customer multifactor authentication page, showing a list of customers, with a single customer selected.

      The MFA score calculations are shown, including users with disabled accounts. We recommend that you delete all users with disabled accounts if they're not needed.

  • Alternately, if you have GDAP permissions on the customer tenant with an appropriate admin role, you can sign in to the Microsoft Entra ID portal on behalf of the customer using AOBO (Admin On Behalf Of).

    To configure security defaults in your customer's directory, you must be assigned at least the Security Administrator role. If you don't have the appropriate admin role, work with your customer so that a user in that organization with the appropriate admin role can sign in to the Microsoft Entra ID portal for their tenant to setup MFA.

  • Microsoft strongly recommends that Security Defaults is enabled unless you have implemented other security protections for your CSP tenant that include MFA, such as Conditional Access.

  • To enable Security Defaults:

    1. Select a customer from the customer list for whom you want to update the MFA security posture.

    2. Select Service Management.

    3. Select Microsoft Entra ID under Administer Services.

    4. Sign in to the Microsoft Entra admin center using the appropriate GDAP role.

    5. Browse to Identity > Overview > Properties.

      Screenshot of the Security defaults flyout, with the security defaults set to Enabled (recommended)

    6. Select Manage security defaults.

      • Set Security defaults to Enabled.
      • Select Save.