Ensure multifactor authentication is enabled for all users in administrative roles
Why This Matters
Administrative roles in Microsoft Entra ID have elevated privileges that, if compromised, can lead to full tenant takeover. Without multifactor authentication (MFA), a single stolen password for an admin account gives an attacker unrestricted access to your entire Microsoft 365 environment, making MFA for all admin roles a critical security control.
What Aether365 Checks
This check verifies that all users assigned to administrative roles in Microsoft Entra ID have multifactor authentication enabled. It appears in the Aether365 dashboard under the entra-id checks category and flags any admin account lacking MFA registration or enforcement.