Ensure that 'Require Multifactor Authentication to register or join devices with Microsoft Entra' is set to 'Yes'
Why This Matters
Without requiring multifactor authentication for device registration, a compromised user account could add unauthorized devices to your Microsoft Entra ID tenant. This creates a persistent foothold: rogue devices can access organizational resources even after the original account compromise is detected and remediated. Enforcing MFA at the point of device join acts as a critical gatekeeper, ensuring only authenticated users with verified second-factor credentials can register hardware.
What Aether365 Checks
Aether365 verifies that the Require Multi-Factor Auth to join devices setting in Microsoft Entra ID is configured to Yes. This check appears in your Aether365 dashboard under the entra-id checks section.