At least one Conditional Access policy is configured to require MFA for all users
Why This Matters
Requiring multifactor authentication for all users is one of the most effective controls against credential theft and account compromise. Without a Conditional Access policy enforcing MFA, your tenant remains vulnerable to password-based attacks, including brute force and phishing. As an admin, failing to mandate MFA exposes your organization to a significantly higher risk of unauthorized access.
What Aether365 Checks
Aether365 verifies that your Microsoft 365 tenant has at least one Conditional Access policy configured to require MFA for all users. This check appears in the Aether365 dashboard under the microsoft-365 service category, helping you confirm you have a baseline protection policy in place.