At least one Conditional Access policy is configured to require MFA for Azure management
Why This Matters
Azure management includes critical operations such as configuring subscriptions, managing billing, and modifying directory settings. Without a Conditional Access policy requiring multifactor authentication (MFA) for these actions, an attacker who compromises an administrator account could gain full control over the entire Azure environment. Enforcing MFA for Azure management access significantly reduces the risk of unauthorized administrative changes.
What Aether365 Checks
This scan verifies that at least one Conditional Access policy is configured to require MFA for all Azure management actions. The result appears in the Aether365 dashboard under the Microsoft 365 checks section.