Information
Enable multi-factor authentication for all user credentials who have write access to Azure resources. These include roles like
Service Co-Administrators
Subscription Owners
Contributors
Rationale:
Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication before access is granted. Multi-factor authentication provides additional assurance that the individual attempting to gain access is who they claim to be. With multi-factor authentication, an attacker would need to compromise at least two different authentication mechanisms, increasing the difficulty of compromise and thus reducing the risk.
Impact:
Users would require two forms of authentication before any action is granted. Also, this requires an overhead for managing dual forms of authentication.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Follow Microsoft Azure documentation and setup multi-factor authentication in your environment.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
Default Value:
By default, multi-factor authentication is disabled for all users.