- Free Edition
- Quick Links
- Highlights
- Exchange Online
- Exchange Online Management
- Exchange Online Reports
- Exchange Online Auditing
- Exchange Online Monitoring
- Shared Mailbox Management
- Mailbox Usage Reports
- Exchange Online Mailbox Auditing
- Shared Mailbox Reports
- Exchange Online Delegation
- Mailbox Size Reports
- Mail Traffic Reports
- Non-owner Mailbox Access Report
- Public Folder Reports
- OWA Reports
- Mailbox Content Reports
- Entra ID
- Entra ID Management
- Entra ID Reports
- Entra ID Monitoring
- Entra ID Auditing
- User Management
- Contact Reports
- Security Group Reports
- License Reports
- Entra ID Delegation
- Microsoft 365 User Provisioning
- User Reports
- Distribution Group Reports
- Group Reports
- Inactive Exchange Users
- Entra ID User Auditing
- Entra ID Group Auditing
- Entra ID Logon Auditing
- Microsoft Teams
- OneDrive for Business
- SharePoint Online
- Security and compliance
- Other Features
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Security Plus Microsoft 365 Auditing and Alerting
- EventLog Analyzer Real-time Log Analysis & Reporting
- SharePoint Manager Plus SharePoint Reporting and Auditing
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
The Entra MFA Disabled Users report, one of M365 Manager Plus' Microsoft Entra ID reports as part of its Microsoft 365 reporting capabilities, is used to track users who are not enrolled for MFA. It can also be used to enforce Entra MFA for them.
What is the MFA Disabled Users report in M365 Manager Plus?
The MFA Disabled Users report gives details about Microsoft 365 user accounts that have no MFA methods registered in Microsoft Entra ID. This report primarily includes the user's identity attributes, such as User Principal Name, whether their credentials are blocked, how long the account has existed without MFA, and how long it has been since the account's password was last changed, along with other user properties.
Why you need an Entra MFA disabled users report
Every unprotected account in your Microsoft 365 tenant is a single password away from a breach. Verizon's 2025 Data Breach Investigations Report found that credential abuse accounted for 22% of initial attack vectors in confirmed breaches. Without clear visibility, authentication gaps often go unnoticed until after a breach. Without a focused view of which accounts lack MFA enrollment, even routine audits become time-consuming exercises in cross-referencing incomplete data. An MFA disabled users report gives you that visibility, helping you proactively eliminate authentication gaps before they become attack vectors.
- Identify accounts prone to credential attacks: Surface user accounts that rely solely on passwords, making them prime targets for phishing, credential stuffing, and brute-force attacks that bypass perimeter controls entirely.
- Enforce MFA enrollment as part of security hygiene cycles: Track MFA adoption rates across your tenant and ensure that your MFA registration campaigns are actually encouraging users to register for MFA.
- Detect privileged accounts without MFA protection: Accounts belonging to CXOs and other administrative personnel configured without Entra MFA can act as an obvious entry point for bad actors inside your environment.
- Support Zero Trust initiatives: MFA is foundational to any Zero Trust architecture. Produce audit-ready evidence that every user identity in your tenant meets the authentication baseline required by your security policy.
What does the MFA Disabled Users report show?
Using M365 Manager Plus, you can filter MFA disabled users with the following fields.
- Microsoft 365 Tenant: Select the specific tenant where you want to find users with MFA disabled.
- Virtual Tenants: If you have created virtual tenants to manage specific subsets of your organization, you can filter the report to show only Microsoft 365 users in that virtual tenant.
- Filter By: You can choose to view Microsoft 365 users from specific domains or belonging to particular groups.
The MFA Disabled Users report displays the following details for every user.
| Attribute | Description |
|---|---|
| User Principal Name | The unique login identifier for the user (e.g., user@domain.com), used for authentication |
| Blocked Credential | Indicates whether the user's account credentials are currently blocked from sign-in |
| Days Since Created | The total number of days that have elapsed since the user account was created |
| Days Since Last Password Change | The number of days elapsed since the account's password was last updated |
Here are some more Entra user attributes that the MFA Disabled Users report lists.
| First Name | Mobile Phone | Title | City | Strong Password Required | Last Directory Sync Time |
| Last Name | Home Phone | Department | State | Password Never Expires | DirSync Provisioning Error |
| Initials | Other Telephone | Manager | Postal Code | Last Password Changed | Previous Recipient Type |
| Employee ID | Fax | Direct Reports | Country / Region | License Name | Employee Type |
| Object ID | Alternate Email Address | Employee Hire Date | License Details | Recipient Type | |
| GUID | Proxy Addresses | Usage Location | Services | Recipient Type Details | |
| Immutable Id | Street Address |
Native Microsoft 365 admin portals and PowerShell vs. M365 Manager Plus
Natively, auditing MFA status in Microsoft 365 means navigating to the Entra admin center and working through its authentication reporting surfaces—a process that quickly reveals its limitations when you need a precise, filterable view of users without any MFA registered.
The Entra admin center's User registration details report under the Authentication Methods activity section does list all users alongside their registered MFA methods and capabilities.
For administrators who need scheduled, filtered MFA status data, Microsoft Graph PowerShell has the Get-MgReportAuthenticationMethodUserRegistrationDetail cmdlet for more control. It can be scripted to filter for users without registered MFA methods and run on a schedule.
While the Entra admin center and PowerShell do get you the list of MFA disabled users, you need to filter them each and every time you run the report when you need the report to be a part of your workflow.
M365 Manager Plus' MFA Disabled Users report provides the power and granularity of Graph PowerShell with the convenience of an admin center that provides the features offered in Microsoft Entra ID and Purview but with fewer steps and more capabilities overall.
| Capability | Microsoft 365 limitations | PowerShelllimitations | The M365 Manager Plus advantage |
|---|---|---|---|
| Report accessibility | 
Audit logs contain a multitude of events that you filter every time. |
Manual filtering is required before you even generate the report. |
Individual, user-friendly reports are segregated and categorized for one-click access. |
| Custom reports | |
|
Created by saving granular attribute-based conditional filters once per custom report. |
| Report exports | CSV or JSON formats Bulk exports require multiple stages of confirmation | CSV or JSON formats Requires additional modules to export as PDF or XLSX | CSV, HTML, PDF, or XLSX in a single click |
| Email reports to admins | |
|
Send right from the dashboard or report page in any supported formats without jumping between applications. |
| Automated report generation |
Requires complex add-ons like Power Automate. |
Requires complex Task Scheduler configurations. |
Multiple reports can be generated on a schedule, filtered, exported, and emailed automatically. |
For a more detailed comparison, check out this page on how to report the MFA status for users in Microsoft Entra ID.
Features that enhance the MFA Disabled Users Report
M365 Manager Plus provides several built-in tools to help you manage, automate, and secure the data found in the MFA Disabled Users report:
- Export reports: You can download the report in multiple formats, including CSV, PDF, HTML, or XLSX, for sharing data with department heads or maintaining offline records for compliance.
- Automated report generation: Set the MFA Disabled Users report to be generated at specific intervals (daily, weekly, or monthly) to run MFA coverage audits regularly without fatigue.
- MFA settings: Add MFA methods to users who have none enrolled, remove outdated or compromised authentication methods, and enforce an MFA method reset for users whose registered methods are no longer trusted, directly within the report. This closes remediation loops without switching between portals.
- Microsoft 365 joiner and leaver automations: You can link the data from the MFA Disabled Users report into automated Microsoft 365 workflows in M365 Manager Plus. For example, an automation policy can trigger an MFA enrollment prompt or assign an authenticator app for new users created without a registered MFA method.
- Microsoft 365 alerts for users without MFA: Configure real-time alerts to notify your security teams if MFA is disabled for a user or if too many users have their MFA disabled at the same time.
- Microsoft 365 sign-in audit reports: Cross-reference the MFA Disabled Users report with sign-in activity reports to identify accounts that are actively being used without MFA authentication and enforce MFA for said users.
Reports that complement the MFA Disabled Users report
If you plan on strengthening your tenant's authentication security posture, M365 Manager Plus provides several other reports that complement the data found in the MFA Disabled Users report:
- MFA Enabled Users report: Gives a full view of accounts that do have MFA registered, helping you track enrollment progress and verify that remediation actions from the MFA Disabled Users report have taken effect.
- User Last Login report: Reveals which users without MFA are actively signing in, enabling your security team to prioritize enforcement for accounts that are currently in use over dormant ones.
- Password Never Expires report: Surfaces accounts configured with non-expiring passwords, which, when combined with no MFA registration, represent compounded credential risk that warrants immediate attention.
- Microsoft 365 User Login Activity reports: Audits authentication patterns and sign-in methods to validate whether users flagged in the MFA Disabled Users report are actually authenticating with only a single factor during active sessions.
Other features of M365 Manager Plus
Microsoft Entra ID management: Create, modify, and delete users, groups, and licenses in bulk without Graph PowerShell, simplifying your Microsoft 365 identity management.
Microsoft 365 reporting: Leverage over 700 prebuilt and custom reports across major Microsoft 365 services, such as Exchange Online, SharePoint Online, Teams, and OneDrive for Business, all from one dashboard.
Microsoft 365 management: Manage users, groups, mailboxes, Teams, SharePoint permissions, and license assignments across workloads without switching portals.
Microsoft 365 automation: Automate onboarding, offboarding, license provisioning, and group updates with no-code workflows and without add-on subscriptions.
Microsoft 365 auditing: Maintain a complete, searchable audit trail of every change across your Microsoft 365 environment.
Microsoft 365 alerting: Get real-time alerts on suspicious sign-ins, admin role changes, license breaches, and policy violations.
Microsoft 365 admin delegation: Give help desk staff scoped access to specific tasks such as password resets, group changes, and mailbox management without full admin rights or visibility over the users they don't manage.