Skip to main content

Version: 2.1.0

MT.1008 - At least one Conditional Access policy is configured to require MFA for Azure management.

Overview

MFA for Azure management is a critical security control. This function checks if the tenant has at least one conditional access policy requiring multifactor authentication to access Azure management.

Learn more: https://learn.microsoft.com/entra/identity/conditional-access/howto-conditional-access-policy-azure-management

Test Metadata

Field	Value
Test ID	MT.1008
Severity	High
Suite	Maester
Category	CA
PowerShell test	Test-MtCaMfaForAdminManagement
Tags	CA, Maester, MT.1008

Source

Pester test: tests/Maester/Entra/Test-ConditionalAccessBaseline.Tests.ps1
PowerShell source: powershell/public/maester/entra/Test-MtCaMfaForAdminManagement.ps1