J1 Query showing 2FA not Enabled?

Is there a JupiterOne query that will show which accounts do not have 2fA enabled?


  • Response from Akash, from Akash, Solutions Architecture

    Hi Mark.

    If a company treats their employees’ users and access as cyber assets and manages their user and access reviews (UARs) in JupiterOne, they can be made aware of accounts that do not have MFA enabled. It’s a very hindsight 20-20 type of response, however. This exposes the importance of User Access Reviews and how a tool like JupiterOne can serve as the source of truth for all data in the security program.

    A simple query such as Find User with mfaEnabled != true can search your data for any inconsistencies, and allow teams to automate and proactively monitor and alert on these types of situations. That applies to legacy systems we don’t natively integrate with, also.

    Using this process is effective, but requires a commitment from the business to implement and maintain. Hope that helps. -- Akash

    View the original post on the JupiterOne blog.