It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-6)

Barracuda Assistant

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Support Services

Barracuda XDR

Overview Documentation Materials

You are currently viewing the legacy Barracuda Campus portal

Due to ongoing compatibility requirements during the migration, some users are still being redirected here. All content is being transitioned to the new Campus Training Portal and Campus Documentation Portal, and this legacy portal will be fully retired once the migration is complete.

Please visit https://campus.barracuda.com for more information.

Simulating Cloud Security Threats - Multi-Factor Authentication Disabled

Last updated on 2025-04-17 14:48:57

Rule

Office 365 Multi-Factor Authentication Disabled

Purpose

Detects when Multi-Factor Authentication is disabled to a user account.

Objective

Detect when Multi-Factor Authentication (MFA) is disabled for an account.

How to test

Log in to the Azure Active Directory or Office 365 admin portal using an administrator account.
Disable MFA for the test user account.
Navigate to Users > Multi-Factor Authentication settings.
Find the test user and disable MFA for their account.
Verify MFA is disabled by attempting to log in to the test user’s account without MFA