Skip to content

MS.AAD.3.2v1 not accounting for the authentication strength option #1683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
adhilto opened this issue Apr 25, 2025 · 0 comments
Open
1 task done

MS.AAD.3.2v1 not accounting for the authentication strength option #1683

adhilto opened this issue Apr 25, 2025 · 0 comments
Labels
bug This issue or pull request addresses broken functionality public-reported This issue is reported by the public users of the tool.
Milestone
Nemo

Comments

@adhilto
Copy link
Collaborator

adhilto commented Apr 25, 2025

Prerequisites

  • This issue has an informative and human-readable title.

ScubaGear Version

Latest from main

Operating System

Windows

PowerShell Version

5.1

M365 Environment and License(s)

GCC

🐛 Summary

ScubaGear does not recognize "Require authentication stregth" for AAD.3.2:
Image

(Note that it does look at auth strength for 3.1)

This is what the provider output looks like if you select "require authentication strength -> passwordless MFA":
Image

What ScubaGear wants for 3.2 is "mfa" to be listed here:

Image

Here's what it looks like if you select "require authentication strength -> multifactor authentication":

Image

Steps to reproduce

Create a conditional access policy that should pass for MS.AAD.3.2v1, except select "require authentication strength" instead of "require multifactor authentication."

Expected behavior

MS.AAD.3.2v1 should pass

Output from Initialize-SCuBA (optional)

No response
@adhilto adhilto added bug This issue or pull request addresses broken functionality public-reported This issue is reported by the public users of the tool. labels Apr 25, 2025
@mitchelbaker-cisa mitchelbaker-cisa added this to the Nemo milestone Apr 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue or pull request addresses broken functionality public-reported This issue is reported by the public users of the tool.
Projects
None yet
Milestone
Nemo
Development

No branches or pull requests
2 participants
@adhilto @mitchelbaker-cisa