Skip to content

Decouple Entra Id policy check 3.5 from 3.4 so that users will always know if the modern MFA settings page is configured with weak auth methods. #1921

New issue
New issue
Open
#1971
Open
Decouple Entra Id policy check 3.5 from 3.4 so that users will always know if the modern MFA settings page is configured with weak auth methods.#1921
#1971
Assignees
JosephRWalter
Labels
enhancementThis issue or pull request will add new or improve existing functionality
Milestone
Plankton
@tkol2022

Description

@tkol2022
tkol2022
opened on Jan 9, 2026

Prerequisites

  • This issue has an informative and human-readable title.

💡 Summary

Based on discussions about the deprecation of the legacy Entra MFA checkbox settings in #1578, we decided that Entra policy 3.5 (check for weak auth methods like SMS) is really its own check and should always be evaluated no matter the state of the Manage Migration feature associated with 3.4.

The scope of this issue is to decouple the Rego policy check 3.5 from 3.4 so that 3.5 always triggers.

Motivation and context

We should always be improving the policies and in this case via analysis and discussion we decided that there is value to the user from ScubaGear always evaluating policy 3.5.

Implementation notes

  1. Make the changes to the Rego and test

Acceptance criteria

  • The items above have been completed.

Metadata

Metadata

Assignees

Labels

enhancementThis issue or pull request will add new or improve existing functionality

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions