Blink Workflow: Enforce and Enable MFA for Cloud and Tools for All Azure Users

EXPLORE BY SECURITY

EXPLORE BY INFRASTRUCTURE

EXPLORE BY LICENSE

Basic

Featured

EXPLORE BY VENDOR

Abnormal

Absolute

AbuseIPDB

Acronis

Adaptive Shield

Adobe Cloud

ADP

Agari Phishing Response

Airlock

Airlock Digital

Akamai Identity Cloud Social

Alert Logic

AlgoSec Firewall Analyzer

AlienVault OTX

AlienVault USM

Anodot

Anthropic

Anvilogic

Any Run

Apex One

ArcSight ESM

Area 1

Asana

Asset Panda

Atlassian Crowd

Atlassian User Management

Atlassian User Provisioning

AuditBoard

auth0

Authentik

Authomize

Automox

AWS

AWS IAM Identity Center

Axonius

Azure

Azure Data Explorer

Azure DevOps

Azure Log Analytics

Azure Storage

BambooHR

Big Fix

BigPanda

Bitbucket

Bitdefender

Bitsight

Black Duck

Black Kite

Blink

BMC Remedy

Box

Brinqa

Cato Networks

Censys

Check Point Harmony

Check Point Infinity Events

Check Point Management

Check Point XDR-XPR

Checkmarx One

Checkmarx SAST

Chorus

Chronicle

Cisco Advanced Phishing Protection

Cisco Domain Protection

Cisco Meraki

Cisco Talos

Cisco Umbrella

Cisco Webex

Claroty xDome

ClearPass

ClickUp

Cloudflare

Cloudflare R2

Cobalt

Compass

Confluence

Confluence Data Center

Coralogix

Coralogix Incident Management

Cortex XDR

Cortex Xpanse

Cribl

CrowdStrike

CyberArk

Cybersixgill

CyCognito

Cyera

Cylance

Cyware CTIX

Darktrace

Dasera

Databricks

Datadog

DataSet

Delighted

Delinea

Devo

Discord

Docusign

Domo

Drata

Dropbox

Dropbox Business

Druva

Duo

Duo Auth

Dynatrace

EasyVista

EchoTrail

Egnyte

Egnyte Secure Govern

Elasticsearch

Email

Entro

Ermetic

Exabeam

Exchange Online

Expel

F5 BIG IP

Falcon LogScale

Falcon Surface

Flare.io

Forcepoint DLP

Forescout

FortiGate

Freshservice

GCP

Gemini

Ghostwriter

Git

GitHub

GitLab

Glean

Gmail

Google Calendar

Google Chat

Google Docs

Google Drive

Google Forms

Google Looker

Google Meet

Google Sheets

Google Workspace

Grafana

Greenhouse

GreyNoise

Grip Security

GYTPOL

HackerOne

Halo Service Desk

Have I Been Pwned

HiBob

HubSpot

Hunters

Hybrid Analysis

Hyperproof

IBM NS1 Connect

IBM X Force

Imperva

incident.io

Infobip

Infoblox Cloud Services Portal

Intercom

Intezer

IP API

IPinfo

IPWHOIS

Ironscales

Ivanti RiskSense

Jamf

JetBrains

JFrog

Jira

Jira Data Center

Joe Sandbox

JumpCloud

Kandji

Kenna Security

KnowBe4

KnowBe4 Events

Kubernetes

Lacework

LaunchDarkly

Linear

Litmos

LogicMonitor

LogRhythm

Manage Engine ServiceDesk Plus

Mattermost

Microsoft Defender For Cloud

Microsoft Defender For Cloud Apps

Microsoft Defender For Endpoints

Microsoft Defender XDR

Microsoft E-Discovery

Microsoft Entra ID

Microsoft Graph

Microsoft Intune

Microsoft Office 365 Management Activity

Microsoft Outlook

Microsoft Purview

Microsoft Sentinel

Microsoft Teams

Mimecast

MISP

Monday

MongoDB Atlas

MxToolbox

Neo4j

NetBox

Netography

Netskope

New Relic

Nightfall AI

NinjaOne

Notion

Nozomi Networks

Nucleus

Nutanix Hypervisor

Obsidian

Okta

OneDrive

OneLogin

OneTrust

Oort

OpenAI

OpenCTI

Opsgenie

OPSWAT

Oracle Cloud

Oracle HCM

Orca Security

OWASP ZAP

PagerDuty

Palo Alto Cloud NGFW

Palo Alto Firewall

Panther

Pentera

Perception Point

PhishLabs

PhishLabs Incident Data

PhishLabs Open Web Monitoring

Pingdom

PingID

PingOne

PlexTrac

PortSwigger

Postman

Postman SCIM

Power BI

Prisma Access

Prisma Cloud CSPM

Prisma Cloud CWP

Prometheus

Proofpoint

Proofpoint ITM

Proofpoint Protection Server

Proofpoint Security Awareness Training

Proofpoint TAP

Proofpoint Threat Response Auto Pull

Pub-Sub

QRadar

Qualys

Rapid7

Rapid7 InsightIDR

Rapid7 InsightVM Cloud

Rapid7 Threat Command

Reco

Recorded Future

Recorded Future Triage Cloud

Red Hat IdM

Rippling

runZero

SafeBase

Sage HR

SailPoint

SailPoint IdentityIQ

Salesforce

SAP Ariba

ScienceLogic

Securin

Securin VI

SecurityScorecard

Securonix

Sekoia.io

SemGrep

SentinelOne

Sentra

ServiceNow

SharePoint

Shodan

Shopify

Silverfort

Slack

Smartsheet

Snipe-IT

Snyk

SolarWinds Service Desk

SonarQube

Sophos

Split

Splunk

Splunk Observability

Splunk SOAR

Spur

Sumo Logic

Symantec EDR

Sysdig

Tableau

Tanium

TeamCity

TeamViewer

Telegram

Tenable

Tenable Security Center

Terraform

Terraform Cloud

Tessian

TheHive

Thinkst Canary

ThreatQuotient

Trellix Email Security

Trello

Trend Vision One

Twilio

UKG HR

Uptycs

URLScan

Veracode

Verkada

VirusTotal

VMware Carbon Black

VMware vSphere

WeChat

WhatsApp

Whois

WildFire

Wiz

Workday

Workspace ONE UEM

YesWeHack

Zendesk

Zero Networks

Zoom

Zscaler Internet Access

Zscaler Private Access

Security4,060 Workflows

Cloud Security

+ 54

437

Email Security

+ 17

183

SOC & Incident Response

+ 41

378

Data Security

+ 37

332

SaaS Security

+ 22

235

Compliance & Governance

+ 36

1344

Endpoint Security

+ 41

531

Network Security

+ 33

323

Threat Hunting

+ 67

677

Identity & Access

+ 30

260

Vulnerability Management

+ 21

320

HR Security

+ 22

145

Credential Security

+ 1

27

Code Security

60

Utilities

+ 39

365

Infrastructure3,757 Workflows

Resource Creation

+ 7

271

Network Management

+ 8

866

Identity Access Management

+ 19

380

CI/CD

+ 3

248

Storage Management

+ 16

983

Developer Platform

+ 38

529

Cost Optimization

+ 7

170

Compute Management

+ 2

828

Backup & Migration

22

Kubernetes Management

+ 3

364

Observability & Monitoring

+ 30

1470

Incident Response

+ 20

299

No-code workflow for CloudOps
Purpose-built for DevOps and SecOps

Follow us on

ResourcesDocumentation How-to guides

CompanyAbout us Careers Blog Contact us

LegalPrivacy policy Terms of service

© 2025 Blink. All rights reserved.

Enforce and Enable MFA for Cloud and Tools for All Azure Users

Enforce and Enable MFA for Cloud and Tools for All Azure Users

This Workflow enforces and enables multi-factor authentication (MFA) for cloud and tools for all Azure users. An end-to-end solution - reports to the relevant personnel and instructs the source on handling the breach. It finds all users in Azure AD that do not have Multi-factor Authentication (MFA) and sends a report via email to the administrator of its findings. In addition, each user will receive an email (if they have a public email) with a notification and instructions to set up MFA.

Breakdown

Finds all users in Azure AD that do not have Multi-factor Authentication (MFA).
Sends report via email to administrator with a list of users without MFA.
Each user will receive an email (if they have public email) with a notification and instructions to set up MFA.

TRIGGER: On-Demand

email_to_result

Steps

1

List all Azure users from AD

2

End workflow if no target groups were found

3

End run

4

Prepare list for final report

5

Check MFA status for all users

6

Get all authentication methods for user

7

Check if user does not have authentication other than password

8

Add user without MFA setup to report list

9

If user has email in Azure portal

10

Send MFA instructions to user.

11

Send list of users without MFA via email

12

End run

End

OUTPUTS

No outputs