Registration freshness

MFA posture for Conditional Access

See which users are MFA-ready, which methods are weak, and which admins have likely stale registrations - without exporting 5,000-row reports from Entra.

Create your account, set up a workspace, and get 14 days of Pro - connect tenants, detect drift, and run impact analysis. No credit card required.

MFA posture report with fresh, amber, and stale registration buckets

Registration plus staleness

Policytab classifies users into fresh, amber, and stale buckets using Microsoft registration reports. Strong methods include Authenticator push, FIDO2, and Windows Hello. SMS and voice are flagged as weak.

Staleness is inferred from lastUpdatedDateTime and registration completeness - useful when someone changed phones but never re-enrolled.

Stale-admin call-out on the fleet dashboard
Confidence labels (high / medium / low) when data is sparse
Per-user drill-down on Pro
Compliance reports for MFA gap and readiness

Tied to CA enforcement

MFA posture is not a standalone report. It connects to readiness analysis - who would be blocked the moment you enforce an MFA-requiring policy - and to sign-in triage when users are locked out.

Try it on your Entra tenant

Connect a tenant, take a snapshot, and compare Conditional Access policies against your baseline in minutes.