Tried a quick test of this, it does not seem to be detecting the proper endpoints that are vulnerable.
For example:
My test environment has MFA on all sources except for Desktop Client applications.
The script will tell me all platforms are safe with MFA, however, if i simply login on Outlook desktop with the testcredentials, i will enter without MFA.
I did not continue testing all the other variables since this immediately means it did not detect a major MFA gap.
Tried a quick test of this, it does not seem to be detecting the proper endpoints that are vulnerable.
For example:
My test environment has MFA on all sources except for Desktop Client applications.
The script will tell me all platforms are safe with MFA, however, if i simply login on Outlook desktop with the testcredentials, i will enter without MFA.
I did not continue testing all the other variables since this immediately means it did not detect a major MFA gap.