MT.1008 - Require MFA vs. Require authentication strength

[IE-MP]

Should https://maester.dev/docs/tests/MT.1008/ be failed if a policy exists that requires authentication strength of Phish-resistant MFA for admins?

Or is the assumption both policies are needed?

[f-bader]

MT.1008 checks both Authentication Strength as well as the "legacy setting" for MFA. So it should only fail if both are missing

[IE-MP]

Appreciate the quick reply, not sure what I'm missing.

[f-bader]

I will repo this and let you know.