DEMO

You’re viewing AuditPilot with seeded data for Cedar Creek Family Medicine. Add Clerk + Neon environment variables to enable real multi-tenant data.

Access Control · AP-AC-001

Multi-factor authentication enforced for all users

Every user with access to PHI or production systems must authenticate with a second factor (TOTP, push, or hardware token).

FailingCritical

Remediation guidance

Enable Conditional Access in Microsoft Entra to require MFA for all users. AuditPilot can pre-fill the policy template — your IT admin just needs to approve it.

Automation hint

Microsoft Graph: /users + /policies/conditionalAccessPolicies

Status

Last checked1 hour ago

Next check dueApr 27, 2026

Weight25

Severitycritical

Framework requirements satisfied

HIPAA

§164.312(d)

Person or Entity Authentication

SOC 2

CC6.1

Logical Access — User Authentication

HITRUST

01.q

User Authentication for External Connections

Linked evidence (1)

Add evidence

Microsoft 365 MFA enforcement export

Microsoft Entra · uploaded 2 days ago by Jordan Reyes

JSON