Disabled Guest users should not be included in "5.2.3.4 (L1) Ensure all member users are 'MFA capable'" check

[jacobcsmith]

Issue search

• I have searched the existing issues and this bug has not been reported yet

Which component is affected?

Prowler CLI/SDK

Cloud Provider (if applicable)

Microsoft 365

Steps to Reproduce

1. Create at least 1 guest user and set account enabled to false in the MS 365 environment
2. Run prowler prowler m365 --sp-env-auth --init-modules --output-formats csv html
3. Note the user fails the entra_users_mfa_capable check

Expected behavior

The disabled guest user account without MFA setup is not a finding for the entra_users_mfa_capable check

Actual Result with Screenshots or Logs

How did you install Prowler?

Cloning the repository from github.com (git clone)

Environment Resource

Azure DevOps Pipeline running on Ubuntu 24.04

OS used

Ubuntu 24.04

Prowler version

5.22.0

Python version

3.12

Pip version

26

Context

See CIS Benchmark "5.2.3.4 (L1) Ensure all member users are 'MFA capable'"

[jfagoagas]

Thanks for the issue @jacobcsmith. I'll pass it over the team and they'll get back to you soon. As with some other issues you've raised, please let us know if you want to contribute with a fix and we'll assign it to you.

[HugoPBrito]

Hi @jacobcsmith,

Thanks for reporting this. We're currently working to fix it.