Control: ism-1681; Revision: 1; Updated: Jun-23; Applicability: ALL; Essential Eight: ML3 ​

Multi-factor authentication is enabled by default for an organisation’s non-organisational users (but users can choose to opt out) if they authenticate to the organisation’s internet-facing services.