(Regression) Disabled Guest users should not be included in "5.2.3.4 (L1) Ensure all member users are 'MFA capable'" check

[jacobcsmith]

Issue search

• I have searched the existing issues and this bug has not been reported yet

Which component is affected?

Prowler CLI/SDK

Cloud Provider (if applicable)

Microsoft 365

Steps to Reproduce

1. Create at least 1 guest user and set account enabled to false in the MS 365 environment
2. Run prowler prowler m365 --sp-env-auth --init-modules --output-formats csv html
3. Note the user fails the entra_users_mfa_capable check

Expected behavior

The disabled guest user account without MFA setup is not a finding for the entra_users_mfa_capable check

Actual Result with Screenshots or Logs

Graph Explorer showing disabled guest user:

Prowler 5.25 showing disabled guest user failing the entra_users_mfa_capable check:

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

Azure DevOps Pipeline running on Ubuntu 24.04

OS used

Ubuntu 24

Prowler version

5.25.0

Python version

3.12

Pip version

26

Context

This issue was initially raised as #10637 but appears the changes made were not enough to resolve the issue.

[jacobcsmith]

@HugoPBrito - I'm sorry I was unavailable to test the previous fix in time for the release.

[HugoPBrito]

@HugoPBrito - I'm sorry I was unavailable to test the previous fix in time for the release.

Don't worry!

Edit: I saw this is a new one. I'll take a look asap.

[jacobcsmith]

Yep this one still persists. Maybe the user account enabled attribute isn't pulling from the correct source (EXO vs Entra)?

[HugoPBrito]

Hi @jacobcsmith,

I'll like to see if the fix works this time for you.