Why
Exposure is most dangerous on accounts without MFA. DataShield already syncs the directory; cross-referencing exposed employees against MFA-enrollment state pinpoints the accounts to fix first and maps to SOC2/ISO27001 audit needs.
Scope
- Pull MFA-enrollment / strong-auth state from directory providers that expose it (Entra, Google, Okta).
- Flag employees who are exposed AND lack MFA as a top-priority cohort.
- MFA-coverage widget and a gap report.
Hooks
src/lib/directory/ connectors (new capability), Employee model field, dashboard + src/lib/reports/.
Why
Exposure is most dangerous on accounts without MFA. DataShield already syncs the directory; cross-referencing exposed employees against MFA-enrollment state pinpoints the accounts to fix first and maps to SOC2/ISO27001 audit needs.
Scope
Hooks
src/lib/directory/connectors (new capability),Employeemodel field, dashboard +src/lib/reports/.