MFA verifies who logged in. It has no idea what they do next.
Source: Venturebeat
Published:
<p>Every MFA check passed. Every login was legitimate. The compliance dashboard was green across every identity control. And the attacker was already inside, moving laterally through Active Directory with a valid session token, escalating privileges on a trajectory toward the domain controller.</p>