Not using MFA might be wrong for some users

[VinceFINET]

I am using OrgCheck (Nitrogen [N,7]) and discovered that the Security and Access > Active Internal Users tab is flagging many active users as not using MFA ("User is logging directly without MFA: This user is logging in directly to Salesforce without using MFA (Multi-Factor Authentication). And this user has not the MFA bypass enabled. Please work with your user to make them use MFA for better security.").

If I look at Setup > Identity > Identity Verification History, I see a different story!  Each of these users is being challenged with MFA and succeeding in logging in.  Their entries look something like this:

Triggered by: Multi-factor authentication requiredMethod: Salesforce AuthenticatorStatus: User challenged; waiting for response >> Succeeded

[VinceFINET]

In nitrogen we have:

[VinceFINET]

User having this issue launch the following query:

SELECT UserId, LoginType, AuthMethodReference, Status, COUNT(Id) CntLogin 
FROM LoginHistory 
WHERE UserId = '005....'
AND (LoginType = 'Application' OR LoginType LIKE '%SSO%') 
GROUP BY UserId, LoginType, AuthMethodReference, Status

result was

[VinceFINET]

Finally Charles may have found the solution

I've been looking into it in more detail and can see that VerificationHistory, a child of LoginHistory, has what you want: VerificationHistory.VerificationMethod