Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: HACKING
- CIS: M365 1.1.9 - (L2) Enable Azure AD Identity Protection sign-in risk policies
- FIX Available: YES
This Customer Check verifies if a policy is set for sign-in risks (Sign-In risk policies).
Why this check?
Two-factor authentication, or Multi-Factor Authentication (MFA), adds an extra layer of security on top of username and password. Microsoft has developed smart controls with Sign-In Risk policies to recognize risky sign-in attempts. Such a sign-in attempt indicates a login not performed by the legitimate owner of the account. At those times, MFA can be enforced. This makes it more complicated for someone with stolen login credentials to sign in from anywhere in the world.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 1.1.9 - (L2) Enable Azure AD Identity Protection sign-in risk policies
What are the possible outcomes of the check?
This check has three possible outcomes. In Attic, this is reflected as follows:
- Okay: At least 1 Sign-In Risk policy with the correct settings is found.
- Warning: No Sign-In Risk policy is set yet.
- Notice: You do not have a license to set the Sign-In Risk policy.
How should this be followed up?
If the output is Warning , we advise enabling the SignInRiskPolicy.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.