Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: HACKING
- CIS: M365 1.1.10 - (L2) Enable Azure AD Identity Protection user risk policies
- FIX Available: YES
This Customer Check verifies whether a user risk policy is set (User Risk Policies).
Why this check?
The User Risk Policy function checks if accounts may have been compromised and can perform automatic actions, such as forcing a password change.
User Risk Policy monitors risky events in a user account's behavior that deviate from normal patterns. To do this, it is necessary to record user behavior over a longer period to establish a "baseline" and recognize deviations. Accounts can then be blocked based on the risk level.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 1.1.10 - (L2) Enable Azure AD Identity Protection user risk policies
What are the possible outcomes of the check?
This check has three possible outcomes. In Attic, this is reflected as follows:
- Okay: At least 1 User Risk policy with the correct settings is found.
- Warning: No User Risk policy is set yet.
- Notice: You do not have a license to set the User Risk policy.
How should this be followed up?
If the output is Warning , we advise enabling the UserRiskPolicy.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.