Description
- Type: CUSTOMER
- Severity: NOTICE
- Protection against: HUMAN ERROR
This Monitoring Check detects as soon as a new exception to the MFA policy is added.
Why this check?
An MFA policy aims to ensure that all employees must log in to the Microsoft environment with multi-factor authentication. Exceptions can be made to this policy for legitimate reasons. However, a new exception can also be an indicator that an account has been compromised by an attacker. Therefore, Attic alerts on new exceptions so that each can be double-checked for legitimacy.
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: no new exceptions were found in the MFA policy
- Notice: one or more exceptions were found in the MFA policy
How should this be followed up?
If the check results in an output of Notice, a ticket will appear in Attic with the names of user accounts that have been added as exceptions to the MFA policy. Check whether the exceptions are legitimate. If not, remove the exception and investigate how, by whom, and why the exception was created.
Comments
0 comments
Please sign in to leave a comment.