Security checks / Check reference
Microsoft 365 security checks, by domain
672 checks across 28 domains, each with its own page: what it verifies, why it matters, how to fix it, and the compliance frameworks it evidences.
AI & Copilot (12)
Agents Agent Identity Blueprint Inheritable Permission ...Apply Least Privilege For Agent FunctionsAdopt Safety Meta PromptsAgents Agent Identity Blueprint Inheritable PermissionAgents Agent Identity Blueprint Inheritable Permission ...Agents Agent Identity Blueprint Inheritable Permission ...Agents Agent Identity Blueprint Inheritable Permission ...Ensure Human In The LoopEnsure Use Of Approved ModelsEstablish Monitoring And DetectionImplement Multi Layered Content FilteringPerform Continuous Red Team
App registrations (26)
App Application Disabled By Microsoft StatusApp Application Management Policy DisabledApp Broad Consent ScopeApp Certificate ExpiredApp Certificate Non ExpiringApp Secret ExpiredApp Secret Non ExpiringApp Application Password CredentialsApp Application Registration Has A Client SecretApp Certificate Expiring SoonApp Certificate Too Long LivedApp Federated Identity Credential Broad ScopeApp High Risk PermissionsApp Insecure Redirect UriApp Multi Tenant With High PrivilegesApp Secret Expiring SoonApp Secret Too Long LivedApp No CredentialsApp No OwnersApp No Verified PublisherApp Service Principal DisabledApp StaleApp Application Has Key CredentialsApp Application Management ChangeApp Application Management PolicyApp Federated Identity Credentials
Asset management (22)
License Missing Licenses Required For Highly Privileged...Access Guest With RolesAccess Non Employee With RolesLicense Missing Licenses Required For Privileged AccountLicense Organization Subscribed To Required SKU MissingLicense SKU SuspendedOrg Azure Organization Privacy StatementOrg Organization Missing Compliance EmailOrg Organization Missing Compliance Phone NumbersOrg Organization On Premises Sync TimesStorage High Exchange Storage Quota UsedStorage High One Drive Storage Quota UsedStorage High Share Point Storage Quota UsedLicense Organization Subscribed To Optional SKU MissingOrg Organization Missing Technical Contact Phone NumbersOrg Organization On Premises Last Password Sync Date Ti...License Tracked Licenses FoundOrg Organization StateOrg Organization Verified DomainsStorage Exchange Storage Quota UsedStorage One Drive Storage Quota UsedStorage Share Point Storage Quota Used
Authentication methods (42)
Auth User Not MFA RegisteredAuth Microsoft Authenticator Authentication Method In U...Auth Password Authentication Method In Use But Not Allo...Auth Passwordless Microsoft Authenticator Authenticatio...Auth Require Passwordless But Its Not Used By UserAuth Software Oath Authentication Method In Use But Not...Auth Suspicious Activity Settings Not EnabledAuth System Preferred Authentication Method Required Bu...Auth Temporary Access Pass Authentication Method In Use...Auth Temporary Access Pass Lifetime Too LongAuth Unallowed Authentication Methods EnabledAuth User Email Authentication Method In Use But Not Al...Auth User FIDO2 Attestation Not Enforced By UserAuth User Invalid Default Method Type By UserAuth User No Default MFA Method Found By UserAuth User No Strong Authentication Method By UserAuth User Not MFA CapableAuth User Sms Sign In State Is Not Ready By UserAuth User System Preferred Authentication Method Is Not...Auth User Unallowed User Default Authentication Method ...Auth Windows Hello Key Strength Normal Not Set By UserAuth Allowed Authentication Methods DisabledAuth Authentication Method Excluded User TargetAuth FIDO2 Authentication Method In Use But Not Allowed...Auth FIDO2 Key Restrictions Not EnforcedAuth FIDO2 Passwordless Enabled But Not GovernedAuth No Default MFA Method Found By UserAuth Phone Authentication Method In Use But Not Allowed...Auth Platform Credential Authentication Method In Use B...Auth Registration Enforcement Campaign Not ConfiguredAuth System Credential Preferences Not EnabledAuth User Hardware Oath Authentication Method In Use Bu...Auth User Recommended User Default Authentication Metho...Auth User Windows Hello For Business Authentication Met...Auth Authentication Method Included User Target Registr...Auth Group Authentication Method Excluded Group TargetAuth Group Authentication Method Included Group Target ...Auth MFA FIDO2 Self Service Registration Not AllowedAuth MFA Software Oath Not EnabledAuth Suspicious Activity Settings No TargetAuth Authentication Method Included User Target Registr...Auth Group Authentication Method Included Group Target ...
Azure subscriptions (14)
Sub Contributor At Subscription ScopeSub Custom Role With Wildcard ActionsSub Foreign Group Role AssignmentSub Owner At Subscription ScopeSub Past DueSub Service Principal High RoleSub Spending Limit OffSub User Access Admin At Subscription ScopeSub WarnedSub DeletedSub Deleted Principal Role AssignmentSub DisabledSub Excessive Role AssignmentsSub Spending Limit Current Period Off
Conditional Access (60)
Conditional Access Admin Portal Missing MFAConditional Access Break Glass Account Covered By PolicyConditional Access Group Critical Coverage GapConditional Access MFA Policy BypassedConditional Access User Critical Coverage GapConditional Access Block Legacy Exchange Active Sync No...Conditional Access Block Requested PlatformsConditional Access Browser O365 Missing MFAConditional Access Enforces Block Unknown Device Not FoundConditional Access Enforces MFA For High And Medium Ris...Conditional Access Enforces Password For High Risk User...Conditional Access Enforces Risk Levels Not FoundConditional Access Group High Coverage GapConditional Access Password Change BypassedConditional Access Policy Included Location Has Unwante...Conditional Access Require Block From Untrusted Countri...Conditional Access Require Block Legacy Other Not FoundConditional Access Untrusted Location Missing MFAConditional Access User High Coverage GapConditional Access User Logged In Without Conditional A...Conditional Access Critical Coverage GapConditional Access Device Code Flow Not BlockedConditional Access Enforces MFA For All Users Not FoundConditional Access Enforces Risk Levels Both Signin And...Conditional Access Graph API Missing MFAConditional Access Group Coverage GapConditional Access Group With Policy ExclusionsConditional Access High Coverage GapConditional Access High Risk Sign In Not ProtectedConditional Access Mobile App Missing ProtectionConditional Access Policy Covers Device Code Flow Not F...Conditional Access Policy Device Excluded By FilterConditional Access Require Block Legacy Other FoundConditional Access Risky User Not ProtectedConditional Access User Coverage GapConditional Access User Rule Applies In What If Read OnlyConditional Access User Rule Does Not Apply In What IfConditional Access What If Missing Legacy App PolicyConditional Access Break Glass Account ExcludedConditional Access Coverage GapConditional Access Device Compliance BypassedConditional Access Es Device Sign In Not Time Based Non...Conditional Access Policy Not EnforcedConditional Access Unmanaged Device Not ProtectedConditional Access Block Legacy Exchange Active Sync FoundConditional Access Enforces Block Unknown DeviceConditional Access Enforces MFA For All UsersConditional Access Enforces MFA For High And Medium Ris...Conditional Access Enforces Password For High Risk UsersConditional Access Enforces Risk LevelsConditional Access Es Device Not Persistent Browser For...Conditional Access Es Device Signin Timebased For Non C...Conditional Access Loc Entra Location DataConditional Access MFA For Guest FoundConditional Access Permission Check SkippedConditional Access Policy Blocks All But Allowed CountriesConditional Access Policy ChangeConditional Access Policy Device Included By FilterConditional Access Policy Only Allows Approved CountriesConditional Access User Rule Applies In What If
Devices & compliance (48)
Intune Device Missing KEV PatchIntune Device Vulnerability KEVDevice Endpoint Detection And ResponseDevice Has Outdated Android Operating SystemDevice Has Outdated IOS Operating SystemDevice Has Outdated Mac OS Operating SystemDevice Has Outdated Windows Operating SystemDevice Privileged User Non CompliantIntune Device Defender Recommendation CriticalIntune Device Malware Protection DisabledIntune Device Missing Critical PatchIntune Device Out Of SupportIntune Device Real Time Protection DisabledIntune Device Vulnerability CriticalIntune Device Vulnerable Software CriticalDevice Health Check FailedDevice Intune Permission Check SkippedDevice Must Be CompliantDevice Must Be ManagedDevice Not Registered But Is Logging InDevice Owned By Disabled UserDevice Policy That Covers Device Code Flow Not FoundDevice Registered To Disabled UserDevice Sign In Not Time Based Non Compliant DevicesEntra Device Not In Defender CoverageEntra Device OS Version LagIntune Device Defender Recommendation ActiveIntune Device Malware Signature Out Of DateIntune Device Missing High PatchIntune Device Non CompliantIntune Device OS Version LagIntune Device Vulnerability HighIntune Device Vulnerable SoftwareDevice Has Unallowed Extension AttributesDevice Is RootedDevice Must Be Owned By CompanyDevice Must Have OwnerDevice Not OwnedDevice Not RegisteredDevice Required Enrollment TypeDevice ChangeDevice Compliance Expiration Date TimeDevice Is EnabledDevice Last Signin DateDevice On Premises Sync EnabledDevice StaleDevice Stale On Premises Last Sync Date TimeDevice Trust Type
Email security (4)
Identity admin (7)
Admin Enforces Compliant Device For Admins Not FoundAdmin Enforces MFA For Admins Not FoundAdmin Maester Device Compliance For AdminsAdmin Missing User Required For Admin License MatchAdmin SCuBA Gws Common Admin Audit And AlertsAdmin Enforces Compliant Device For AdminsAdmin Enforces MFA For Admins
Identity management (18)
At Risk With High RiskAt Risk SigninAt Risk With Low RiskGroup Public M365 GroupHigh Risk Detection DataLow Risk Detection DataMedium Risk Detection DataMFA MFA For Guest Not FoundMissing User Optional License MatchNo Assigned To PIM Rules In TenantOld At Risk With High RiskAt Risk With Medium RiskMFA Temporary Access Pass Not Once OnlyOld At Risk With Low RiskOld At Risk With Medium RiskGroup Guest MemberGroup EmptyGroup Member Of Directory Role
Intune (5)
Intune configuration (172)
Intune Policy Autopatch CVE Gap KEVIntune Policy Antivirus Behavior MonitoringIntune Policy Antivirus Cloud ProtectionIntune Policy Antivirus Property Not FoundIntune Policy Antivirus Real Time ProtectionIntune Policy Antivirus Removable Drive ScanningIntune Policy Antivirus Script ScanningIntune Policy App Control Audit ModeIntune Policy App Control Build OptionsIntune Policy Attack Surface Reduction Block Abuse Of V...Intune Policy Attack Surface Reduction Block Credential...Intune Policy Attack Surface Reduction Block Downloadin...Intune Policy Attack Surface Reduction Block Executable...Intune Policy Attack Surface Reduction Block Js Vb Laun...Intune Policy Attack Surface Reduction Block Obfuscated...Intune Policy Attack Surface Reduction Block Office App...Intune Policy Attack Surface Reduction Block Office App...Intune Policy Attack Surface Reduction Block Office App...Intune Policy Attack Surface Reduction Block Persistenc...Intune Policy Attack Surface Reduction Block Process Cr...Intune Policy Attack Surface Reduction Block Ransomware...Intune Policy Attack Surface Reduction Block Untrusted ...Intune Policy Attack Surface Reduction Block Use Of Cop...Intune Policy Attack Surface Reduction Block Web Shell ...Intune Policy Attack Surface Reduction Block Win32 API ...Intune Policy Attack Surface Reduction Controlled Folde...Intune Policy Autopatch CVE Gap CriticalIntune Policy Autopatch Deployment No MembersIntune Policy Autopatch Deployment Not HealthyIntune Policy Autopatch Deployment Reboot Delay LongIntune Policy Autopatch Deployments NoneIntune Policy Autopatch Updatable Asset Group Not EnrolledIntune Policy Autopatch Updatable Assets NoneIntune Policy Compliance Active Firewall RequiredIntune Policy Compliance Anti Spyware RequiredIntune Policy Compliance Any Antivirus RequiredIntune Policy Compliance Bit Locker RequiredIntune Policy Compliance Code Integrity EnabledIntune Policy Compliance Device Health Attestation Requ...Intune Policy Compliance Early Launch Anti Malware EnabledIntune Policy Compliance Firmware Protection EnabledIntune Policy Compliance Idle Lock Timeout MinutesIntune Policy Compliance Kernel Dma Protection EnabledIntune Policy Compliance Mde Integration RequiredIntune Policy Compliance Mde Threat Level AllowedIntune Policy Compliance Memory Integrity EnabledIntune Policy Compliance Microsoft Defender Antivirus R...Intune Policy Compliance Microsoft Defender Minimum Ver...Intune Policy Compliance Microsoft Defender Real Time P...Intune Policy Compliance Microsoft Defender Signature M...Intune Policy Compliance Minimum OS VersionIntune Policy Compliance Password Block SimpleIntune Policy Compliance Password Minimum LengthIntune Policy Compliance Password RequiredIntune Policy Compliance Password Required To Unlock Fr...Intune Policy Compliance Password Required TypeIntune Policy Compliance Secure Boot RequiredIntune Policy Compliance Storage Encryption RequiredIntune Policy Compliance Tpm RequiredIntune Policy Compliance Vbs EnabledIntune Policy Disk Fixed Drives Encryption TypeIntune Policy Disk Fixed Drives Encryption Type DropdownIntune Policy Disk Fixed Drives Recovery OptionsIntune Policy Disk Fixed Drives Require EncryptionIntune Policy Disk Property Not FoundIntune Policy Disk Removable Drives Configure BDEIntune Policy Disk Removable Drives Require EncryptionIntune Policy Disk Require Device EncryptionIntune Policy Disk System Drives Disallow Standard User...Intune Policy Disk System Drives Encryption TypeIntune Policy Disk System Drives Encryption Type OS Dro...Intune Policy Disk System Drives Minimum Pin LengthIntune Policy Disk System Drives Minimum Pin Length Ena...Intune Policy Disk System Drives Recovery OptionsIntune Policy Firewall Domain Network Default Inbound A...Intune Policy Firewall Domain Network EnablementIntune Policy Firewall Private Network Default Inbound ...Intune Policy Firewall Private Network EnablementIntune Policy Firewall Public Network Default Inbound A...Intune Policy Firewall Public Network Disabled Inbound ...Intune Policy Firewall Public Network EnablementIntune Policy Firewall Public Network IP Sec MergeIntune Policy Firewall Public Network Local Policy MergeIntune Policy Firewall Public Network Log Dropped PacketsIntune Policy Update Driver Auto ApprovalIntune Policy Update Driver No DeferralIntune Policy Update Driver Profile MissingIntune Policy Update Driver Profile UnassignedIntune Policy Update Driver Sync FailedIntune Policy Update Feature No Gradual RolloutIntune Policy Update Feature Profile MissingIntune Policy Update Feature Profile UnassignedIntune Policy Update Feature Rollout Deadline MissingIntune Policy Update Feature Version Not SetIntune Policy Update Feature Version OutdatedIntune Policy Update Profile Assignment Empty GroupIntune Policy Update Quality Expedited MissingIntune Policy Update Quality Profile MissingIntune Policy Update Quality Profile UnassignedIntune Policy Update Quality Reboot Delay LongIntune Policy Update Ring Feature No DeferralIntune Policy Update Ring Feature PausedIntune Policy Update Ring MissingIntune Policy Update Ring Quality No DeferralIntune Policy Update Ring Quality PausedIntune Policy Update Ring UnassignedIntune Policy Win32 App Install FailuresIntune Policy Windows Security Experience Tamper Protec...Intune Policy Antivirus Archive ScanningIntune Policy Antivirus Email ScanningIntune Policy Antivirus IOAV ScanningIntune Policy Antivirus Network ScanningIntune Policy App Control Property Not FoundIntune Policy App Control Trust Apps From Managed Insta...Intune Policy App Control Trust Apps With Good ReputationIntune Policy Attack Surface Reduction Block Adobe Read...Intune Policy Attack Surface Reduction Block Executable...Intune Policy Attack Surface Reduction Block Office Com...Intune Policy Attack Surface Reduction Block Rebooting ...Intune Policy Attack Surface Reduction Block Unsigned O...Intune Policy Attack Surface Reduction Block Untrusted ...Intune Policy Attack Surface Reduction Block Use Of Cre...Intune Policy Attack Surface Reduction Property Not FoundIntune Policy Autopatch CVE Gap HighIntune Policy Compliance Configuration Manager Complian...Intune Policy Compliance Password Expiration DaysIntune Policy Compliance Password Minimum Character SetsIntune Policy Disk Configure Recovery Password RotationIntune Policy Disk Encryption Method By Drive TypeIntune Policy Disk System Drives Enable Pre Boot Pin Ex...Intune Policy Disk System Drives Enhanced PinIntune Policy Disk System Drives Recovery MessageIntune Policy Firewall Domain Network Disabled Inbound ...Intune Policy Firewall Domain Network Log Dropped PacketsIntune Policy Firewall Private Network Log Dropped PacketsIntune Policy Firewall Property Not FoundIntune Policy Update Profile Assignment MismatchIntune Policy Win32 App UnassignedIntune Policy Win32 Apps NoneIntune Policy Windows Security Experience Disable Tpm F...Intune Policy Windows Security Experience Hide Ransomwa...Intune Policy Windows Security Experience Property Not ...Intune Policy Antivirus PUA ProtectionIntune Policy Antivirus Sample SubmissionIntune Policy Autopatch Catalog UnavailableIntune Policy Compliance Allowed Wsl DistributionsIntune Policy Compliance Maximum OS VersionIntune Policy Compliance Password History CountIntune Policy Disk Allow Warning For Other Disk EncryptionIntune Policy Disk Identification FieldIntune Policy Firewall Private Network Disabled Inbound...Intune Policy Windows Security Experience Disable Enhan...Intune Policy Windows Security Experience Hide Windows ...Intune Policy Compliance Custom Compliance Script EnabledIntune Policy Compliance Valid OS Build RangesIntune Policy Disk System Drives Enable Pre Boot Input ...Intune Policy Firewall Domain Network Log Max File SizeIntune Policy Firewall Domain Network Log Successful Co...Intune Policy Firewall Private Network Log Max File SizeIntune Policy Firewall Private Network Log Successful C...Intune Policy Firewall Public Network Log Max File SizeIntune Policy Firewall Public Network Log Successful Co...Intune Policy Windows Security Experience Disable Accou...Intune Policy Windows Security Experience Disable App B...Intune Policy Windows Security Experience Disable Clear...Intune Policy Windows Security Experience Disable Devic...Intune Policy Windows Security Experience Disable Famil...Intune Policy Windows Security Experience Disable Healt...Intune Policy Windows Security Experience Disable Netwo...Intune Policy Windows Security Experience Disable Virus UiIntune Policy Windows Security Experience Enable Custom...Intune Policy Windows Security Experience Enable In App...
Intune roles (7)
Logging & threat detection (43)
Log Blocked Signin Bad IP Or Too Many Invalid AttemptsLog Flagged For ReviewLog Legacy Auth ProtocolAudit CA ChangeAudit CA Failed Conditional Access ChangeAudit Failed Authorization ChangeAudit Failed Directory Management ChangeAudit Failed Other ChangeAudit Failed Resource Management ChangeAudit Group Failed Group Management ChangeAudit Im Auth Failed Authentication ChangeAudit Role Failed Roll Management ChangeAudit User Failed User Management ChangeAudit User Failed User Modification AttemptAudit User Successful User ModificationLog Conditional Access Error LogLog Conditional Access Log Request AuditLog Conditional Access Policy Exclusion AppliedLog User Sign In Log Request AuditLog User Single Factor AuthenticationAudit As App Failed Application Management ChangeAudit Authentication ChangeAudit Authorization Change Authorization ChangeAudit Im Policy Failed Policy ChangeAudit PIM ChangeAudit PIM Failed PIM ChangeAudit Role Management ChangeLog Conditional Access StatusLog Cross Tenant SigninLog Es Device Login Fails CountsLog Es Device Non Compliant Device Login CountsLog Failed Login CountLog User Sign In Log ErrorNetwork Flow Logs ConfiguredAudit Es Device Failed Device ChangeAudit As App Application ActivityAudit Audit CompletedAudit Audit StartedAudit Directory Management ChangeAudit Group Management ChangeAudit Resource Management ChangeAudit User ActivityAudit User Management Change
Network security (3)
Other (16)
Pa Avoid Standing AccessPa Follow Least Privilege PrincipleShare Point Anyone Link Expiration Max30 DaysShare Point Anyone Link Permission View OnlyShare Point Default Sharing Permission View OnlyShare Point Default Sharing Scope Specific PeopleShare Point External Sharing Limit To Existing Guests O...Share Point External Sharing One Drive Limit To Existin...Share Point External Sharing Restrict To Approved Domai...Share Point Verification Code Reauth Max30 DaysIr Update Incident Response Plan And ProcessMissing Licenses RequiredSaas Gws SCuBA Gws Common Enforce Two Step VerificationSaas Gws SCuBA Gws Common Restrict External Sharing Def...Saas Gws SCuBA Gws Common Restrict O Auth AppsOther Change
Privileged access (PIM) (34)
PIM Alerts No MFA On Activation AlertPIM Policy Expiration RequiredPIM Policy Missing For UserRole Ai Administrator AssignedRole Standing High Privilege AssignmentPIM Alerts License SuspendedPIM Alerts Stale Alert IncidentPIM Alerts Too Many Global Admins Assigned To Tenant Al...PIM Group Number Of Groups In High Privilege RolesPIM Policy Enablement Rule Not SetPIM Policy Justification RequiredPIM Policy Maximum DurationPIM Policy Missing For GroupPIM Policy Missing For Service PrincipalPIM Policy Notifications MissingPIM Policy Ticketing RequiredPIM Roles Assigned Outside PIMPIM Service Principal Count In High Privileged RolesPIM User Number Of Users In High Privilege RolesRole Custom Role In UseRole Direct User AssignmentRole No Roles Assigned To RuleRole Overlapping High PrivilegePIM Alert Configuration IncorrectPIM Group Number Of Groups In Privilege RolesPIM Missing Alert TypePIM Service Principal Count In Privileged RolesRole Principal Count Per RoleRole Unused Custom Role DefinitionPIM User Number Of Users In Privilege RolesPIM AlertsPIM Policy Modified ByPIM Policy PIM Approval RequiredPIM Policy PIM MFA Required
Purview (3)
Purview retention (6)
Purview sensitivity labels (11)
Purview Label Mandatory Labeling DisabledPurview Label None ConfiguredPurview Label Manual OnlyPurview Label No Assigned PoliciesPurview Label No Downgrade JustificationPurview Label No ProtectionPurview Label No Tenant DefaultPurview Label Not Endpoint ProtectedPurview Label Permission Check SkippedPurview Label Policy Settings Not ConfiguredPurview Label Disabled
Purview subject rights (4)
Risky users & sign-ins (13)
Risk Detection Anomalous TokenRisk Detection Leaked CredentialsRisk Detection Malicious IP AddressRisk Detection OfflineRisk Detection State Confirmed CompromisedRisk Detection Token Issuer AnomalyRisk Detection Anonymized IP AddressRisk Detection StaleRisk Detection State At RiskRisk Detection State DismissedRisk Detection Suspicious IP AddressRisk Level During SigninRisk Detection Data Missing
Secure Score (3)
Service principals (34)
Sp Critical Graph PermissionSp Risk Detection Malicious ApplicationSp Risk State Confirmed CompromisedSp Secret Non ExpiringSp Service Principal Disabled By Microsoft StatusSp Certificate Non ExpiringSp High Risk PermissionsSp Risk DetectionSp Risk Detection Leaked CredentialsSp Risk State At RiskSp Risky Service PrincipalSp Secret ExpiredSp Secret Expiring SoonSp Service Principal App Registration Has A Client SecretSp Service Principal Has Password CredentialsSp Service Principal Member Of Directory RoleSp Service Principal Review API AssignmentSp Assigned To Disabled UserSp Certificate ExpiredSp Certificate Expiring SoonSp Certificate Too Long LivedSp Risk Detection Anomalous ActivitySp Risk Detection Suspicious Sign InSp Secret Too Long LivedSp Service Principal Exchange AppSp Service Principal No Verified PublisherSp DisabledSp No OwnersSp Service Principal No PublisherSp StaleSp Managed IdentitySp Risk State DismissedSp Risk State RemediatedSp Service Principal Has Key Credentials
Teams & collaboration (1)
Tenant-wide (27)
Security Defaults Disabled No Conditional AccessAuth Policy Guest Invite UnrestrictedAuth Policy Msol Not BlockedAuth Policy Users Can Create Security GroupsAuth Policy Users Can Register AppsPassword Protection Banned Check DisabledPassword Protection Lockout Duration Too ShortPassword Protection Not EnforcedSecurity Defaults Enabled With Conditional AccessApp Mgmt No Secret Lifetime RestrictionApp Mgmt Policy DisabledAuth Policy Guest Same As MemberAuth Policy Users Can Create TenantsFasthttp UsedGroup Creation UnrestrictedPassword Protection Lockout Threshold Too HighApp Mgmt No Cert Lifetime RestrictionDemo Code Example Threshold Too SmallGroup Guest Access EnabledGroup Naming Policy MissingGroup Usage Guideline MissingPermission Check SkippedSecurity Defaults DisabledSecurity Defaults EnabledTenant Branding MissingTenant Branding No LogoTenant Branding No Sign In Text
Users & accounts (35)
User Break Glass Account DisabledUser Break Glass Account Is Not Highly PrivilegedUser Break Glass Account Last Password ChangeUser Break Glass User Not EnabledUser High Risk UserUser Break Glass User Has Login HistoryUser Break Glass User Has No Login HistoryUser Has No Login HistoryUser Highly Privileged User Has No P1 Or P2User Login Device Must Be CompliantUser Login Device Must Be ManagedUser Login Outdated Windows Operating SystemUser Low Risk UserUser Privileged User Is Not EnabledUser Signin With Single Factor AuthenticationUser With Policy ExclusionsUser Device Registered To Not Enabled UserUser Disabled User Device Last Signin DateUser Disabled User Has Roles Or LicensesUser Enabled User Has RolesUser Medium Risk UserUser Not Enabled Guest With Roles Or LicenseUser On Premises Last Sync Date TimeUser Per User MFAUser Per User MFA No Data ReadUser Privileged User Is Synced With On PremisesUser Required License MatchUser With Old MFAUser Disabled Users Last Interactive LoginUser Enabled User Has LicensesUser Enabled User Has No Roles Or LicensesUser Is Not EnabledUser Last Password ChangeUser Login Device Trust TypeUser User Last Interactive Login