Controls / SCuBA / MS.AAD.6.1v1

SCuBA MS.AAD.6.1v1

41 Senserva Microsoft 365 security checks evidence CISA SCuBA policy MS.AAD.6.1v1, part of the Microsoft Entra ID secure configuration baseline. Each is checked against your tenant, ranked by Severity, with validated remediation.

41 checksMicrosoft Entra IDTop Severity: Critical

What MS.AAD.6.1v1 is

CISA's Secure Cloud Business Applications (SCuBA) project publishes secure configuration baselines for the core Microsoft 365 services; policy MS.AAD.6.1v1 belongs to the Microsoft Entra ID baseline. CISA Binding Operational Directive 25-01 directs federal civilian agencies to apply these baselines. Senserva evidences this policy with the 41 checks below. See the exact policy statement and implementation steps in the CISA baseline.

Ask your own AI about this control

Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.

The 41 checks that evidence SCuBA MS.AAD.6.1v1

Click any row for why it matters and how to fix it, with a link to the full check page.

Senserva checkSeverityWhat it verifies
At Risk With High RiskCriticalUser currently at risk with a high risk level assessment. Immediate investigation recommended
User High Risk UserCriticalUser flagged as high risk by Entra ID Protection. Immediate investigation required
At Risk SigninHighSign-in was flagged as at-risk by Entra ID Protection
At Risk With Low RiskHighUser currently at risk with a low risk level assessment
High Risk Detection DataHighHigh-risk detection data record from Entra ID Protection
Low Risk Detection DataHighLow-risk detection data record from Entra ID Protection
Medium Risk Detection DataHighMedium-risk detection data record from Entra ID Protection
Missing User Optional License MatchHighUser is missing optional (recommended) licenses defined in the security baseline
No Assigned To PIM Rules In TenantHighNo PIM rules are assigned to roles in the tenant. PIM is not governing privileged role activation
Old At Risk With High RiskHighUser was previously at risk with a high risk level (historical)
User Has No Login HistoryHighUser has no sign-in history. May be dormant or newly created
User Highly Privileged User Has No P1 Or P2HighHighly privileged user lacks Entra ID P1/P2 license. Required for CA, PIM, and ID Protection
User Login Device Must Be CompliantHighUser sign-in from a device that is not compliant
User Login Device Must Be ManagedHighUser sign-in from a device that is not managed by Intune
User Login Outdated Windows Operating SystemHighUser sign-in from a Windows device with an outdated OS
User Low Risk UserHighUser flagged as low risk by Entra ID Protection
User Privileged User Is Not EnabledHighPrivileged user account is disabled but still has role assignments
User Signin With Single Factor AuthenticationHighUser signed in with single-factor authentication (no MFA)
User With Policy ExclusionsHighUser is excluded from one or more Conditional Access policies
At Risk With Medium RiskMediumUser currently at risk with a medium risk level assessment
Old At Risk With Low RiskMediumUser was previously at risk with a low risk level (historical)
Old At Risk With Medium RiskMediumUser was previously at risk with a medium risk level (historical)
User Device Registered To Not Enabled UserMediumDevice registered to a disabled user account
User Disabled User Device Last Signin DateMediumDisabled user's device last sign-in date
User Disabled User Has Roles Or LicensesMediumDisabled user still has roles or licenses assigned. Should be reclaimed
User Enabled User Has RolesMediumEnabled user has directory roles assigned
User Medium Risk UserMediumUser flagged as medium risk by Entra ID Protection
User Not Enabled Guest With Roles Or LicenseMediumGuest user is not enabled but has roles or licenses assigned
User On Premises Last Sync Date TimeMediumUser's on-premises last sync timestamp
User Per User MFAMediumUser has per-user MFA enabled (legacy). Should migrate to Conditional Access MFA
User Per User MFA No Data ReadMediumPer-user MFA data could not be read for this user
User Privileged User Is Synced With On PremisesMediumPrivileged user is synced from on-premises AD. Cloud-only is recommended for admins
User Required License MatchMediumUser has required licenses matching the security baseline for their privilege level
User With Old MFAMediumUser is registered with a legacy MFA method (SMS or voice call) that should be migrated
User Disabled Users Last Interactive LoginLowDisabled user's last interactive sign-in timestamp
User Enabled User Has LicensesInfoEnabled user has licenses assigned. License utilization tracking
User Enabled User Has No Roles Or LicensesInfoEnabled user has no roles or licenses assigned. May be unused or misconfigured
User Is Not EnabledInfoUser account is disabled
User Last Password ChangeInfoUser's last password change timestamp
User Login Device Trust TypeInfoReports the device trust type used during user sign-in
User User Last Interactive LoginInfoUser's last interactive sign-in timestamp. Activity tracking

Also evidences

The same checks provide evidence for these frameworks:

Every SCuBA policy and the checks that evidence it: the control reference. More on the baselines: SCuBA for Microsoft 365.

Sponsored by Senserva

Siemserva by Senserva runs the checks that evidence SCuBA MS.AAD.6.1v1 (Microsoft Entra ID) across your own tenant: which tenants pass, which fail, ranked by Severity with the evidence attached.

  • 650+ Microsoft 365, Intune, Defender, and Entra ID checks in one scan
  • Findings mapped to SCuBA, CIS, NIST, HIPAA, SOC 2, and MCSB for audit-ready evidence
  • Senserva Trustworthy AI driven configuration remediation: validated, approve-before-apply fixes
  • Multi-tenant and MSP practices, with bulk tenant audits and client-ready reporting
Siemserva by Senserva
Compliance Status Report
SCuBA MS.AAD.6.1v1 (Microsoft Entra ID) across 2 tenants, ranked by Severity
23
FAILING
87
PASSING
41
OTHER FINDINGS
Estimated report, sample data for illustration
Get Going with Senserva Senserva compliance Built for IT admins, security teams, and auditors, with audit-ready evidence. Senserva is a Microsoft Intelligent Security Association member.
Microsoft 365 compliance and audit evidence
How a control becomes audit evidence, click to play

From finding to audit evidence, in two minutes. Watch page · All videos.

Reference: the compliance frameworks crosswalk, the check reference, and the audit guide.
Data notice: control mappings describe which Siemserva checks provide evidence for a control and are informational only, without warranty. They do not constitute compliance advice or certification; confirm requirements with your assessor. All use is subject to the Senserva EULA.