| Azure AD Tenant without User Risk Policies enabled | Premium P1 |
| Standard users without Multi Factor authentication | Premium P2 |
| New Azure AD Local Admin Added to Azure AD Devices | Premium P2 |
| Subscription Admin Users without MFA enabled | Premium P2 |
| High Number of Subscription Owners in the Tenant | Premium P2 |
| Tenant with Legacy Authentication Methods Enabled | Premium P2 |
| Azure AD Tenant without Sign-In Risk Policies enabled | Premium P2 |
| Privileged Users without Multi-Factor Authentication (MFA) | Premium P2 |
| Self Service Password Reset (SSPR) Is Disabled | Premium P2 |
| Guest Users Found in the Azure AD | Premium P2 |
| Custom Banned Password not configured for the Tenant | Premium P2 |
| Block Legacy Authentication with Conditional Access | Premium P2 |
| On-Prem Active Directory Password Protection Disabled | Premium P2 |
| New Classic Administrators Added Recently | Requires subscription |
| External Accounts with Dangerous Permissions on Subscription | Requires subscription |
| New Delegated Permissions Added Recently | Free license |
| Global Administrator Role Must Be Assigned to at Least 3 Cloud-Only Accounts | Free license |
| Restrict Access to Azure Portal with conditional access | Free license |
| Password Sync feature is disabled for Tenant | Free license |
| Usage of Smart Lockout in Azure AD | Free license |
| High Number of Users in Privileged Azure AD Roles | Free license |
| Stale service principals with password credentials | Free license |
| Active Directory Privileged users with Privileged roles in Azure | Free license |
| Active Directory Privileged users synced to Azure | Free license |
| Unlimited Sessions allowed for Portal Sessions | Free license |
| Non Usage of Administrative Unit to delegate Tasks | Free license |
| Standard Users Allowed to Invite External Users | Free license |
| New Azure AD Application registered | Free license |
| New App role Assignment Detected | Free license |
| Standard Users Allowed to Create Apps | Free license |
| Azure AD Trusted IP Configuration changes | Free license |
| Security Defaults Disabled for Administrators and Users | Free license |
| Users Are Allowed to Consent to Applications | Free license |
| Microsoft Accounts in Administrator Roles | Free license |
| Short Lived User Accounts found in Tenant | Free license |
| Standard Users Allowed to Create Security Groups | Free license |
| Admin Consent Workflow is Disabled for Enterprise Applications | Free license |
| Stale Devices in Azure AD | Free license |
| Recent Changes to Azure Administrator roles | Free license |
| Non-Usage of Managed Identity for Azure Resources | Free license |
| Service Principals with Azure AD admin Roles | Free license |
| Azure AD Applications with Write Graph App Roles | Free license |
| Azure AD User with Application Owner Permissions | Free license |
| Non-Admin users Sign-in & usage of Azure AD PowerShell | Free license |
| Azure AD Users with Password Set to Never Expire | Free license |
