Exposures Assessed - Azure AD Assessment

Mon, 01 Jan 0001 00:00:00 +0000

Exposure	Required Azure AD License
Azure AD Tenant without User Risk Policies enabled	Premium P1
Standard users without Multi Factor authentication	Premium P2
New Azure AD Local Admin Added to Azure AD Devices	Premium P2
Subscription Admin Users without MFA enabled	Premium P2
High Number of Subscription Owners in the Tenant	Premium P2
Tenant with Legacy Authentication Methods Enabled	Premium P2
Azure AD Tenant without Sign-In Risk Policies enabled	Premium P2
Privileged Users without Multi-Factor Authentication (MFA)	Premium P2
Self Service Password Reset (SSPR) Is Disabled	Premium P2
Guest Users Found in the Azure AD	Premium P2
Custom Banned Password not configured for the Tenant	Premium P2
Block Legacy Authentication with Conditional Access	Premium P2
On-Prem Active Directory Password Protection Disabled	Premium P2
New Classic Administrators Added Recently	Requires subscription
External Accounts with Dangerous Permissions on Subscription	Requires subscription
New Delegated Permissions Added Recently	Free license
Global Administrator Role Must Be Assigned to at Least 3 Cloud-Only Accounts	Free license
Restrict Access to Azure Portal with conditional access	Free license
Password Sync feature is disabled for Tenant	Free license
Usage of Smart Lockout in Azure AD	Free license
High Number of Users in Privileged Azure AD Roles	Free license
Stale service principals with password credentials	Free license
Active Directory Privileged users with Privileged roles in Azure	Free license
Active Directory Privileged users synced to Azure	Free license
Unlimited Sessions allowed for Portal Sessions	Free license
Non Usage of Administrative Unit to delegate Tasks	Free license
Standard Users Allowed to Invite External Users	Free license
New Azure AD Application registered	Free license
New App role Assignment Detected	Free license
Standard Users Allowed to Create Apps	Free license
Azure AD Trusted IP Configuration changes	Free license
Security Defaults Disabled for Administrators and Users	Free license
Users Are Allowed to Consent to Applications	Free license
Microsoft Accounts in Administrator Roles	Free license
Short Lived User Accounts found in Tenant	Free license
Standard Users Allowed to Create Security Groups	Free license
Admin Consent Workflow is Disabled for Enterprise Applications	Free license
Stale Devices in Azure AD	Free license
Recent Changes to Azure Administrator roles	Free license
Non-Usage of Managed Identity for Azure Resources	Free license
Service Principals with Azure AD admin Roles	Free license
Azure AD Applications with Write Graph App Roles	Free license
Azure AD User with Application Owner Permissions	Free license
Non-Admin users Sign-in & usage of Azure AD PowerShell	Free license
Azure AD Users with Password Set to Never Expire	Free license

Azure Active Directory (EntraID) Assessment Setup on SolCyber Knowledgebase

Exposures Assessed - Azure AD Assessment