Ensure only MFA enabled identities can access privileged Virtual Machine

Why This Matters

If identities without multi-factor authentication can access privileged virtual machines, an adversary who compromises valid credentials can log in, move laterally, and abuse the VM’s managed identity to access cloud resources or perform unauthorized management actions. Requiring MFA for these privileged logins significantly reduces the risk of credential theft leading to lateral movement and resource compromise.

What Aether365 Checks

This check verifies that only MFA-enabled identities are granted access to privileged virtual machines. It appears in the Aether365 dashboard under the Azure Virtual Machines checks category.