A notification SHOULD be sent to the administrator when high-risk users are detected.

Why This Matters

When high-risk users go undetected, compromised accounts can linger in your tenant, allowing attackers to move laterally and access sensitive data. Without automated notifications, your security team may miss critical alerts for users flagged with suspicious or malicious behavior. This delay in response significantly increases the risk of a full-scale breach.

What Aether365 Checks

Aether365 verifies that your Microsoft Entra ID tenant is configured to send email notifications to administrators whenever a user is identified as high-risk. This check appears under the entra-id category in your Aether365 dashboard.