Authentication Method - General Settings - Report suspicious activity - State
Why This Matters
Enabling the report suspicious activity feature allows users to flag fraudulent MFA prompts directly to identity protection. When a user reports a suspicious prompt, their account is set to high user risk, enabling administrators to apply risk-based policies to restrict access or trigger self-service password reset (SSPR). Without this setting enabled, users lack a direct mechanism to report fraud, leaving organizations blind to potential credential compromise.
What Aether365 Checks
Aether365 validates that the reportSuspiciousActivitySettings.state property is set to enabled in the authenticationMethodsPolicy. This check appears in the Aether365 dashboard under the entra-id section.