Enable Entra ID Identity Protection user risk policies
Why This Matters
A compromised user account can lead to data breaches, lateral movement, and privilege escalation within your tenant. Entra ID Identity Protection user risk policies automate detection of compromised accounts and enforce remediation actions like requiring password changes and MFA. Without this policy enabled, your organization lacks an automated response to high-risk user activity, leaving accounts vulnerable to exploitation.
What Aether365 Checks
Aether365 verifies that a Conditional Access policy is configured to respond to user risk levels detected by Entra ID Identity Protection. This check appears in the Aether365 dashboard under the Entra ID checks section with the identifier ENTRA.1119.