Ensure that a phishing-resistant Multi-factor Authentication Policy Exists for High-Privileged Users
Why This Matters
High-privileged users such as global administrators and security administrators are prime targets for credential theft and phishing attacks. Without phishing-resistant MFA, a single compromised account can lead to broad access to sensitive data and critical systems. Enforcing phishing-resistant authentication for these roles is essential to meet Zero Trust principles and reduce the risk of account takeover.
What Aether365 Checks
This check verifies that a conditional access policy is configured to require phishing-resistant multi-factor authentication for high-privileged users. It appears in the Aether365 dashboard under your entra-id checks and flags any gaps in meeting CIS control 5.2.2.5.