Ensure the Entra ID 'Risky sign-ins' report is reviewed at least weekly
Why This Matters
The Risky sign-ins report in Microsoft Entra ID captures sign-in attempts that exhibit indicators of compromise, such as password brute forcing, anonymous proxy usage, or impossible travel between regions. Failing to review this report regularly means you may miss early warning signs of account compromise, allowing attackers to maintain unauthorized access and move laterally within your tenant. Regular review is essential for timely detection and remediation of compromised accounts before they cause significant damage.
What Aether365 Checks
This check verifies that the Microsoft Entra ID Risky sign-ins report is configured to be reviewed at least weekly. In the Aether365 dashboard, this check appears under the entra-id security checks category.