Ensure the 'Restricted entities' report is reviewed weekly
Why This Matters
A user account restricted from sending email is often a clear indicator of compromise. Attackers use compromised accounts to send spam or phishing emails, which can damage your organization’s reputation and lead to further security incidents. Regular weekly review of the Restricted Entities report lets you quickly identify and remediate these accounts before they cause more harm.
What Aether365 Checks
This check verifies that your organization is reviewing the Restricted Entities report at least weekly, as recommended by the CIS Microsoft 365 Foundations Benchmark. In the Aether365 dashboard, this appears under the Microsoft 365 checks section and flags if no recent review activity is detected.