Ensure emergency access account activity is monitored
Why This Matter
Emergency access accounts are intended for rare, critical situations like recovering from a global administrator lockout. Without monitoring, any sign-in from these highly privileged accounts could go unnoticed, potentially allowing unauthorized access or misuse. Monitoring ensures that any activity is immediately flagged for review, preventing security gaps.
What Aether365 Checks
Aether365 verifies that emergency access accounts are monitored by checking for Defender for Cloud Apps activity policies that trigger alerts on sign-in events. This check appears in the Aether365 dashboard under microsoft-365 checks.