Aether365

English

Deutsch
Français
Español
Nederlands
Türkçe
Italiano
Ελληνικά
Polski
Български
Čeština
Dansk
Eesti
Suomi
Magyar
Lietuvių
Latviešu
Norsk bokmål
Português
Română
Slovenčina
Slovenščina
Svenska
Українська

English

Deutsch
Français
Español
Nederlands
Türkçe
Italiano
Ελληνικά
Polski
Български
Čeština
Dansk
Eesti
Suomi
Magyar
Lietuvių
Latviešu
Norsk bokmål
Português
Română
Slovenčina
Slovenščina
Svenska
Українська

Appearance

Remediating Findings

This guide explains how to work through failed checks efficiently and verify your fixes.

Prioritization

Not all failed checks are equal. Start with the issues that have the highest impact and the lowest remediation effort.

Start here:

  1. Open a completed scan from the dashboard or the Scans page
  2. Filter to Failed results only
  3. Sort by severity - work through Critical and High findings first

A good rule: fix anything Critical within 24 hours, High within a week, Medium within a sprint, Low as part of ongoing hygiene.

Working through a failed check

1. Read the risk explanation

Understand why the configuration is a problem before you change it. Some controls have trade-offs - for example, blocking legacy authentication may break older devices or applications. Know what you are changing.

2. Review the details

For compliance scans, each failed check shows the control ID, title, and severity. Expand the check row to see the full description and remediation steps.

For exposure scans, each failed finding shows the service it belongs to, the risk level (HIGH or MED), and the status. Expand the card to see remediation guidance and a link to external documentation.

3. Follow the remediation steps

Remediation steps are provided in two forms where applicable:

Admin center (browser): Step-by-step instructions through the Microsoft 365 or Azure admin interfaces.

PowerShell: Commands you can run directly if you prefer scripting or need to apply changes in bulk.

Pro and Enterprise

Detailed remediation steps are available on Pro and Enterprise plans. Free plan users see the check result and a prompt to upgrade for full guidance.

4. Apply the fix

Make the change in your Microsoft 365 tenant. If you are remediating in a production environment, consider:

  • Testing in a staging tenant or with a limited user group first
  • Scheduling changes during a maintenance window
  • Having a rollback plan - most settings can be reverted if users are affected

5. Verify with a new scan

After remediating, trigger a new scan from the dashboard (Run Scan button). When the scan completes, open the results and confirm the check now shows Passed or Secure.

TIP

Scans take 10 to 15 minutes. You receive an email notification when complete if email reports are configured.

Common remediations

Enable MFA for all administrators

Check: CIS.M365.1.1.1Where: Microsoft Entra admin center > Users > Per-user MFA or Conditional Access

The fastest way to require MFA for administrators is through a Conditional Access policy targeting the directory roles assigned to admin accounts. Per-user MFA is legacy and does not enforce at sign-in.

Disable legacy authentication

Check: CIS.M365.1.3.1Where: Microsoft Entra admin center > Security > Conditional Access

Create a Conditional Access policy that blocks sign-ins using legacy authentication protocols (SMTP, IMAP, POP3, EWS). Legacy auth bypasses MFA. Nearly all modern clients support modern authentication - verify before blocking.

Enable unified audit log

Check: CIS.M365.3.1.1Where: Microsoft Purview compliance portal > Audit

Run in PowerShell:

powershell
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Allow 30-60 minutes for audit events to appear after enabling.

Enable mailbox auditing

Check: CIS.M365.6.1.1Where: Exchange Online PowerShell

powershell
Set-OrganizationConfig -AuditDisabled $false
Get-Mailbox -ResultSize Unlimited | Set-Mailbox -AuditEnabled $true

Block external Teams federation from unmanaged domains

Where: Microsoft Teams admin center > External access

Set external access to Allow specific external domains rather than allowing all external organizations.

Tracking progress

After a remediation sprint, re-run a scan and check the posture timeline chart on the Scans page to see your score trend over time. The dashboard also shows a delta indicator (e.g. +5 pts) comparing your latest scan to the previous one.

For compliance evidence, use the Download button on each scan detail page to export full reports, or export results as CSV from the Scans page.

See Exporting Results for API-based export options.

AI Pilot

For supported check types, Aether365 can apply the configuration change directly in your Microsoft 365 tenant instead of you doing it by hand. This requires a separate AI Pilot write-consent connection and is managed from the AI Pilot section in the sidebar.

In a scan's detail, each failed finding shows you which kind it is:

  • Findings with an automated fix show an AI Pilot checkbox. Tick it and AI Pilot applies and verifies the fix for you.
  • Findings with no automated fix show a Manual marker and the remediation steps to follow yourself, just like the workflow above.

If you would rather not approve fixes one at a time, AI Pilot can also auto-apply the fixable findings as soon as an AI Pilot scan completes, once you enable auto-remediation. The manual findings always stay yours to handle.

See AI Pilot for setup instructions, the per-item approval flow, and how auto-remediation works.

Was this page helpful?

© 2026 Aether365. All rights reserved.