Skip to main content

Authentication Method - General Settings - Report suspicious activity - Included users/groups

Object Id or scope of users which will be included to report suspicious activities if they receive an authentication request that they did not initiate.

NamereportSuspiciousActivitySettingsIncluded
ControlAuthentication Method - General Settings
DescriptionThe tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings.
SeverityHigh

How to fix

Microsoft Learn - Report suspicious activites

Details of configuration item

RecommendationApply this feature to all users.
Configurationpolicies/authenticationMethodsPolicy
SettingreportSuspiciousActivitySettings.includeTarget.id
Recommended Value'all_users'
Default Valueall_users
Graph API DocsGet authenticationMethodsPolicy - Microsoft Graph v1.0 - Microsoft Learn
Graph ExplorerOpen in Graph Explorer