MT.1067 - Authentication method policies should not reference non-existent groups.

Description

This test checks if there are any authentication method policies that reference non-existent groups.

Authentication method policies can reference groups in their includeTargets configuration. If a group is deleted but still referenced in an authentication method policy, it may cause the policy to not apply as expected or result in unexpected behavior.

This usually happens when a group is deleted but is still referenced in an authentication method policy configuration.

The test examines includeTargets for all authentication method configurations and validates that any group references are valid and the groups still exist in the tenant.

How to fix

To fix this issue:

• Go to the Microsoft Entra admin center
• Navigate to Protection > Authentication methods
• Select the impacted authentication method
• In the Include section, remove the invalid group references
• If needed, add valid replacement groups
• Save the changes

Learn more

• Authentication methods in Microsoft Entra ID
• Manage authentication methods
• Authentication method policies

Related links

• Entra admin center - Authentication methods
• Entra admin center - Groups