MFA Exclusion Added [CHK-1154]
This monitoring check detects when a new exception is added to the Multi-Factor Authentication (MFA) policy.
Rationale
An MFA policy ensures all employees log into the Microsoft environment using multi-factor authentication. New exceptions could indicate a compromised account, hence the need for alerts on new exceptions for legitimacy verification.
Fix
If the check results in a 'Notice', a ticket will appear in Attic with the names of user accounts added as exceptions to the MFA policy.
Manual steps:
- Verify if the exceptions are legitimate.
- If not, remove the exception and investigate how, by whom, and why the exception was created.
Impact
This check ensures that any exceptions to the MFA policy are legitimate, enhancing the security of the Microsoft environment.