MFA Fraud Alerts [CHK-1144]
This check ensures that the MFA Fraud Alerts feature is enabled, allowing users to report potential fraud in Microsoft Authenticator when they receive unexpected MFA push notifications. This feature is only available for Azure Premium P2 and P1 licenses.
Rationale
Enabling MFA Fraud Alerts enhances the security of user accounts by allowing users to report suspicious activity. This proactive approach helps prevent unauthorized access and potential data breaches.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to the Entra ID portal at https://entra.microsoft.com.
- Go to Authentication methods.
- Click on "Settings".
- Under "Report suspicious activity", set "State" to "Enabled".
- Under "Target", select "All users" or specific groups.
- Optionally configure "Reporting code" if desired.
- Click "Save".
Impact
Enabling MFA Fraud Alerts allows users to report unexpected MFA push notifications, increasing the overall security of the system and reducing the risk of unauthorized access.
More Information
For more information, visit the Microsoft Authenticator documentation.