[THEME] Abnormal Behavior
The Abnormal Behavior theme activates Microsoft's intelligent controls to detect suspicious login attempts and other risky behaviors using machine learning and big data analysis.
What does Attic do?
Attic ensures that Microsoft's risk-based policies are enabled, so that suspicious activity is automatically detected and acted upon.
The checks in this theme cover:
- Sign-in risk policy is enabled to detect suspicious login attempts (such as impossible travel, anonymous IP usage, or leaked credentials)
- User risk policy is enabled for all users to detect accounts that may be compromised
Why is this important?
Microsoft processes billions of login signals daily and uses machine learning to identify patterns that indicate compromise. By enabling risk-based policies, your organization benefits from this intelligence. Suspicious logins can be automatically blocked or require additional verification, stopping attackers even when they have valid credentials.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1334 | Sign-in Risk policy |
| CHK-1336 | User Risk Policy |