Control: Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.05 - Ensure that multifactor authentication is required for risky sign-ins
Configures auditing against a CIS Benchmark item.
Level: 2
Entra ID tracks the behavior of sign-in events. If the Entra ID domain is licensed with P2, the sign-in behavior can be used as a detection mechanism for additional scrutiny during the sign-in event. If this policy is set up, then Risky Sign-in events will prompt users to use multi-factor authentication (MFA) tokens on login for additional verification
Enabling multi-factor authentication is a recommended setting to limit the potential of accounts being compromised and limiting access to authenticated personnel. Enabling this policy allows Entra ID's risk-detection mechanisms to force additional scrutiny on the login event, providing a deterrent response to potentially malicious sign-in events, and adding an additional authentication layer as a reaction to potentially malicious behavior.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.05 - Ensure that multifactor authentication is required for risky sign-ins > Attestation
- Azure > CIS v5.0
- Azure > CIS v5.0 > 5 - Identity Services > 5.02 - Conditional Access > 5.02.05 - Ensure that multifactor authentication is required for risky sign-ins
- Azure > CIS v5.0 > 5 - Identity Services
- Azure > CIS v5.0 > 5 - Identity Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r050205
- tmod:@turbot/cis#/control/categories/v071603
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r050205"
Get Controls