Policy: Azure > CIS v3.0 > 02 - Identity > 02.02 - Conditional Access > 02.02.06 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
Configures auditing against a CIS Benchmark item.
Level: 2
Entra ID tracks the behavior of sign-in events. If the Entra ID domain is licensed with P2, the sign-in behavior can be used as a detection mechanism for additional scrutiny during the sign-in event. If this policy is set up, then Risky Sign-in events will prompt users to use multi-factor authentication (MFA) tokens on login for additional verification.
Enabling multi-factor authentication is a recommended setting to limit the potential of accounts being compromised and limiting access to authenticated personnel. Enabling this policy allows Entra ID's risk-detection mechanisms to force additional scrutiny on the login event, providing a deterrent response to potentially malicious sign-in events, and adding an additional authentication layer as a reaction to potentially malicious behavior.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v071603
- tmod:@turbot/azure-cisv3-0#/policy/types/r020206
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv3-0#/policy/types/r020206"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv3-0#/policy/types/r020206"
Get Policy TypeGet Policy Settings