Inactive SharePoint account
Title of alert: “Inactive SharePoint”
Description: Alerts when a user has not being utilising SharePoint for more than a specified number of days
Options:
- The number of inactive days
- Users to ignore can optionally be set
The problem: This alert is triggered when a user has not accessed SharePoint for the specified period.
Impact: There may be an old account that can be archived, or a user that requires assistance.
Suggested steps: Engage a technician to confirm that the alert is accurate, and take appropriate steps depending on your organisational requirements.
CatchBefore it is too late!
365 MultiFactor Authentication Status
Alert title: “MultiFactor Authentication Status”
Description: Alerts if a user is detected as being enabled in the system, and not having multi-factor authentication administratively enforced (either by site-wide “SecurityDefaults” being enabled, or on a user-by-user administratively enforced basis, via a conditional access policy that has MFA mentioned). It will also alert if the user has not setup MFA yet.
Options:
- It is possible to ignore specific users
- It is possible to delay the alert triggering (for new users) by a number of days
- It is possible to delay the alert triggering (for new users that have never logged in) by a number of days
The problem: This alert is triggered if an enabled user is detected as not having MFA enabled, not having MFA setup (even if enabled), and will also alert if MFA is not enforced (even if enabled).
Impact: Any users that can login should have MFA enabled, setup, and enforced. If they do not then the account (and the data it can access, as well as configuration control) is at a higher risk of access by an un-authorised party.
Suggested steps: Engage a technician to confirm that the alert is accurate. Take steps to ensure that MFA is enabled, setup, and enforced.