Remediation settings: Security & Identity policies

  • Last update on September 4th, 2023

The table below provides an overview of the Security & Identity Out-of-the-Box policies, what type of remediation action they are set to execute, and which remediation settings you can configure.

Policy Remediation action What you can configure
User without MFA
  1. Execute the Action "Manage MFA"
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Admin without MFA
  1. Send attestation to the manager (or a custom address)
  2. Execute the action "Manage MFA"
  • Change the recipient of the attestation
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Users without default MFA method
  1. Send alert to the user without MFA enabled
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Admin on Cloud without strong password
  1. Execute the action "Set password required"
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Inactive last 60 days but unblocked Users
  1. Send attestation to the manager (or a custom address)
  2. Execute the action "Block sign-in status"
  • Select the recipient (manager or custom address)
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Inactive Guests in the last 90 days
  1. Execute the action "Remove guest user"
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Admin with unchanged password in last 90 days
  1. Send attestation to the manager (or a custom address)
  2. Execute the action "Manage password"
  • Select the recipient (manager or custom address)
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
External user in MS365 group
  1. Send attestation to the manager (or a custom address)
  2. Execute the action "Remove M365 group member"
  • Select the recipient (group owners or custom address)
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
External users in security groups
  1. Send attestation to the manager (or a custom address)
  2. Execute the action "Remove security group member"
  • Select the recipient (group owners or custom address)
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails
Microsoft 365 groups without owners
  1. Send attestation to the primary SMTP address (or a custom address)
  2. No action will be executed - the attestation serves only an informative purpose
  • Select the recipient (group owners or custom address)
  • Insert an additional message
  • Set time-out days (min: 1 day – max: 180 days)
  • Schedule the recurrence of the remediation action
  • Enable/disable the email alert if the workflow fails