MS.AAD.2.1v1 - Users detected as high risk SHALL be blocked.

Information

Blocking high-risk users may prevent compromised accounts from accessing the tenant.

Solution

1. Create a conditional access policy blocking users categorized as high risk by the Identity Protection service. Configure the following policy settings in the new conditional access policy as per the values below:

Users > Include > All users

Target resources > Cloud apps > All cloud apps

Conditions > User risk > High

Access controls > Grant > Block Access

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|AC-7, 800-53|AC-20, 800-53|CA-7, 800-53|CM-5, 800-53|CM-6, 800-53|IA-2, 800-53|IA-5, 800-53|SA-3, 800-53|SA-4, 800-53|SA-8, 800-53|SA-10, 800-53|SA-11, 800-53|SA-15, 800-53|SA-16, 800-53|SA-17, 800-53|SC-28, 800-53|SI-4

Plugin: microsoft_azure

Control ID: 513a42d44ec0cabcce0c18620f64a13f54e6f5b518a1b98b1720d2bd51913d8b