Accounts That Increase Attack Surface Risk are user accounts with configuration settings that make them more vulnerable to cyberattacks.

The Accounts That Increase Attack Surface Risk widget displays a record of the number of accounts with settings that increase attack surface risk for the past 30 days.
Types of risky account settings include:
For detailed information about your risky accounts, click View details.
The following table outlines the sections available on the details screen:

Details Screen Sections

Remediation actions
Suggests remediation actions for each type of misconfigured account settings
Threat Detections with Potential to Exploit Account Configuration Risks
Displays threat detections occurring in Microsoft Entra ID over the last 30 days that have the potential to exploit account configuration risks.
Threat detections types include:
  • Advanced message attack
  • Business email compromise
  • Compromised account
  • Malware email
  • Phishing email
  • RBAC notification disabled
Accounts That Increase Attack Surface Risk table
Lists accounts in your organization with misconfigured account settings that increase your attack surface risk
Click the account name for more details or to take response actions on the account