Weak authentication allows threat actors to use legitimate accounts to access systems and possibly steal sensitive information.

Authentication issues can result from unintentional misconfiguration of account settings or malicious behaviors involving Active Directory and Microsoft Entra ID.
The following table outlines the actions you can perform on the widget:
View authentication-related statistics and recommendations
  • Number of accounts with weak authentication detected in the last 30 days
  • Number of threats with the potential to exploit weak authentication detected in the last 5 days
  • Recommended actions for improving Microsoft Entra ID policy settings
View information about accounts with weak authentication
  • View the account list with high-level information such as account type, account role, and authentication issue.
  • Filter the displayed data by account type and authentication issue.
  • Open the asset details screen for each account.
    • Risk Assessment: Displays the account's risk score, and a summary of general activity and associated risk events
    • Asset Risk Graph: Displays information about the account's relationships and interactions with other assets in your organization
    • Cloud App Activity: Displays information about sanctioned and unsanctioned cloud apps accessed by the account
    • Devices: Displays information about the devices that are associated with the account
    • Asset Profile: Displays criticality level of the account and list of profile tags derived from data collected by data sources
Created dismissed rules
If you are unable to implement the best practices to remediate a related risk event, you can create a dismissed rule to prevent future instances of the risk event from being reported and affecting your organization's Risk Index. However, creating a dismissed rule might limit the information provided by Attack Surface Risk Management.
  1. Click Create Dismissed Rules.
  2. Select the issues for which you want to create a dismissed rule.
  3. Click Create.
To view and manage dismissed rules, go to Event Rule Management.