Accounts That Increase Attack Surface Risk

Accounts That Increase Attack Surface Risk are user accounts with configuration settings that make them more vulnerable to cyberattacks.

The Accounts That Increase Attack Surface Risk widget displays a record of the number of accounts with settings that increase attack surface risk for the past 30 days.

Types of risky account settings include:

For detailed information about your risky accounts, click View details.

The following table outlines the sections available on the details screen:

Table 1. Details Screen Sections



Remediation actions

Suggests remediation actions for each type of misconfigured account settings

Threat Detections with Potential to Exploit Account Configuration Risks

Displays threat detections occurring in Azure AD over the last 30 days that have the potential to exploit account configuration risks.

Threat detections types include:

  • Advanced message attack
  • Business email compromise
  • Compromised account
  • Malware email
  • Phishing email
  • RBAC notification disabled

Accounts That Increase Attack Surface Risk table

Lists accounts in your organization with misconfigured account settings that increase your attack surface risk


Click the account name for more details or to take response actions on the account