Accounts with Weak Authentication

Weak authentication allows threat actors to use legitimate accounts to access systems and possibly steal sensitive information.

Authentication issues can result from unintentional misconfiguration of account settings or malicious behaviors involving Active Directory and Azure AD.

The following table outlines the actions you can perform on the widget:



View authentication-related statistics and recommendations

  • Number of accounts with weak authentication detected in the last 30 days

  • Number of threats with the potential to exploit weak authentication detected in the last 5 days

  • Recommended actions for improving Azure AD policy settings

View information about accounts with weak authentication

  • View the account list with high-level information such as account type, account role, and authentication issue.

  • Filter the displayed data by account type and authentication issue.

  • Open the asset details screen for each account.

    • Risk Assessment: Displays the account's risk score, and a summary of general activity and associated risk events

    • Asset Graph: Displays information about the accounts relationships and interactions with other assets in your organization

    • Cloud App Activity: Displays information about sanctioned and unsanctioned cloud apps accessed by the account

    • Devices: Displays information about the devices that are associated with the account

    • Asset Profile: Displays criticality level of the account and list of profile tags derived from data collected by data sources

Add authentication issues to the exception list

You can add specific issues to the list if you are unable to implement the associated best practices within your organization.

Risk events related to issues in the exception list are excluded from the calculation of your company's risk index. This can limit the information provided by Risk Insights apps.

  • Adding issues to the exception list permanently excludes related risk event data from Risk Insights apps.

  • If necessary, you can eventually remove issues from the list but excluded risk event data cannot be restored.

  • Changes to the exception list are applied only to new risk events.