Authentication Method - General Settings - Report suspicious activity - Included users/groups
Object Id or scope of users which will be included to report suspicious activities if they receive an authentication request that they did not initiate.
| Name | reportSuspiciousActivitySettingsIncluded |
| Control | Authentication Method - General Settings |
| Description | The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings. |
| Severity | High |
How to fix
Microsoft Learn - Report suspicious activites
Details of configuration item
| Recommendation | Apply this feature to all users. |
| Configuration | policies/authenticationMethodsPolicy |
| Setting | reportSuspiciousActivitySettings.includeTarget.id |
| Recommended Value | 'all_users' |
| Default Value | all_users |
| Graph API Docs | Get authenticationMethodsPolicy - Microsoft Graph v1.0 - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |