The following table describes the vulnerabilities identified in the pre-defined Entra Discovery for Discovery.
|
|
NOTE: Discovery techniques are used by adversaries to avoid detection. Evasion techniques include hiding malicious code within trusted processes and folders, encrypting or obfuscating adversary code, or disabling security software. |
| Vulnerability Template | Vulnerability | Risk | What to find |
|---|---|---|---|
| User password last changed |
Name: Entra ID privileged role members whose passwords have not changed recently Default Scope: All Users
|
While it is not necessary to require mandatory periodic password resets, organizations should be aware of the password age of users that are members of Microsoft Entra built-in privileged roles. Remediation: Ensure that privileged role members have update their password to satisfy the organization’s password policy. |
Users that are members of privileged roles that have not updated their password within last 90 days NOTE: The number of days is editable. |