| π Account Lockout Duration is not set 60 seconds or more π’ | | π’ x3 |
| π Account Lockout Threshold is not set to 10 or less π’ | | π’ x3 |
| π Allow Users To Remember MFA On Devices They Trust is enabled π’ | | π’ x3 |
| π Conditional Access By Location is not defined π’ | | π’ x3 |
| π Custom Banned Password List is not enforced π’ | | π’ x3 |
| π Device Code Authentication Flow is not restricted π’ | | π’ x3 |
| π Global Administrator Role assigned to more than 4 users π’ | | π’ x3 |
| π Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users π’ | 1 | π’ x6 |
| π Guest Users are not reviewed on a regular basis π’ | | π’ x3 |
| π Guest Users restricted to their own directory objects �π’ | 1 | π’ x6 |
| π MFA For Administrators is not required π’ | | π’ x3 |
| π MFA For All Users is not required π’ | | π’ x3 |
| π MFA For Risky Sign-Ins is not required π’ | | π’ x3 |
| π MFA For Windows Azure Service Management API is not required π’ | | π’ x3 |
| π MFA To Access Microsoft Admin Portals is not required π’ | | π’ x3 |
| π Named Locations are not defined π’ | | π’ x3 |
| π Non-Privileged Users Multi-Factor Auth Status is not enabled π’ | | π’ x3 |
| π Notify All Admins When Other Admins Reset Their Password is set No π’ | | π’ x3 |
| π Notify Users On Password Resets is set to No π’ | | π’ x3 |
| π Owners Can Manage Group Membership Requests In The Access Panel is set to Yes π’ | | π’ x3 |
| π Privileged Users Multi-Factor Auth Status is not enabled π’ | | π’ x3 |
| π Reconfirm Authentication Information is set to 0 π’ | | π’ x3 |
| π Require MFA to register or join devices with Microsoft Entra ID is set to No π’ | | π’ x3 |
| π Restrict Access To Microsoft Entra Admin Center is set to No π’ | | π’ x3 |
| π Restrict User Ability To Access Groups Features In The Access Pane is set to No π’ | | π’ x3 |
| π Security Defaults are not enabled π’ | | π’ x3 |
| π Self-Service Password Reset does not require 2 authentication methods π’ | | π’ x3 |
| π Tenant Creation is set to Yes π’ | 1 | π’ x6 |
| π User Consent For Applications is not set to Allow From Verified Publishers π’ | | π’ x3 |
| π User Consent For Applications is not set to Do Not Allow User Consent π’ | | π’ x3 |
| π Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes π’ | | π’ x3 |
| π Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes π’ | | π’ x3 |
| π Users Can Register Applications is set to Yes π’ | 1 | π’ x6 |