| 🛡️ Account Lockout Duration is not set 60 seconds or more🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Account Lockout Threshold is not set to 10 or less🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Allow Users To Remember MFA On Devices They Trust is enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Conditional Access By Location is not defined🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Custom Banned Password List is not enforced🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Default User Role can create tenants🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Device Code Authentication Flow is not restricted🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Diagnostic Setting does not capture Microsoft Entra activity logs🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Diagnostic Setting does not capture Microsoft Graph activity logs🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Global Administrator Role assigned to more than 4 users🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Guest Users are not reviewed on a regular basis🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Guest Users restricted to their own directory objects🟢 | 1 | 🟢 x6 | no data |
| 🛡️ MFA For Administrators is not required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ MFA For All Users is not required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ MFA For Risky Sign-Ins is not required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ MFA For Windows Azure Service Management API is not required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ MFA To Access Microsoft Admin Portals is not required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Named Locations are not defined🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Notify All Admins When Other Admins Reset Their Password is set No🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Notify Users On Password Resets is set to No🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Owners Can Manage Group Membership Requests In The Access Panel is set to Yes🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Reconfirm Authentication Information is set to 0🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Remember MFA devices setting is disabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Require MFA to register or join devices with Microsoft Entra ID is set to No🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Restrict Access To Microsoft Entra Admin Center is set to No🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Restrict User Ability To Access Groups Features In The Access Pane is set to No🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Security Defaults are not enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Self-Service Password Reset does not require 2 authentication methods🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ User Consent For Applications is not set to Allow From Verified Publishers🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ User Consent For Applications is not set to Do Not Allow User Consent🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Users Can Register Applications is set to Yes🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Users Multi-Factor Auth Status is not enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |