CA-04HighEnhanced Security

Remediate High-Risk Users Automatically

Conditional Access control for Microsoft 365 and Entra ID

Why This Control Matters

When Microsoft detects that a user's credentials have been leaked (dark web, breach databases), the user risk policy forces a password change before the attacker can use those credentials.

Expected State

When this control is compliant, your tenant should meet these criteria:

1An Identity Protection user risk policy is enabled
2High-risk users are required to change their password
3Leaked credentials detections trigger immediate remediation

Enforcement

Default Mode

Auto-Remediate

Automatically fixes deviations when safe to do so

Auto-Remediation

Available

Creates user risk policy in Identity Protection

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.