CA-04: Remediate High-Risk Users Automatically

Frequently asked questions about implementing and managing the CA-04 security control in Microsoft 365 and Entra ID.

Q
What is CA-04 (Remediate High-Risk Users Automatically)?
A

CA-04 is a security control that when microsoft detects that a user's credentials have been leaked (dark web, breach databases), the user risk policy forces a password change before the attacker can use those credentials. It requires that an identity protection user risk policy is enabled and high-risk users are required to change their password, leaked credentials detections trigger immediate remediation.

Related controls:CA-04
Q
Why is Remediate High-Risk Users Automatically important for Microsoft 365 security?
A

When Microsoft detects that a user's credentials have been leaked (dark web, breach databases), the user risk policy forces a password change before the attacker can use those credentials.

Related controls:CA-04
Q
How do I implement CA-04 in my tenant?
A

TrueConfig provides one-click remediation for CA-04. Creates user risk policy in Identity Protection

Related controls:CA-04
Q
What license do I need for CA-04?
A

This control requires Azure AD Premium P2 (included in Microsoft 365 E5) or standalone P2.

Related controls:CA-04
Q
Which security baseline includes CA-04?
A

CA-04 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Related controls:CA-04

5

Questions

1

Related Controls

Categorized

Related Resources

CA-04 Control Reference

Detailed documentation and implementation guidance

Conditional Access Controls

All controls in the Conditional Access category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →