Block legacy authentication (MS.AAD.1.1v1)
Block users detected as high risk (MS.AAD.2.1v1)
Block sign-ins detected as high risk (MS.AAD.2.3v1)
Enforce phishing-resistant MFA for all users (MS.AAD.3.1v1)
Enforce alternative MFA method if phishing-resistant MFA not enforced (MS.AAD.3.2v1)
Configure Microsoft Authenticator to show login context (MS.AAD.3.3v1)
Set Authentication Methods Manage Migration to Complete (MS.AAD.3.4v1)
Enforce phishing-resistant MFA for privileged roles (MS.AAD.3.6v1)
Allow only administrators to register applications (MS.AAD.5.1v1)
Allow only administrators to consent to applications (MS.AAD.5.2v1)
Configure admin consent workflow for applications (MS.AAD.5.3v1)
Prevent group owners from consenting to applications (MS.AAD.5.4v1)
Disable password expiration (MS.AAD.6.1v1)
Configure Global Administrator role assignments (MS.AAD.7.1v1)
Enforce use of granular roles instead of Global Administrator (MS.AAD.7.2v1)
Enforce cloud-only accounts for privileged users (MS.AAD.7.3v1)
Enforce PAM system for privileged role assignments (MS.AAD.7.5v1)
Configure approval requirement for Global Administrator activation (MS.AAD.7.6v1)
Configure alerts for privileged role assignments (MS.AAD.7.7v1)
Configure alerts for Global Administrator activation (MS.AAD.7.8v1)
Get current status of all CISA M365 security policies
