Azure AD Reporting: monitoring for compromised credentials
With increasing BYOD trends at companies worldwide, and more employees conducting business on personal devices, an extra vigilance should be applied to monitoring Azure AD sign-in activity to reduce the risk of company-owned data falling into the wrong hands. To add to this challenge, a lot of employees reuse their passwords for multiple accounts without even knowing that they could possibly be compromised.
- Contact the user to verify the activity
- Reset the user’s password
- Enable multi-factor authentication for additional security
- Wipe the device (selective or local wipe)
- Define policies that lock devices after a certain time of inactivity*