Cloud Users Without MFA Enabled

This bot identifies cloud user accounts which are not set up to leverage two-factor authentication when accessing the native cloud portal. Allowing access to the native portal with standard credentials can expose the organization to attacks and access by malicious users via brute force, social engineering and other techniques.

Recommended Action

Ensure that user accounts, especially those with administrator/privileged access, are set up to leverage multi-factor authentication.

Severity

High

Resource Types Inspected

Cloud User

Reactive Hookpoints

resource.created resource.modified