Forum Discussion

KalimanneJ's avatar
KalimanneJ
Iron Contributor
Feb 15, 2021
Solved

Leaked credentials notification?

We have hybrid AD with ADFS and also enabled PHS many months ago. I thought this enabled leaked credentials notifications.   I am kind of surprised that we could have had zero leaked credentials in...
Cloud App Security
  • edinili84's avatar
    edinili84
    Feb 15, 2021

    KalimanneJ As per the Microsoft documentation the leaked credentials service compares users current valid credentials against leaked credentials lists and only checks new leaked credentials found after enabling PHS.

     

    (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#common-questions)

     

    You could perform a domain level check on Have I Been Pwned https://haveibeenpwned.com/DomainSearch to see if any users in your organization were part of a data breach but as with Microsoft's thinking, if they have since changed their password they wouldn't be considered compromised.

     

    If you have enabled the Identity Protection risk based policies I wouldn't be concerned about not seeing any appear, as the policies will be there in case something is detected,

KalimanneJ's avatar
KalimanneJ
Iron Contributor
Feb 16, 2021

Ru Does this leaked credentials report require P2 licensing for the tenant or any special licensing for the users in the report or the admins running the report?

Ru's avatar
Ru
MVP
Feb 16, 2021
Afraid I'm not a licensing expert so you'd be best checking directly with a Microsoft representative or your reseller. However generally Microsoft describes EM+S licensing requirements as users who "benefit" from a service rather than administrators, so my guess would be an admin doesn't need a license just to get reports. But please confirm with MS or your reseller.

Resources