Accepted risks
Decisions recorded once, carried forward across runs · all tenants
| Risk / control | Tenant | Product | Severity | Standard | Accepted by | Expires | |
|---|---|---|---|---|---|---|---|
| CIS.M365.1.1.1 Ensure Administrative accounts are cloud-only | Pora Inc. | En Entra | High | CIS | [email protected] | 2026-08-27 | details → |
| CIS.M365.1.3.7 Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web' | Pora Inc. | En Entra | Unknown | CIS | [email protected] | 2026-09-16 | details → |
| CISA.MS.AAD.1.1 Legacy authentication SHALL be blocked. | Pora Inc. | En Entra | High | CISA | [email protected] | No expiry | details → |
| CISA.MS.AAD.3.7 Managed devices SHOULD be required for authentication. | Pora Inc. | En Entra | High | CISA | [email protected] | 2026-10-26 | details → |
| CISA.MS.AAD.7.7 Eligible and Active highly privileged role assignments SHALL trigger an alert. | Pora Inc. | En Entra | High | CISA | [email protected] | 2026-11-15 | details → |
No accepted risks for this tenant.
An accepted risk suppresses a control from "new failures" until it expires or is revoked. The decision, owner, and date are kept in the five-year tenant history so auditors can see what was accepted, by whom, and when.