Medium

Federated domains in use

Detects domains using federated authentication (ADFS or third-party IdP).

Category: Authentication
Default severity: Medium
Rule key: CHECK_FEDERATED_DOMAINS
Last updated: April 17, 2026

How to fix it

Migrate to managed (cloud) authentication using Password Hash Sync or Pass-through Authentication with Seamless SSO.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Directory.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →