KPMG Resolve

Suspicious Application Registration Analysis

Identify potential malicious or compromised Entra ID applications with excessive permissions that create data exfiltration opportunities 🔴 High Risk App Registration Directory.ReadWrite.All User.ReadWrite.All Mail.Send (as any user)

Toxic Combination Detection

Identifies dangerous configuration combinations that compliance assessments miss (e.g., weak MFA + overprivileged apps + disabled logging) ⚠️ Toxic Combination Detected SMS MFA Enabled + App with Mail.ReadWrite.All + Audit Logging Disabled

Conditional Access (CA) Policy Weakness Detection

Finds gaps and misconfigurations in CA policies that create authentication bypass opportunities ⚠️ CA Policy Gap Legacy Auth Not Blocked High-Risk Sign-ins Allowed Guest Users Unrestricted

Evidence-Linked Remediation

Step-by-step guidance with direct links to the exact configurations that need fixing, not generic recommendations ✓ Remediation Steps Navigate to Entra ID → Protection Authentication Methods → SMS Set Enable and Target: Disabled

Toxic CombinationDetection

Suspicious Application Registration Analysis

Conditional Access (CA) Policy Weakness Detection

Evidence-Linked Remediation

What Makes KPMG Resolve Different