What is the "Password Breach Authenticator" resource in Entra ID?

CJR 20 Reputation points
2025-02-07T20:42:16.75+00:00

I am trying to investigate why certain users in our org get way more MFA requests than others. One common theme I've noticed is a lot of these MFA prompts show up in the sign-in logs under the resource "Password Breach Authenticator" with resource ID "bdd48c81-3a58-4ea9-849c-ebea7f6b6360".

I could not find any information online on what this resource is. If anyone could provide some info I would greatly appreciate it.

For context, we are still using the per-user MFA option. We are moving to handling all MFA through conditional access but the process is still a few weeks away from completing.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator
Microsoft Teams | Microsoft Teams for business | Other
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2025-02-07T20:56:43.5166667+00:00

    Its a first party Microsoft app:

    https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/governance/verify-first-party-apps-sign-in

    Im guessing its the same logic Azure uses for iden protection and because you arent using a CA policy it responding with MFA prompts. I would recommend those user reset their passwords and think about moving to a passwordless MFA auth scheme as well

    https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.