MT.1085 - Pending approvals for Critical Asset Management should not be present
Overview
Microsoft provides an approval step for assets that do not meet the automatic classification threshold. Assets with a lower classification confidence score must be approved by a security administrator. Stale pending approvals can lead to limited visibility in Microsoft Defender XDR and potential security risks if critical assets are not properly identified.
Therefore, you should regularly review critical assets to ensure the correct classification has been applied to your assets.
How to fix
On the Critical asset management page, review the asset classification named in the Maester test results. Review the pending approvals and verify the correct classification of the listed assets.
More details are available in the Microsoft Learn article: "Add assets to predefined classifications".
Test Metadata
| Field | Value |
|---|---|
| Test ID | MT.1085 |
| Severity | Medium |
| Suite | Maester |
| Category | Entra |
| PowerShell test | Test-MtXspmPendingApprovalCriticalAssetManagement |
| Tags | Entra, Graph, MT.1085, XSPM |
Source
- Pester test:
tests/XSPM/Test-XspmCriticalAssetManagement.Tests.ps1 - PowerShell source:
powershell/public/xspm/Test-MtXspmPendingApprovalCriticalAssetManagement.ps1