Forum Discussion

cllee's avatar
cllee
Brass Contributor
Sep 10, 2020

Multiple Sign-ins attempt not triggering Risky User/Sign-ins

Hi,

Under User Sign-in events, one of the user has multiple sign-in attempt from 4 different countries. 2 countries was successful, another 2 failed. All happened within the same day.

Shouldn't that generate a record under "Risky Sign-in" or "Risky Users". There is no entry triggered for this user.

On what logic do the Azure AD consider the attempt as "Risky Sign-ins/User". Will "failure" attempt from another countries trigger risky record?

Thanks.

  • cllee 

     

    Hi, do you have Azure AD Premium P2 licensing please?  You will need this in order for these features of Identity Protection to work.  This is also included in EM+S E5 and M365 E5

    • cllee's avatar
      cllee
      Brass Contributor

      PeterRising 

       

      Yes, I do have the license for that. Hence i noticed the inconsistency. Some user did triggered Risky Sign-ins/User records, but in the case where i highlighted; it did not.

      So was trying to understand the "logic/conditions" used in backend to monitor such scenario.

Resources