Forum Discussion
Azure / Office 365 - risky logins automatic email report
Hey all,
Question for you, is it possible to create automatic trigger emails when a risky login trigger is attempted of when a user in Azure goes from low to medium or to high.
These trigger notifications would go to a global admin, as well as triggering remediation actions?
Thanks in advance,
Calv
1 Reply
Kind of, certainly for the remediation part but it's not built into Office 365 and requires extra licencing, for Azure AD Premium. Not sure if the add-ons (Advanced Security Management etc.) that come with the E5 licence can also help in this regards as well.
Anyway, with https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection, you can define policies to mitigate suspected compromised accounts or for risky sign-ins, this page gives more of a clue what this can look like - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection-flows and the different outcomes. This functionality requires Azure AD Premium P2 add-on or Enterprise Mobility + Security E5.
Check out some of these Ignite presentations, for more of an overview.
