Forum Discussion
Azure Identity Protection - Clarity about the report options
Hi everyone Currently, I am trying to better understand Azure AD Identity Protection. To be honest, despite the documentation it is still not totally clear for me what is the difference between t...
A risk detection is when a user does something risky. Like logging in from a 'Malware Linked IP'. The moment the user logs in from a malware linked IP, this will be a risky sign-in. The reason for this risky sign-in will be the risk detection will be 'Malware linked IP'.
A sign-in can have a score (low/medium/high), but a user can also have risk score. These are calculated from the multiple risky signins (simply put 2 low sign-ins create a medium risky user). A admin can also confirm a user as confirmed, then the user risk is also increased.
For the unfamiliar sign-ins: Microsoft does not publish why the alert is exactly triggered. Most of the time this is because of a new IP or new device. So these are the two things I look into.
A sign-in can have a score (low/medium/high), but a user can also have risk score. These are calculated from the multiple risky signins (simply put 2 low sign-ins create a medium risky user). A admin can also confirm a user as confirmed, then the user risk is also increased.
For the unfamiliar sign-ins: Microsoft does not publish why the alert is exactly triggered. Most of the time this is because of a new IP or new device. So these are the two things I look into.