Forum Discussion

s_p_9's avatar
s_p_9
Copper Contributor
Nov 09, 2020

Requiring password change for users whose credentials are leaked in Azure Identity Protection

We have E5 license for Office 365 so receive alerts if a user's credentials are leaked. I know in Azure Identity Protection for such scenarios the Risk is High and event type is "Leaked user credenti...
identity protection
PeterJ_Inobits's avatar
PeterJ_Inobits
Iron Contributor
Nov 16, 2020

s_p_9 

 

You can leverage Azure Identity Protection to create a User Risk Policy that says if any user's Risk Status is High then require a password change. This is set using the User Risk Policy option under Identity Protection. See the below screen shot

 

Have you enabled combined security information registration in your tenant? I strongly recommend you do and also enable Azure AD SSPR for all warm blooded user accounts. 

 

When this is all setup any user whose Risk Level hits High will automatically be forced to change their password. 

 

You can also use Powershell to find all users whose Risk state is high and send a list to a DL for example. You can also raise an alert in several different portals in Azure when a User's Risk level hits high. Currently the only event that will cause a User Risk Status to be High is actually leaked credential detection so this should work.    

 

 

Resources