Requiring password change for users whose credentials are leaked in Azure Identity Protection

Hi, you can enable risk-based policies such as user risk policy and risk sign-in policy through Azure Identity Protection in Azure Active Directory. Also, Azure AD premium P2 users have the extra privilege of risks in one step ahead. They can enable these policies with desired conditions according to their security preference. They will have the detailed view of risks such as how the risk has happened, what is the reason for the risk, what is a risk event that compromised user account, and much more details.

Even though we have created several risk policies using Microsoft 365, these policies will not be effective until a security breach is detected. So, frequently analyze the non-interactive sign-ins in your Azure Active Directory. 

Please take a look at this blog to safeguard your organization away from attackers - https://blog.admindroid.com/monitoring-azure-ad-sign-in-logs-and-risky-sign-in-activities/