Forum Discussion
Users flagged for risk - Azure AD Identity Protection
I would agree with you that this would be considered a false positive if the user did visit the country noted. I would suggest using "Resolved" if, for example, you found that he did not visit the country so you reset the password on the account and investigated the event further.
Short question. by default are there any User Risk oder Identity Risk Policies activated which act by default? As example block the sign in or something which creates an impact. IM asking before we add Licenses to our Contract to know if i have to configure something before. Because our Users are highly traveling around the world and i dont want to have any impact because of a false detection, dont want to have 200 accounts blocked because of a automatic acting policy.
Thank you very much.
Have a look at Azure AD Identity Protection:
Is the switch "Enforce Policy" set to "On" in the blade User risk policy or in Sign-in risk policy?
Additional there was a view in azure to see what rules are there, but unfortunately i can't find them right now :D (e.g. "unusual location / impossible travel / ...) I thought it was somewhere in https://protection.office.com
Hey currently when i click on this i get "To start please download Azure AD Identity Protection from the Azure Marketplace" - so i think nothing is enabled from a policy site, right?
But i can see many users flagged as medium risk because of traveling and accessing services from different ips.
Sorry Screenshot is in german but you see at the bottom, yellow marked the message.
