Forum Discussion
Leaked credentials notification?
KalimanneJ As per the Microsoft documentation the leaked credentials service compares users current valid credentials against leaked credentials lists and only checks new leaked credentials found after enabling PHS.
(https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#common-questions)
You could perform a domain level check on Have I Been Pwned https://haveibeenpwned.com/DomainSearch to see if any users in your organization were part of a data breach but as with Microsoft's thinking, if they have since changed their password they wouldn't be considered compromised.
If you have enabled the Identity Protection risk based policies I wouldn't be concerned about not seeing any appear, as the policies will be there in case something is detected,
Ru I understand that it’s just for new breaches, but we have set this up quite a while.
How do we verify that we have the notifications configured correctly that that they are working? It may be possible there have been leaked credentials that we are missing.
Ru We are not manually adding users to any alert lists.
If that’s required, we clearly do not have this working.- If you have global admins, you have accounts in the list. But the problem could be you have separate admin accounts without mailboxes. Here is the direct link to confirm:
https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/UsersAtRiskAlerts
Check it out and add anyone that's required.Ru Our global admins don’t have mailboxes or licensing for Exchange/SharePoint/Teams etc.
Email is accessed through standard user accounts.
Our global admins and domain admins are not supposed to be using those accounts for accessing email or web surfing.