Forum Discussion
Leaked credentials notification?
KalimanneJ As per the Microsoft documentation the leaked credentials service compares users current valid credentials against leaked credentials lists and only checks new leaked credentials found after enabling PHS.
(https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#common-questions)
You could perform a domain level check on Have I Been Pwned https://haveibeenpwned.com/DomainSearch to see if any users in your organization were part of a data breach but as with Microsoft's thinking, if they have since changed their password they wouldn't be considered compromised.
If you have enabled the Identity Protection risk based policies I wouldn't be concerned about not seeing any appear, as the policies will be there in case something is detected,
Ru Our global admins don’t have mailboxes or licensing for Exchange/SharePoint/Teams etc.
Email is accessed through standard user accounts.
Our global admins and domain admins are not supposed to be using those accounts for accessing email or web surfing.
- Afraid I'm not a licensing expert so you'd be best checking directly with a Microsoft representative or your reseller. However generally Microsoft describes EM+S licensing requirements as users who "benefit" from a service rather than administrators, so my guess would be an admin doesn't need a license just to get reports. But please confirm with MS or your reseller.
Ru Does this leaked credentials report require P2 licensing for the tenant or any special licensing for the users in the report or the admins running the report?