SOLVED

Azure Active Directory - Identity Protection

%3CLINGO-SUB%20id%3D%22lingo-sub-1065313%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Active%20Directory%20-%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065313%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F54954%22%20target%3D%22_blank%22%3E%40Eric%20Sabo%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20reviewed%20the%20documentation%20on%20Microsoft%20Docs%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Foverview-identity-protection%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Identity%20Protection%20Overview%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou'll%20find%20some%20guidance%20on%20using%20the%20various%20remediation%20options%20in%20the%20%22%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Fhowto-identity-protection-remediate-unblock%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ERemediate%20Risks%20and%20Unblock%20Users%3C%2FA%3E%22%20section.%20The%20choice%20of%20%22what%22%20to%20do%20is%20nearly%20always%20going%20to%20be%20subjective%20based%20on%20the%20nature%20%2F%20context%20of%20the%20alert.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20specific%20examples%20you%20are%20looking%20for%20guidance%20on%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKelvin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065317%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Active%20Directory%20-%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065317%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F204415%22%20target%3D%22_blank%22%3E%40Kelvin%20Papp%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%26nbsp%3B%20%26nbsp%3BThat%20is%20exactly%20what%20I%20needed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065193%22%20slang%3D%22en-US%22%3EAzure%20Active%20Directory%20-%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065193%22%20slang%3D%22en-US%22%3E%3CP%3EWhere%20can%20I%20find%20documentation%20on%26nbsp%3BAzure%20Active%20Directory%20-%20Identity%20Protection%20-%20like%20once%20an%20end%20user%20is%20in%20the%20high%20risk%20users%20report%2C%20what%20do%20I%20do%20with%20this%20data%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20the%20following%20options%3A%3C%2FP%3E%3CP%3EReset%20password%3C%2FP%3E%3CP%3EConfirm%20user%20compromised%3C%2FP%3E%3CP%3EDismiss%20user%20risk%3C%2FP%3E%3CP%3Eblock%20user%3C%2FP%3E%3CP%3EInvestigate%20with%20Azure%20ATP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20cannot%20find%20anywhere%20what%20or%20which%20one%20we%20should%20do%20for%20each.%26nbsp%3B%20%26nbsp%3B%20Is%20there%20any%20blogs%20describing%20this%20part%20of%20the%20portal%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20I%20am%20looking%20at%20what%20an%20admin%20should%20do%20with%20these%20accounts%20when%20they%20show%20up%20in%20this%20portal%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1065193%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Where can I find documentation on Azure Active Directory - Identity Protection - like once an end user is in the high risk users report, what do I do with this data?   

 

There is the following options:

Reset password

Confirm user compromised

Dismiss user risk

block user

Investigate with Azure ATP

 

I cannot find anywhere what or which one we should do for each.    Is there any blogs describing this part of the portal?

 

I guess I am looking at what an admin should do with these accounts when they show up in this portal

2 Replies
best response confirmed by Eric Sabo (Occasional Contributor)
Solution

Hi @Eric Sabo,

 

Have you reviewed the documentation on Microsoft Docs?

 

Microsoft Identity Protection Overview

 

You'll find some guidance on using the various remediation options in the "Remediate Risks and Unblock Users" section. The choice of "what" to do is nearly always going to be subjective based on the nature / context of the alert.

 

Do you have specific examples you are looking for guidance on?

 

Kelvin

@Kelvin Papp 

 

Thanks!   That is exactly what I needed