Configuring a User Risk PolicyWhat's new today: Starting today, User Risk Policies are available for organization using federated authentication (i.e. Something like an Active Directory Federation Server or Ping Federate). If the admin has configured a User Risk Policy, the next time a sign-in to Azure AD is detected from a user whose account might be compromised, the user is informed that their account is at risk.
The user is then required to prove their identity by solving a multi-factor authentication challenge.
And then the user is forced to change their password.
The following is required for this scenario to work for federated identities:
If a federated tenant does not have password write back enabled, but admins still want to leverage Identity Protection's risk detection and workflow capabilities, they can reset the compromised user's password on-premises and mark the user as secured in Identity Protection by selecting "Dismiss all events" on the user's blade. The user will no longer show as being at risk of compromise in Identity Protection.
Note for Europe Geo customers who were already using Identity Protection: The service for the Europe Geo was not officially supported before today. European customers who were already using Identity Protection will have to onboard again to the service and their previous data will be dropped . We apologize for the inconvenience. If you read this far, thanks! I really appreciate you spending the time to learn more about the work we're doing here. I hope you'll find it useful in helping your enterprise use the cloud securely! Regards, Salah
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.