May 29 2020
- last edited on
Jul 24 2020
today a colleague clicked a phishing mail and entered his mail and password. After seconds there was a login from Belize which was blocked due to our Conditional Access Rules.
But i decided to block the user directly from the risky sign in page until the user changed his password. We have AD Connect PHS in place so the block was reverted after the next sync cycle.
But the user still cannot login.
I also enabled and disabled the account in Azure AD portal. But after an hour - the user still cannot log in.
How can i fix this?
May 29 2020 11:00 AM
@StephanGee Hello Stephan, did you ever press 'Confirm sign-in(s) safe' in Identity Protection under Risky sign-ins? I'm attaching a couple of links in case you haven't seen these.
Remediate risks and unblock users
How should I give risk feedback and what happens under the hood?
Let me know how it goes!
May 29 2020 11:32 AM
I just let the user change his password and then unblocked the account.
Did not know that i have to set the user to safe again. I thought that this was just for the books and had no more influence.
I think the colleague will check tomorrow again. Last try to login was about an hour ago.