Disabled Users in Azure AD / Blocked User in Office 365 / Risky SignIn Blocked

Highlighted
Contributor

Hi,

 

today a colleague clicked a phishing mail and entered his mail and password. After seconds there was a login from Belize which was blocked due to our Conditional Access Rules.

 

But i decided to block the user directly from the risky sign in page until the user changed his password. We have AD Connect PHS in place so the block was reverted after the next sync cycle.

But the user still cannot login.

I also enabled and disabled the account in Azure AD portal. But after an hour - the user still cannot log in.

 

How can i fix this?

 

Best regards

Stephan

2 Replies
Highlighted

@StephanGee Hello Stephan, did you ever press 'Confirm sign-in(s) safe' in Identity Protection under Risky sign-ins? I'm attaching a couple of links in case you haven't seen these.

 

Remediate risks and unblock users

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

 

How should I give risk feedback and what happens under the hood?

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

 

Let me know how it goes!

Highlighted

@bec064 

I just let the user change his password and then unblocked the account.

Did not know that i have to set the user to safe again. I thought that this was just for the books and had no more influence.

I think the colleague will check tomorrow again. Last try to login was about an hour ago.