Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
End users can now report “This wasn’t me” for unusual sign-in activity
Published Aug 03 2020 09:00 AM 24.1K Views

Howdy folks,


I’m excited to announce the General Availability of Azure AD My Sign-Ins—a new feature that allows enterprise users to review their sign-in history to check for any unusual activity. As we discussed in the Public Preview blog post, the My Sign-Ins page empowers users to see:

  • If anyone is trying to guess their password.
  • If an attacker successfully signed in to their account from a strange location.
  • What apps the attacker accessed.

The newest addition to this page allows end users to report “This wasn’t me” or “This was me” on unusual activities. Robyn Hicock, who managed this feature, wrote a guest blog post where she dives into the details on this update. You’ll find her blog post below.

 

As always, we’d love to hear any feedback or suggestions you may have. Please let us know what you think in the comments below or on the Azure AD feedback forum.

 

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

 

-----------------------------------------------------

 

Hi everyone!

 

I’m super excited to share details about the updates we’ve made to the My Sign-Ins page. We heard your feedback during the Public Preview and learned that users want to easily determine whether a sign-in was theirs or not.

 

Unusual activity

We now highlight suspicious activities that we’ve detected with Identity Protection at the top. For example, if a risky sign-in was automatically detected, it would get bubbled up to the top under a new section for “Unusual activity”:

 

SI1.png

 

We also added “This wasn’t me” and “This was me” buttons for unusual activities. If a user chooses “This wasn’t me”, then they would see this dialog:

 

SI2.png

 

They would then be taken to the Security info page to review and update their authentication methods. To learn more about managing security info, check out the blog post for Combined MFA and password reset registration.

 

SI3.png

 

If a user chooses “This was me”, then they would see this dialog:

 

SI4.png

 

The end user feedback will help improve the accuracy of our risk detection systems. We will study the user feedback before allowing user reporting to change the risk states in Identity Protection. You can monitor what your users are choosing by checking the audit logs, and use that information to help you decide whether to confirm or dismiss the risk.

 

Recent activity

If a user doesn’t have any suspicious sign-ins, then they’ll just see the “Recent activity” section. Users can also review their normal sign-ins and report if anything looks strange by clicking “Look unfamiliar? Secure your account”.

 

SI5.png

 

Users can also see if anyone else is trying to guess their password. In that case, they’d see an “Unsuccessful sign-in” like this:

 

SI6.png

 

Searching and Filtering

We also heard your feedback about better filtering to sort through all the noise. Now you can use the Search bar at the top to look at only the “Unsuccessful” sign-ins.

 

SI7.png

 

You can also use the Search bar to filter for other details like the app, browser, location, operating system, etc.

 

Finally, we made My Sign-Ins more mobile-friendly too!

 

SI8.png

 

If you’re curious about your personal email too, we have similar features in the Recent Activity page for consumer Microsoft Accounts at: https://account.live.com/activity - Check it out!

Feedback

As always, we’d love to hear your feedback and suggestions. Please let us know what you think in the comments below or on the Azure AD feedback forum.

 

Thanks!

Robyn Hicock (@Robyn.Hicock)

Senior Program Manager

Microsoft Identity Security and Protection Team

 

Learn more about Microsoft identity:

15 Comments

Awesome - these details empower end-users with information, helping them to better self-defend their IDs - and their orgs. 

It's nice that we got some basic filtering functionality, but using the search bar on top for that is very counter-intuitive. Not a huge fan of the "endless scrolling" approach either, but oh well.

 

Still a great feature, don't get me wrong! :)

Microsoft

@Michael Hildebrand - Thanks! Glad you like it :smile:

 

@Vasil Michev - I agree the search bar at the top isn't very intuitive. We want to move it down into the page, and update the header to match Office. Ideally we'd have better filtering capabilities too, but that work didn't make it in before GA. Thanks for the feedback!

Deleted
Not applicable

Great improvements around the "Unusual Activity" section.

 

I wonder if in addition to better filtering as discussed in the comments above, if it might be possible to collapse multiple identical entries. For example, when I check my list of Sign-Ins I see hundreds of entries for "Microsoft App Access Panel" just from the last few hours alone, making it difficult to spot anything else.

 

If those hundreds of entries were just one instead (perhaps with the number of times it has been triggered today and the most recent time shown), it would be a lot easier to see at a glance recent activity.

Microsoft

Nice feature for users to monitor their own sign-ins including risky sign-ins.

Microsoft

@Deleted - Thanks! Yep that's a known issue unfortunately if you have the "My Apps Secure Sign-in Extension". It'll show repeated sign-ins to the “Microsoft App Access Panel”. We want to get that fixed, but in the meantime you could disable the extension to clean up your page.

 

@nnpms - Thanks! :happyface:

Brass Contributor

@robynhicock Nice Feature. 

It seems as if the german translation is not yet 100% available; some sentences/words are German, others are English. Without a proper translation it will be difficult to introduce this to our users.

 

Microsoft

@sebastianheil - Thanks! Great catch. I'll bring this up to our team. Which parts aren't translated?

Brass Contributor

 

@robynhicock Please find an example attached

 

sebastianheil_0-1597297463567.png

 

Brass Contributor

@robynhicock do you have an update by when the german translation will be fixed?

Microsoft

@sebastianheil - I believe this was fixed with the latest deployment. Can you try it again?

Brass Contributor

@robynhicock just tested. still looks the same as before, a mixture of German and English.

Microsoft

@sebastianheil - Ah sorry, the fix hasn't been deployed yet. I'll ask the devs again.

Brass Contributor

@robynhicock it looks a lot better now; only the timestamp is not yet translated

 

mysignins.jpg

Microsoft

@sebastianheil - Thanks! I'll let the devs know.

Version history
Last update:
‎Aug 01 2020 10:18 PM
Updated by: