Azure AD Risky User question

vand3rlinden · ‎Jul 09 2020

Hi Tech community,

I already try to find this out on the internet, but I don't get it yet.

Sometimes in our tenant we run into some risky users, with risky sign-ins. Do I need to set those users on "dismiss user risk", if the loggin is legit? Another thing, If I select the Risk State on dismissed in the filter, I see many dismissed with actor Azure AD. Will Azure AD automatic dismissed some risky users?

When I look on this .doc site https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio... I cannot find my answer there.

Regards,

Ricardo

vand3rlinden · ‎Jul 09 2020

@vand3rlinden

If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.

Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?

vand3rlinden · ‎Jul 10 2020

@PeterRisingThank for your reply! I go ahead and play with this in my demo tenant.

vand3rlinden · ‎Jul 09 2020

@vand3rlinden

If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.

Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?

View solution in original post

Azure AD Risky User question

Azure AD Risky User question

Re: Azure AD Risky User question

Re: Azure AD Risky User question

Re: Azure AD Risky User question

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure AD Risky User question

Azure AD Risky User question

Re: Azure AD Risky User question

Re: Azure AD Risky User question

Re: Azure AD Risky User question