SOLVED

Azure AD Risky User question

Brass Contributor

Hi Tech community,

 

I already try to find this out on the internet, but I don't get it yet.

 

Sometimes in our tenant we run into some risky users, with risky sign-ins. Do I need to set those users on "dismiss user risk", if the loggin is legit? Another thing, If I select the Risk State on dismissed in the filter, I see many dismissed with actor Azure AD. Will Azure AD automatic dismissed some risky users?

 

When I look on this .doc site https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio... I cannot find my answer there.

 

 

 

Regards,

 

Ricardo

2 Replies
best response confirmed by vand3rlinden (Brass Contributor)
Solution

@vand3rlinden 

 

If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.

 

Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?

@PeterRisingThank for your reply! I go ahead and play with this in my demo tenant.

1 best response

Accepted Solutions
best response confirmed by vand3rlinden (Brass Contributor)
Solution

@vand3rlinden 

 

If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.

 

Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?

View solution in original post