Jul 09 2020 02:13 AM - edited Jul 09 2020 02:19 AM
Hi Tech community,
I already try to find this out on the internet, but I don't get it yet.
Sometimes in our tenant we run into some risky users, with risky sign-ins. Do I need to set those users on "dismiss user risk", if the loggin is legit? Another thing, If I select the Risk State on dismissed in the filter, I see many dismissed with actor Azure AD. Will Azure AD automatic dismissed some risky users?
When I look on this .doc site https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio... I cannot find my answer there.
Regards,
Ricardo
Jul 09 2020 11:05 AM
Solution
If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.
Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?
Jul 10 2020 12:45 AM
@PeterRisingThank for your reply! I go ahead and play with this in my demo tenant.
Jul 09 2020 11:05 AM
Solution
If you are certain that the sign in is genuine, and effectively a false positive, then yes you may go ahead and choose to Dismiss User Risk.
Risk policies can be configured to apply automatic remediation, so maybe this is what you are seeing here with the many dismissed risks you are seeing?