cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Risky Sign-in Report - Where to see or adjust the settings?

NoobieInfoSec
Copper Contributor

‎Sep 01 2022 02:08 PM

‎Sep 01 2022 02:08 PM

Risky Sign-in Report - Where to see or adjust the settings?

We are seeing some inconsistencies with our Risky Sign-in reports.  For example, we'll have multiple users who travel over seas, logging in from foreign IP addresses for the first time, and some will get flagged as a risky sign in while others won't.  We had one US based user in particular who travelled in Eastern Europe for a month and was never flagged for risky sign ons.

 

Is there a way to see and or adjust the settings/criterion for how the risky sign-in reports work?

 

NoobieInfoSec_1-1662066470574.png

 

 

Labels:
3,209 Views
0 Likes
3 Replies
Reply
3 Replies
Heike Ritter

‎Sep 01 2022 03:43 PM

‎Sep 01 2022 03:43 PM

Re: Risky Sign-in Report - Where to see or adjust the settings?

This falls under Azure AD IP - There’s an article about simulating some of the behaviors to test -> https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

Can you have a look if that works for you?
1 Like
Reply
NoobieInfoSec

‎Sep 01 2022 04:20 PM

‎Sep 01 2022 04:20 PM

Re: Risky Sign-in Report - Where to see or adjust the settings?

Sure, I will test these out - thank you!

Is there a way for us to configure how risky sign in works? Like turn certain features ON or OFF?
0 Likes
Reply
best response confirmed by NoobieInfoSec (Copper Contributor)
Heike Ritter

‎Sep 01 2022 06:15 PM

‎Sep 01 2022 06:15 PM

Solution

Re: Risky Sign-in Report - Where to see or adjust the settings?

I am not an Azure AD IP expert, but did you look at our documentation? https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...
There is also a YouTube video in this article.
For reports I found this page: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...
If the simulation from earlier doesn't help, I honestly would suggest to open a support ticket to see why some users are flagged, whilst others are not.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by NoobieInfoSec (Copper Contributor)
Heike Ritter

‎Sep 01 2022 06:15 PM

‎Sep 01 2022 06:15 PM

Solution

Re: Risky Sign-in Report - Where to see or adjust the settings?

I am not an Azure AD IP expert, but did you look at our documentation? https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...
There is also a YouTube video in this article.
For reports I found this page: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...
If the simulation from earlier doesn't help, I honestly would suggest to open a support ticket to see why some users are flagged, whilst others are not.

View solution in original post

1 Like
Reply