Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

"Suspend user" and "Confirm user compromised"




Could someone explain what these two settings actually do?


Many thanks

1 Reply
I believe you are referring to the Microsoft 365 Defender.
"Confirm user compromised" won't take any action on the account , however Microsoft Defender detects compromise based on actions and by confirm it, the account will mark as risk but the user still is able to access it. The "Suspend user" will take action on the account and prevent the user from login and you may do this action while you are doing investigation and want to prevent further compromise.