Forum Discussion
setup an alert email for the event from the “!” marked in the Risky-Sign activities from MS Defender
Hi Professional, Do anyone know how to get email alert when MS defender detected a risky logon activities on a user especially those highline with "!" by MS defender to take action as priority. ...
Hello JasonLuk ,
Those alerts come from Azure AD Identity Protection. You can configure email notifications in Azure Portal -> Azure Active Directory -> Identity Protection -> Users at risk detected alert.
Hello mikhailf
Thanks your reply, I checked my email ID was listed in that User at Risk Detect Alert page. However the email I received was a report link from MS, which redirect me to the Azure page showing a list of users with risk severity. But it didn't show which ID with "!" I mentioned in earlier post. This report is hard for me to take action and not much meaning to me. When compare with the MS Defender activities log showing, the logon with "!" is the one I am interested and want to focus on. Any clue?
BRs,
Jason Luk
