cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

setup an alert email for the event from the “!” marked in the Risky-Sign activities from MS Defender

JasonLuk
Copper Contributor

‎Jun 14 2022 09:56 PM

‎Jun 14 2022 09:56 PM

setup an alert email for the event from the “!” marked in the Risky-Sign activities from MS Defender

Hi Professional,

 

Do anyone know how to get email alert when MS defender detected a risky logon activities on a user especially those highline with "!" by MS defender to take action as priority. 

JasonLuk_0-1655268941464.png

 

BRs,

Jason Luk

537 Views
0 Likes
2 Replies
Reply
2 Replies
mikhailf

‎Jun 15 2022 03:33 AM

‎Jun 15 2022 03:33 AM

Re: setup an alert email for the event from the “!” marked in the Risky-Sign activities from MS Defe

Hello @JasonLuk ,

 

Those alerts come from Azure AD Identity Protection. You can configure email notifications in Azure Portal -> Azure Active Directory -> Identity Protection ->  Users at risk detected alert.

 

0 Likes
Reply
JasonLuk

‎Jun 15 2022 06:55 PM - edited ‎Jun 15 2022 06:58 PM

‎Jun 15 2022 06:55 PM - edited ‎Jun 15 2022 06:58 PM

Re: setup an alert email for the event from the “!” marked in the Risky-Sign activities from MS Defe

Hello @mikhailf 

Thanks your reply, I checked my email ID was listed in that User at Risk Detect Alert page. However the email I received was a report link from MS, which redirect me to the Azure page showing a list of users with risk severity. But it didn't show which ID with "!" I mentioned in earlier post. This report is hard for me to take action and not much meaning to me. When compare with the MS Defender activities log showing, the logon with "!" is the one I am interested and want to focus on. Any clue?

JasonLuk_0-1655344646676.png

 

 

BRs,

Jason Luk

0 Likes
Reply