Forum Discussion
Azure Active Directory - Identity Protection
Where can I find documentation on Azure Active Directory - Identity Protection - like once an end user is in the high risk users report, what do I do with this data?
There is the following options:
Reset password
Confirm user compromised
Dismiss user risk
block user
Investigate with Azure ATP
I cannot find anywhere what or which one we should do for each. Is there any blogs describing this part of the portal?
I guess I am looking at what an admin should do with these accounts when they show up in this portal
Hi Eric Sabo,
Have you reviewed the documentation on Microsoft Docs?
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
You'll find some guidance on using the various remediation options in the "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock" section. The choice of "what" to do is nearly always going to be subjective based on the nature / context of the alert.
Do you have specific examples you are looking for guidance on?
Kelvin
2 Replies
Hi Eric Sabo,
Have you reviewed the documentation on Microsoft Docs?
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
You'll find some guidance on using the various remediation options in the "https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock" section. The choice of "what" to do is nearly always going to be subjective based on the nature / context of the alert.
Do you have specific examples you are looking for guidance on?
Kelvin
