Dec 13 2019
- last edited on
Jan 14 2022
Where can I find documentation on Azure Active Directory - Identity Protection - like once an end user is in the high risk users report, what do I do with this data?
There is the following options:
Confirm user compromised
Dismiss user risk
Investigate with Azure ATP
I cannot find anywhere what or which one we should do for each. Is there any blogs describing this part of the portal?
I guess I am looking at what an admin should do with these accounts when they show up in this portal
Dec 13 2019 06:59 AMSolution
Hi @Eric Sabo,
Have you reviewed the documentation on Microsoft Docs?
You'll find some guidance on using the various remediation options in the "Remediate Risks and Unblock Users" section. The choice of "what" to do is nearly always going to be subjective based on the nature / context of the alert.
Do you have specific examples you are looking for guidance on?