cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disabled Users in Azure AD / Blocked User in Office 365 / Risky SignIn Blocked

StephanGee
Steel Contributor

‎May 29 2020 09:41 AM - last edited on ‎Jul 24 2020 01:05 AM by

‎May 29 2020 09:41 AM - last edited on ‎Jul 24 2020 01:05 AM by

Disabled Users in Azure AD / Blocked User in Office 365 / Risky SignIn Blocked

Hi,

 

today a colleague clicked a phishing mail and entered his mail and password. After seconds there was a login from Belize which was blocked due to our Conditional Access Rules.

 

But i decided to block the user directly from the risky sign in page until the user changed his password. We have AD Connect PHS in place so the block was reverted after the next sync cycle.

But the user still cannot login.

I also enabled and disabled the account in Azure AD portal. But after an hour - the user still cannot log in.

 

How can i fix this?

 

Best regards

Stephan

Labels:
20.5K Views
0 Likes
2 Replies
Reply
2 Replies
ChristianBergstrom

‎May 29 2020 11:00 AM

‎May 29 2020 11:00 AM

Re: Disabled Users in Azure AD / Blocked User in Office 365 / Risky SignIn Blocked

@StephanGee Hello Stephan, did you ever press 'Confirm sign-in(s) safe' in Identity Protection under Risky sign-ins? I'm attaching a couple of links in case you haven't seen these.

 

Remediate risks and unblock users

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

 

How should I give risk feedback and what happens under the hood?

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

 

Let me know how it goes!

0 Likes
Reply
StephanGee

‎May 29 2020 11:32 AM

‎May 29 2020 11:32 AM

Re: Disabled Users in Azure AD / Blocked User in Office 365 / Risky SignIn Blocked

@ChristianBergstrom 

I just let the user change his password and then unblocked the account.

Did not know that i have to set the user to safe again. I thought that this was just for the books and had no more influence.

I think the colleague will check tomorrow again. Last try to login was about an hour ago.

0 Likes
Reply