Identity protection: users at risk detected alerts

Copper Contributor


after the new version of Identity Protection email alert configuration GUI I can't understand how it works (and the documentation is not updated and unclear).


The confiuguration page gives this advice:

"Users in the Global administrator, Security administrator, or Security reader roles are automatically added to this list. We attempt to send emails to the first 20 members of each role. If a user is enrolled in PIM to elevate to one of these roles on demand then they will only receive emails if they are elevated at the time the email is sent."


But what I can see in my customer's tenants are a bit different:

  • One shows a partial list of GA and I can disable the ones I don't want to send alerts. 
  • Another one is empty (but they have a lot of GA) and only a few receive alerts.


according to which criteria are the emails sent? to the first 20 of each role in what order?


Can someone help me to better understand this behaviour?

Thanks in advance


1 Reply

@Michele D'Angelantonio Hello, in this case I would like to suggest that you open up a "GitHub" as it has to do with the docs. Look at the bottom of the page you linked and click on "This page" to submit an issue.