How to reduce risky users and risky sign-in

Copper Contributor

I hold an EMS E3 license, which includes only Azure AD P1. I am currently monitoring a high volume of risky user reports. Additionally, I have been examining users meeting the following conditions:

  • Sign-in Status: Success
  • Conditional Access: Not applied
  • Authentication: Single factor

My question is, is this the correct approach to identify unfamiliar features?

Furthermore, I'm seeking ways to reduce the frequency of risky user alerts with the existing license, considering that MFA is already enabled for users. Aside from password reset, what measures can I take to mitigate risky user scenarios?

1 Reply