SOLVED

Azure AD identnty protection User and sign-in policy

%3CLINGO-SUB%20id%3D%22lingo-sub-882298%22%20slang%3D%22en-US%22%3EAzure%20AD%20identnty%20protection%20User%20and%20sign-in%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882298%22%20slang%3D%22en-US%22%3E%3CP%3EGreetings%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20per%20Microsoft%20article%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Fhowto-close-active-risk-events%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Fhowto-close-active-risk-events%3C%2FA%3E%3C%2FFONT%3E%20%2C%20there%20is%20an%20option%20mentioned%20to%20change%20password%20on%20the%20controls%20for%20user%20risk%20policy.%20But%20this%20control%20isn't%20appear%20to%20me.%20What%20is%20can%20see%20only%20allow%20access%20with%20MFA%20or%20Block%20access.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20second%20question%3A%20What%20is%20the%20difference%20between%20user%20risk%20policy%20and%20sign-in%20risk%20policy%3F%20i%20see%20both%20policies%20have%20the%20same%20options.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKhaled%20El%20Gazzar%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-882298%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882935%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20identnty%20protection%20User%20and%20sign-in%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882935%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20explained%20in%20the%20document%20you%20linked%20to.%20Think%20of%20the%20sign-in%20policy%20as%20real-time%20detection%20based%20on%20the%20parameters%20of%20the%20current%20login%20attempt%2C%20and%20the%20risk%20policy%20as%20adding%20on%20top%20of%20that%2C%20with%20other%20signals.%20The%20change%20password%20control%20is%20only%20available%20for%20the%20risk%20policy.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-885130%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20identnty%20protection%20User%20and%20sign-in%20policy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-885130%22%20slang%3D%22en-US%22%3EMany%20thanks%20Vasil%20for%20clarification.%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Greetings,

 

As per Microsoft article https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-close-active-risk-... , there is an option mentioned to change password on the controls for user risk policy. But this control isn't appear to me. What is can see only allow access with MFA or Block access.

 

My second question: What is the difference between user risk policy and sign-in risk policy? i see both policies have the same options.

 

Regards,

 

Khaled El Gazzar

2 Replies
Highlighted
Best Response confirmed by Khaled Elgazzar (Occasional Contributor)
Solution

It's explained in the document you linked to. Think of the sign-in policy as real-time detection based on the parameters of the current login attempt, and the risk policy as adding on top of that, with other signals. The change password control is only available for the risk policy.

Highlighted
Many thanks Vasil for clarification.

Regards,