Azure / Office 365 - risky logins automatic email report

Copper Contributor

Hey all,

 

Question for you, is it possible to create automatic trigger emails when a risky login trigger is attempted of when a user in Azure goes from low to medium or to high.

These trigger notifications would go to a global admin, as well as triggering remediation actions?

 

Thanks in advance,

Calv

1 Reply

Kind of, certainly for the remediation part but it's not built into Office 365 and requires extra licencing, for Azure AD Premium.  Not sure if the add-ons (Advanced Security Management etc.) that come with the E5 licence can also help in this regards as well. 

 

Anyway, with Azure Active Directory Identity Protection, you can define policies to mitigate suspected compromised accounts or for risky sign-ins, this page gives more of a clue what this can look like -  Sign-in experiences with Azure AD Identity Protection and the different outcomes.  This functionality requires Azure AD Premium P2 add-on or Enterprise Mobility + Security E5.

 

Check out some of these Ignite presentations, for more of an overview.