Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Report suspicious activity (Preview)

MVP

Allows users to report suspicious activities if they receive an authentication request that they did not initiate. This control is available when using the Microsoft Authenticator app and voice calls. Reporting suspicious activity will set the user's risk to high. If the user is subject to risk-based Conditional Access policies, they may be blocked.

 

Capture.PNG

6 Replies
Hi , While the configuration piece is clear, the reporting side is unclear . how will the users be able to notify through authenticator app or voice call ? is there any specific version of authenticator app that has this settings available to view ? I am currently on authenticator app version 6.7.5 which is updated 3 weeks back. Havent seen any such options on the app .
When an unknown and suspicious MFA prompt is received, users can report the fraud attempt by using Microsoft Authenticator or through their phone

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#report...
Hi, In addition to this, Microsoft recently announced the new enhancements on reporting suspicious emails. Now, users can report phish or junk emails from any mailbox, irrespective of their type. It's a great news for security admins and cybersecurity experts to improve security in M365 environments. Know more about the new enhancements and how it will be useful in the below blog.
https://blog.admindroid.com/reporting-suspicious-messages-in-m365-shared-and-delegated-mailboxes/

@eliekarkafy Please can you confirm what Reporting Code refers to? It's not mentioned on the guidance article.

@Anthony Cotton Hi, there is no explanation till now for the reporting code usage in any MS documentation. I used to change the reporting code during my initial testing for that feature and couldn't notice any changes on the level of the user experience or in the user detection logs on Azure. 

it might be a parameter for the feature, or it might be something for future use. 

Can anyone please share a screenshot of what the users see when they can report suspicious activity?