Azure AD Identity protection "Suspicious Browser Type" alert generation

James Talley 1 Reputation point
2022-07-18T14:43:50.183+00:00

I have been conducting research on various alert generation tactics used by Microsoft 365. I have been unsuccessful in finding any official documentation on the process in which The alerts data is gathered, or on how the alert is actually generated. I am trying to uncover any documentation that can help explain the process in which the information for "suspicious browser type" is gathered, and the process that creates and notifies the alert for "suspicious browser type".

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-07-19T00:23:29.117+00:00

    Hi @James Talley ,

    Thanks for your post!

    As documented in the Identity Protection guide, suspicious browser detection indicates anomalous behavior based on suspicious sign-in activity across multiple tenants from different countries in the same browser.

    This is a relatively new detection that was released about a year ago.

    What is the "Suspicious Browser" risk detection?

    • This is a premium offline sign-in risk detection
    • This detection flags sign-ins from browsers that are showing anomalous behavior, including sign-ins from multiple users and tenants, and from different IP addresses.
    • Like other sign-in risk detection, this too will contribute to user risk, which will be remediable through Conditional Access grant control "password change" remediation.

    Let me know if this helps. If you are looking for more details around this, please let me know the specific data you are looking for and I will help provide that.

    -

    If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

    1 person found this answer helpful.

  2. MZ 1 Reputation point
    2022-07-21T17:59:05.237+00:00

    This is a premium online sign in detection.
    Makes learning and teaching more meaningful and understandable.
    We are legally allowed to share the information related to the topic.
    I have been conducting research on various topics and found this browse quite helpful.

    0 comments No comments

  3. MZ 1 Reputation point
    2022-07-21T17:59:37.523+00:00

    This is a premium online sign in detection.
    Makes learning and teaching more meaningful and understandable.
    We are legally allowed to share the information related to the topic.
    I have been conducting research on various topics and found this browse quite helpful.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.