How to resolve the fired alerts for break-glass accounts?

RIVA-IT for Xperal 1 Reputation point
2022-11-18T13:01:59.417+00:00

Hi,

We did create alerts for our break-glass account. Only we got the problem that we cannot resolve the fired alerts. They keep going until we resolve them, but I cannot delete the sign in of that user and I cannot click resolve in the alert. I can close the alert, but that does nothing.
the Evaulau
I followed this documentation: https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access << Only I don't have Evaluated based on option. I am using P1 as a license.

Thanks in advanced.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Mennel 76 Reputation points
    2022-11-18T13:37:28.41+00:00

    Hi,

    as you correctly noticed, the UI of the alert creation got updated and does no longer align with the one presented on the screenshot. The Evaluated based on section has now moved under the Advanced drop down field - you can open it and configure it right there.

    Please make sure, that the frequency of evaluation is less than or equal to the evaluation period (open the advanced setting for this). Setting those to numbers to be equal should fit in your case.

    Regards,
    Andy

  2. JamesTran-MSFT 36,366 Reputation points Microsoft Employee
    2022-11-18T23:07:01.817+00:00

    @RIVA-IT for Xperal
    Thank you for your post!

    I understand that you followed our Manage emergency access accounts in Azure AD documentation and Created an alert rule but aren't able to resolve these alerts. When it comes to resolving the alert that you created, you should be able to use the Automatically resolve alerts feature within the Alert Rule.

    • In the Azure Portal, search for and select Alerts
    • From the top command bar, select Alert Rules.
    • Open the Alert Rule you want to edit.
    • Scroll down to Alert rule details and select Automatically resolve alerts.

    261999-image.png
    For more info - Manage alert rules in the Azure portal

    I hope this helps!

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.