How to analyse the risk remediation through the risk-based conditional access policy?

LocTsobdjouDongmo-3240 20 Reputation points
2023-02-13T16:34:00.98+00:00

Hi,

Let's consider the following scenario.

I have implemented a risk-based conditional access policy in my organization that requires a secure password change when the user's risk is high. A high risk user corrects his risk by performing the secure password change. However, fraudulent access attempts to this user's account have not disappeared.

How does Azure AD Identiy Protection handle these fraudulent access attempts to the user's account after the risk is corrected?

Can this user become risky again? If so, how long after the fix?

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,266 questions
{count} votes

Accepted answer
  1. Andy David - MVP 147.4K Reputation points MVP
    2023-03-13T15:36:34.9166667+00:00

    Hi, the same logic will still apply. Changing the password mitigates the current risk, but any further attempts will still go through the Azure risk logic. Hopefully you are also using multi factor auth and blocking basic auth in Azure as well.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 147.4K Reputation points MVP
    2023-02-13T16:40:18.28+00:00

    Hi there, really depends on the risk and if it will trigger a high risk or not.

    In theory, the AI should learn once the user remediates the issue and not trigger again on the same risk

    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

    User's image


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.