Hi, the same logic will still apply. Changing the password mitigates the current risk, but any further attempts will still go through the Azure risk logic. Hopefully you are also using multi factor auth and blocking basic auth in Azure as well.
How to analyse the risk remediation through the risk-based conditional access policy?
Hi,
Let's consider the following scenario.
I have implemented a risk-based conditional access policy in my organization that requires a secure password change when the user's risk is high. A high risk user corrects his risk by performing the secure password change. However, fraudulent access attempts to this user's account have not disappeared.
How does Azure AD Identiy Protection handle these fraudulent access attempts to the user's account after the risk is corrected?
Can this user become risky again? If so, how long after the fix?
Thank you.
1 additional answer
Sort by: Most helpful
-
Andy David - MVP 147.4K Reputation points MVP
2023-02-13T16:40:18.28+00:00 Hi there, really depends on the risk and if it will trigger a high risk or not.
In theory, the AI should learn once the user remediates the issue and not trigger again on the same risk