Can we exclude Remediated Risk state alerts in Identity Protection

Pallavi Kattepura Laxminarayan 0 Reputation points

We have Risk state as Remediated in the Sign in log tables.
Can those alerts be excluded or should we monitor and investigate them under certain conditions with Authorization details etc.

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
166 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,063 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 16,921 Reputation points Microsoft Employee

    @Pallavi Kattepura Laxminarayan

    Thank you for posting your query on Microsoft Q&A. From the above description I could understand that you are looking for clarity on if you could ignore risk alerts with status Remediated (risk detection).

    My answer to that would be "Yes". A risk detection status set automatically by Identity Protection, indicating that the risk detection was remediated using the standard remediation action for this type of risk detection. For example, when the user password is reset, many risk detections that indicate that the previous password was compromised are automatically remediated.

    Please do let me know if you have any further queries.


    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments No comments