Unfamiliar sign in properties

Best, Damani J 41 Reputation points
2023-10-20T13:45:20.7566667+00:00

One of the accounts that I have created in a new tenant does not seem to pass the conditional access policy. The account is flagged as a risky sign-in and is being blocked by the policy.

I don't want to add an exception for this user and the additional information provided is so generic.

Where can I get more detail on the exact element that triggered the detection and remediate the issue?

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
706 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,064 questions
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,631 Reputation points Microsoft Employee
    2023-10-20T17:35:34.3033333+00:00

    @Best, Damani J

    Thank you for your post and I'll do my best to help point you in the right direction!

    To see more details on why the user you created within another tenant, is being blocked by your CA policy, you should be able to look into the Risky users report within Identity Protection. This report provides information about each risk detection, including the type of detection, the sign-in attempt location, and other risks. For more info. After reviewing your user's Risk report, you can reference the Risk types and detection documentation to learn more any specific detection that was found.

    If the Risky users report doesn't contain the information you're looking for in regard to the actual blocked sign-in, you can also review your sign-in logs. For more info - Troubleshooting sign-in problems with Conditional Access.

    To find out which Conditional Access policy / policies applied and why:

    1. Navigate to Microsoft Entra ID > Sign-in logs.
    2. Search and Filter for the appropriate login
    3. Select the ellipsis on the right side of the policy in a sign-in event. This'll bring up the policy details, which will give admins additional information about why a policy was successfully or not.

    User's image


    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.