Inquire about Microsoft Entra ID Protection and Security | Risky users, as they display different results. Which aspect should we focus on?

Koonnamchok Klongkaew 140 Reputation points
2023-10-31T03:14:40.3366667+00:00

Inquire about Microsoft Entra ID Protection and Security | Risky users, as they display different results. Which aspect should we focus on?

For example, in Microsoft Entra ID Protection, there is a "Risk state" category where you can see the status of remediated incidents, whereas in "Security | Risky users," this feature is not available.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,809 questions
0 comments No comments
{count} votes

Accepted answer
  1. Akhilesh 9,845 Reputation points Microsoft Vendor
    2023-10-31T17:31:46.3533333+00:00

    Hi @Koonnamchok Klongkaew

    Thank you for reaching us!

    I understand your query, that you are referring difference between the "Risk state" category in Microsoft Entra ID Protection and Security | Risky users.

    Microsoft Entra ID Protection is a cloud-based identity and access management service that provides security features to protect user identities and access to resources.
    The "Risk state category" is designed to categorize and provide information about the status of identified risks. It helps organizations track and manage the remediation of the risks effectively.

    The "Risk state" category in Microsoft Entra ID is there to give you information about the current situation of risks that have been identified. It helps you understand if a risk has been fixed, is still a problem that needs attention, or if it has been determined to be a false alarm. This feature helps to keep track of reducing the risks.

    The "Security | Risky users" section doesn't offer in-depth information about specific risks, instead, it provides a high-level overview of all users who are considered to be at risk, this includes information about risky sign-ins risk level, risk state, and risk detections for each user and perform actions such as verifying compromised users, clearing user risk, or changing user passwords.

    The goal is here to identify which users are at risk, rather than tracking the status of individual risks.

    When comparing Microsoft Entra ID Protection and Security | Risky users, it's important to focus on the specific requirements and objectives, that are relevant to your needs.

    If you are looking to track the progress of risk remediation efforts, then the “Risk state” category in Microsoft Entra ID Protection would be useful.

    If you want to identify which users are at risk, then the “Security | Risky users” section would be useful.

    Reference: https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection

    https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-remediate-unblock

    https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk

    https://learn.microsoft.com/en-us/entra/id-protection

    Thanks,
    Akhilesh

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.