![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 51%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
2,537 questions
Hi @ネパリ サンデャ , to get both the risky users and risky sign-in reports by user risk detected email from Azure Portal, you can use Azure AD Identity Protection. You can search for a specific user by their email address and view their risky users and risky sign-in reports. However, if a user has been deleted, their risk history may not be available in Identity Protection. In this case, you may need to refer to your organization's audit logs or other security monitoring tools to investigate any suspicious activity related to the deleted user.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James