Investigating which component is deemed risky by the Azure security portal?

EnterpriseArchitect 5,406

How to investigate and determine which component caused the alert from the https://portal.azure.com/#view/Microsoft_AAD_IAM/SecurityMenuBlade/~/RiskyServicePrincipals page? I want to know what needs to be fixed here.

JamesTran-MSFT 36,636 Reputation points Microsoft Employee

2024-02-01T21:34:20.3433333+00:00

@EnterpriseArchitect
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Accepted answer

Harpreet Singh Matharoo 8,136 Reputation points Microsoft Employee

2024-01-23T08:59:51.98+00:00

Hello @EnterpriseArchitect
Thank you for reaching out to Microsoft Azure QnA platform. You can review following documentation link to understand more on how to investigate and remediate risky Service Principals / workload identities: https://learn.microsoft.com/en-us/entra/id-protection/concept-workload-identity-risk#investigate-risky-workload-identities and https://learn.microsoft.com/en-us/entra/architecture/security-operations-applications.

I hope this answer helps to resolve your issue. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

1 person found this answer helpful.
EnterpriseArchitect 5,406 Reputation points

2024-02-02T04:17:40.0933333+00:00

Thank you @Harpreet Singh Matharoo for the confirmation.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

0 additional answers

Your answer