Share via

Riskysign-ins from weekly digest won't show up in the Entra admin center

Helge 45 Reputation points
2025-01-28T16:30:22.1833333+00:00

Once in a while we get risky sign-ins reported in the Entra ID Protection weekly digest:

User's image

But in the Entra ID admin centre there is only one risky sign-in which moreover happened after I received the weekly digest. I just filtered for all risk states and sign-in types, nothing more.

User's image

Where can I find details on these 4 reported risky sign-ins?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 47,420 Reputation points Microsoft External Staff Moderator
    2025-02-03T19:14:36.6+00:00

    Hello @Helge,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, I understand that you received a Microsoft Entra ID Protection Weekly Digest email reporting four new risky sign-ins detected in real time. However, when reviewing the portal within the specified time frame, you did not find any corresponding risky sign-in details.

    This is a known issue. The real-time data displayed in the portal is dynamically calculated, meaning the numbers in the weekly digest may not exactly match what you see in the portal at a later time. The real-time detection process analyzes signals directly from the request pipeline, while the weekly digest numbers are derived from raw signals rather than aggregated data.

    Additionally, if any sign-ins were incorrectly flagged as risky (false positives), Microsoft's machine learning algorithms may have automatically remediated or dismissed them. As a result, these sign-ins would no longer appear in the portal.

    That's why you'll observe such differences when compares with weekly email and Azure Portal data.

    Tagging @Vasil Michev for visibility.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Was this answer helpful?

    2 people found this answer helpful.
  2. Alfred Deisinger 0 Reputation points
    2026-03-09T20:07:13.96+00:00

    I had 43 risky sign-ins show up in the report and 0 on the page. I opened a ticket with Microsoft. The very polite technician undertstood that 43 doesn't = 0. I explained to him that there should be a balance of events. That the details should show what happend even if they were false positives and resolved or dismissed. I explained to him that this is not what Microsoft's customers expect in a report. I explained to him that it is impossible to explain to directors and presidents that Microsoft math is not the same as everyone else. I explained to him that if the finance department worked this way the government would close them down. I explained that we need the accounting of the events, otherwise the report is untrustworthy. He explained to me that Microsoft insists that this is the way it works and just take it. I bent over.

    I sent an e-mail to managment and technicians explaining that the report was not worth the bytes it was written in and why, and if they wanted different reporting, they would have to pay up for purview or other pay-for-reporting. They were not happy either.

    I am here to say, if you want change, open tickets, give feedback, spend the time and tell Microsoft that this is wrong. That numbers in reports need to be accounted for.

    Was this answer helpful?

    0 comments
  3. Vasil Michev 126.5K Reputation points MVP Volunteer Moderator
    2025-01-28T17:21:46.9266667+00:00

    Yeah I got the same "surprise" earlier today... looks like a whoopsie on Microsoft side. But let's see what others say, just in case.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.