Share via

Automated Reporting for Risky Users and Sign-ins in Entra ID P2

Magda Wallace 20 Reputation points
2025-04-17T08:05:40.31+00:00

We've recently signed up for the trial of Microsoft Entra ID P2 and are exploring its capabilities around identity protection and risk-based reporting. I'm looking for some guidance on how to set up automated reporting—specifically for detecting and alerting on risky users and risky sign-in activities. Ideally, I'd like to configure this so that an email is automatically sent to a designated address whenever such risky activities are detected within Entra. Could you advise if this is possible natively within Entra, or if it requires additional configuration through tools? Any documentation or tips you can share would be greatly appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator
    2025-04-17T12:40:03.6466667+00:00

    Hello @Magda Wallace ,

    I Understand that you signed up for the trial of Microsoft Entra ID P2 and are exploring its capabilities around identity protection and risk-based reporting.

    You can set up automated reporting for risky users and risky sign-ins in Microsoft Entra ID P2 through the built-in notification features. Specifically, you can configure two types of automated emails:

    1. Users at risk detected email: This email can be triggered when a user risk level that you set (default is "High") is detected. You can configure the recipients of this email in the Microsoft Entra admin center under Protection > Identity Protection > Users at risk detected alerts
      User's image
    2. Weekly digest email: This email provides a summary of new risk detections, including new risky users and risky sign-ins. You can enable or disable this feature and select the users who will receive it in the Microsoft Entra admin center under Protection > Identity Protection > Weekly digest.
      User's image

    Both of the above features allow you to automate the reporting of risky activities without requiring additional tools.

    User's image

    For additional Information you can follow the document: https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-notifications

    Hope the Information Helps. Let us know if you have any additional queries. Happy to assist you further.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.