![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 7.000000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,563 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Hi @BEBS Admin
I hope @Jose Benjamin Solis Nolasco information was helpful. In addition,
A risk detection with risk level High signifies that Microsoft is highly confident that the account is compromised.
Some detections, like Leaked Credentials and Verified Threat Actor IP are always delivered as high risk.
- Review the ID Protection dashboard to visualize number of attacks, number of high-risk users and other important metrics based on detections in your environment.
- Review the Impact analysis workbook to understand the scenarios where risk is evident in your environment and risk-based access policies should be enabled to manage high-risk users and sign-ins.
Recommended action: Set up risk-based Conditional Access policies to require password reset, perform MFA, or block access for all high-risk sign-ins.
You can allow users to self-remediate their sign-in risks and user risks by setting up risk-based policies. If users pass the required access control, such as multifactor authentication or secure password change, then their risks are automatically remediated. The corresponding risk detections, risky sign-ins, and risky users are reported with the risk state Remediated instead of At risk.
Administrators can remediate using the following options:
- Set up risk-based policies to allow users to self-remediate their risks.
- Manually reset their password.
- Dismiss their user risk.
Remediate in Microsoft Defender for Identity.
Follow the document for more information: https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-remediate-unblock
Hope this helps. Do let us know if you have any further queries.
If this answers your query, do click `Accept Answer` and `Yes`