Got the same error message, problem was cached data. The policy appeared as disabled, while it actually was already enabled. Noticed this when I logged in from privacy browser session.
Cannot save sign-in risk policy
I'm trying to enforce an automatic block on a user sign-in risk detection.
Under Home-Security-Identity Protection. I was able to enable enforcement of the User Risk Policy, but when I try to enable enforcement of the Sign-in risk policy I get an error saying "Unable to save Azure AD sign-in risk policy"
No other details are provided in the error message.
6 answers
Sort by: Most helpful
-
-
Marilee Turscak-MSFT 36,811 Reputation points Microsoft Employee
2021-05-28T22:51:57.577+00:00 Hi @MarcoGateoCh-5186,
Thank you for your post! Please ensure that you are using an account that is either a global administrator, security administrator, or Conditional Access administrator.
You also need an Azure AD Premium P2 license to apply the policies, as noted here: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
If you are still having this issue after meeting those prerequisites, please share the screenshot of the error and I will help troubleshoot.
-
Wu, Alan 1 Reputation point
2021-07-29T18:31:23.59+00:00 We have Azure AD P2 license and I logged in as a global administrator and still I got error while trying to enable and save the Sign-in Risk policy and User Risk Policy.
Any idea? -
Anonymous
2021-08-23T20:02:23.017+00:00 I just experienced the same difficulty despite having the two requirements : Global Admin and P2 license. Any thoughts?
-
Anonymous
2021-08-23T20:11:27.76+00:00 Ah! Found the solution. It seems you can't activate the sign in risk policy more than once, using different log in credentials from different domains. I just logged in with my second log in credentials (from one domain) with P2 license and Global Admin, disabled user sign in policy using those and then swapped back in with the log in credentials I had problems with(from another domain) and viola, I was able to save the user sign in risk policy.