Cannot save sign-in risk policy

Marco Gateño Ch 1 Reputation point
2021-05-28T14:18:17.687+00:00

I'm trying to enforce an automatic block on a user sign-in risk detection.

Under Home-Security-Identity Protection. I was able to enable enforcement of the User Risk Policy, but when I try to enable enforcement of the Sign-in risk policy I get an error saying "Unable to save Azure AD sign-in risk policy"

No other details are provided in the error message.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,293 questions
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Juha Palomäki 6 Reputation points
    2021-09-03T13:18:24.717+00:00

    Got the same error message, problem was cached data. The policy appeared as disabled, while it actually was already enabled. Noticed this when I logged in from privacy browser session.

    1 person found this answer helpful.

  2. Marilee Turscak-MSFT 36,811 Reputation points Microsoft Employee
    2021-05-28T22:51:57.577+00:00

    Hi @MarcoGateoCh-5186,

    Thank you for your post! Please ensure that you are using an account that is either a global administrator, security administrator, or Conditional Access administrator.

    You also need an Azure AD Premium P2 license to apply the policies, as noted here: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

    If you are still having this issue after meeting those prerequisites, please share the screenshot of the error and I will help troubleshoot.

    0 comments No comments

  3. Wu, Alan 1 Reputation point
    2021-07-29T18:31:23.59+00:00

    We have Azure AD P2 license and I logged in as a global administrator and still I got error while trying to enable and save the Sign-in Risk policy and User Risk Policy.
    Any idea?

    0 comments No comments

  4. Anonymous
    2021-08-23T20:02:23.017+00:00

    I just experienced the same difficulty despite having the two requirements : Global Admin and P2 license. Any thoughts?

    0 comments No comments

  5. Anonymous
    2021-08-23T20:11:27.76+00:00

    Ah! Found the solution. It seems you can't activate the sign in risk policy more than once, using different log in credentials from different domains. I just logged in with my second log in credentials (from one domain) with P2 license and Global Admin, disabled user sign in policy using those and then swapped back in with the log in credentials I had problems with(from another domain) and viola, I was able to save the user sign in risk policy.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.