Email alerts for successful sign-in risky users

J-3804 1,516 Reputation points

Hi team,

Could you please send me steps on how to configure email alerts for successful sign-in risky users?

Thank you for your help

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 34,546 Reputation points Microsoft Employee

    While there isn't anything built in just for risky sign-ins alone, you can set up either alerts based on user risk levels or alerts that come in a weekly digest email (which include risky sign-ins). To configure alerts based on user risk levels, you can go to Azure Active Directory > Security > Identity Protection > Users at risk detected alerts. These will be triggered based on the risk level, which is set to "high" by default.


    Note that you do need a P2 Premium license to use this feature.

    You can also set up weekly digest emails. These emails include the following:

    New risky users detected
    New risky sign-ins detected (in real time)
    Links to the related reports in Identity Protection

    You can do this under Azure Active Directory > Security > Identity Protection > Weekly digest.

    There is also this sample powershell script you can run for identifying risky users and eliminating false positives:

    Let me know if this helps.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. J-3804 1,516 Reputation points

    Thank you Marilee

    1 person found this answer helpful.

  2. Dvv 0 Reputation points

    question: does the IT admin (the one receiving the notifications) need to have the P2 license or the users?