Email alerts for successful sign-in risky users

J-3804 1,516 Reputation points
2021-08-17T20:19:38.843+00:00

Hi team,

Could you please send me steps on how to configure email alerts for successful sign-in risky users?

Thank you for your help

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 34,546 Reputation points Microsoft Employee
    2021-08-17T23:01:45.23+00:00

    While there isn't anything built in just for risky sign-ins alone, you can set up either alerts based on user risk levels or alerts that come in a weekly digest email (which include risky sign-ins). To configure alerts based on user risk levels, you can go to Azure Active Directory > Security > Identity Protection > Users at risk detected alerts. These will be triggered based on the risk level, which is set to "high" by default.

    124072-image.png

    Note that you do need a P2 Premium license to use this feature.

    You can also set up weekly digest emails. These emails include the following:

    New risky users detected
    New risky sign-ins detected (in real time)
    Links to the related reports in Identity Protection

    You can do this under Azure Active Directory > Security > Identity Protection > Weekly digest.

    https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-notifications

    There is also this sample powershell script you can run for identifying risky users and eliminating false positives: https://github.com/AzureAD/IdentityProtectionTools

    Let me know if this helps.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. J-3804 1,516 Reputation points
    2021-08-18T17:03:24.577+00:00

    Thank you Marilee

    1 person found this answer helpful.

  2. Dvv 0 Reputation points
    2023-05-19T10:44:35.87+00:00

    question: does the IT admin (the one receiving the notifications) need to have the P2 license or the users?